Skip to main content


Discover the new features, logic changes, bug fixes, breaking changes, and known issues and limitations in Piiano Vault release v1.4.0.

New features

  • delete token REST API operation now supports a tenant_id query parameter. It can be included as an extra filter to one of the existing query parameters (token_ids, object_ids, and tags). It ensures that only the tokens whose owner has the specified tenant_id will be deleted.
  • The CLI selftest command now supports execution on a Vault in a stateless mode.
  • Config logger now reports the current collections in PVSchema format in addition to the JSON format.
  • The JavaScript engine can be now optionally disabled using the new PVAULT_FEATURES_DISABLE_JAVASCRIPT environment variable.
  • Improved explanation of policy violations in logs.
  • The default IAM now includes new policies to allow and deny crypto operations.

Bug fixes

  • Normalize object ID to lowercase once providing it in add-object API.
  • Fix bug where fields of JSON type were expected to be handled in the API as serialized JSON strings instead of JSON objects.
  • Fix an issue where the CLI health command truncated errors.
  • Fix an issue where updating a collection returned only the updated properties.
  • Fix bug where listing objects using the same object ID multiple times returns an error.

Breaking changes

  • Update collection returns all properties in the collection, not just these that were updated.
  • The CLI now prints the message "Command completed successfully" as a log, to Stderr (instead of Stdout).
  • Minor OpenAPI changes - these change doesn't affect the REST API but might cause generated clients to be generated differently.
    • Some models were renamed.
    • uniqueItems: true is added to options query params.
  • Fields of JSON type are now expected to be sent and received in the API as JSON objects and not as serialized JSON strings.
  • Config logger report of the IAM is now nested in an object for a better collapsing in logs visualization tools.
  • Update collection API now returns the full updated collection and not just the updated properties.
  • The obsolete PVAULT_FEATURES_POLICY_ENFORCEMENT environment variable was removed.
  • The IAM is now loaded during startup, either from the user file when provided or from the default system provided file. It is not merged any more. Coming soon: an option to continue reloading the user provided IAM file even post initial system setup to support infrastructure as code.