[5.12.0] - 2025-11-19
๐ Features
- Azure byok UI (#597)
- Upgrade Findex from v5 to v8 (#542)
- (redis): Created a new data storage schema for Redis, using a double-index instead of the "next Keyword".
- (redis): Developed a migration algorithm to update data under KMSes prior to 5.12.x.
- (redis): Introduction of strong typing for UserId and ObjectUid to reduce string manipulation errors, and created new types inspired from legacy cloudproof components.
- Used new crypto core serializations for storage (when applicable)
๐ Bug Fixes
- Automatic key unwrapping depending on ObjectType (#600):
- Automatically unwrap keys (that are wrapped) when retrieving keys from database. It can be useful when server is configured with a Key Encryption Key that wraps all new keys. The unwrapped keys stay temporarily in expiring cache.
- This feature is combined to the parameter default_unwrap_type that filters the ObjectType to unwrap.
- Possible filters in server configuration are: All, Certificate, CertificateRequest, OpaqueObject, PGPKey, PrivateKey, PublicKey, SecretData, SplitKey, SymmetricKey
๐ Documentation
- Rework all the databases migration and represent more easy to read schemas (#542)
- Document migration flows
- Update KMS configuration TOML file with parameter
default_unwrap_type.
โ๏ธ Build
- (deps-dev): bump js-yaml from 4.1.0 to 4.1.1 in /ui in the npm_and_yarn group across 1 directory
๐งช Testing
- (redis): Add two integration tests that migrate from version 5.1.0 and 5.2.0 to (#542)
โ๏ธ Miscellaneous Tasks
- Refactored migration traits between the SQL databases and the Redis one (while possible)
- Deleted a lot of dead code
- Marked the Label parameter as deprecated.
- Updated the
aes_gcm_siv_not_opensslfunctions to avoid using deprecated dependencies.
โ ๏ธ WARNING
Redis users: Starting version 5.12.0, the KMS will start operating with a new version of Findex (the SSE used with the Redis DB), and a data migration is necessary :
๐จ IMPORTANT: Back up your Redis database before upgrading to version 5.12.0. ๐จ
- If you're upgrading from a version prior to 5.0.0 : Please export your keys using standard formats (PKCS#8, PEM, etc.) and re-import them after clearing the redis store. Databases created with version 4.x.x are not compatible with the automated migration routine and won't start if the
db_versionkey is unset. - If you're upgrading from a 5.x DB : A transparent migration process will occur and should typically take less than a minute.