Skip to main content


Discover the new features, logic changes, bug fixes, breaking changes, and known issues and limitations in Piiano Vault release v1.3.0.

New features

  • Vault and the CLI are now available as standalone binaries. See the vault-releases repository for the latest releases. More information about installing the CLI as a standalone binary is available in the CLI reference.
  • The tokenize REST API operation now supports a transaction_id query parameter. If a transaction ID is included, the token is associated with the transaction ID. See Tokenize for more information.
  • A new REST API operation, get-by-transaction-id, was added. This operation enables you to retrieve the token ID associated with a transaction ID. See Get by transaction ID for more information.
  • The encrypt REST API operation and CLI command now support attaching tags, similar to the Tokenize operation.

New capabilities

  • IAM capabilities were added for Crypto operations: CapCryptoDecrypter, CapCryptoEncrypter, and CapCryptoHasher.

New installs include these capabilities in the IAM file loaded during startup. For existing installs, you must edit the IAM configuration manually and add these capabilities to the roles requiring them.

💡 The Admin role automatically includes all capabilities (including these new ones).

Logic changes

  • Vault now checks for a minimum version of the database.
  • Clearer message logs are provided when initializing and migrating the database.
  • Improved audit logging for the encrypt and decrypt REST API operations.

Bug fixes

  • Fixed a bug that caused decrypt to fail when filtering on a property with different casing.