Release Notes
DevOps Secrets Vault is regularly updated to provide improvements and introduce features.
As a Cloud application, DSV lacks version numbers; the current version serves all users because it is always the only version available.
The Command Line Interface (CLI) is locally installed using OS-specific executables. These bear version numbers to reflect updates.
- The version number will always be the same across the OS-specific editions of the CLI executable.
- You obtain these updated versions of the CLI executables by downloading them from DevOps Secrets Vault Downloads.
- The CLI itself will notify you when a new version is available for download.
- Generally, older versions of CLI executables will continue to work, but you will want to have the latest executables to benefit from fixes and obtain new features.
DSV Cloud Service: Change Log
| Update | Notes |
|---|---|
| August 2023 | CLI Release Notes |
| new feature: Added a Policy Editor to the UI. This separates the permission documents from the policy, allowing for more granular administration. | |
| fixed: Fixed an error when retrieving some dynamic secrets using an engine. | |
| June 2023 | CLI Release Notes |
| fixed: Reset the number of failed attempts for SIEM configuration if audit exporting was successful. | |
| fixed: Improved performance for tenants with no SIEM configurations by saving an empty result for tenant in local cache. | |
| fixed: Added a task to cleanup old engine messages. | |
| fixed: Set CORS headers even when returning 500 HTTP code. | |
| fixed: Generated audit logs on writing response header, instead of on writing response body. This enables audit logs for endpoints that do return an EMPTY response body. | |
| fixed: Added missing path/query parameters for a service principal search and deleted the API for the swagger specification. | |
| May 2023 | CLI Release Notes |
| new feature: The dsv-k8s-sidecar repo is now open source and simpler to use. https://github.com/DelineaXPM/dsv-k8s-sidecar. | |
| fixed: The bulk add of members to a group and a member to many groups is working in the UI. | |
| fixed: Resolved an issue migrating a CEF extension format from JSON to key-value pairs for new CEF SIEM endpoints. Old CEF endpoints will continue using JSON format. | |
| April 2023 | CLI Release Notes |
| new feature: Added support for Tilt to the dsv-k8s repo. With a single command, you can stand up an interactive session and see how to use DSV in k8s. | |
| fixed: Fixed a validation error on UI Break Glass page. | |
| fixed: The UI secret preview now indicates the correct user permissions. | |
| fixed: Fixed an issue that prevented policies to give access to a subset of groups, specifically “groups:<prefix.*>”. | |
| March 2023 | CLI Release Notes |
| new feature: The UI can show metadata for users without read permissions, but who have list permissions. | |
| fixed: A UI logout now successfully invalidates the session as well as discarding the token. | |
| February 2023 | CLI Release Notes |
| new feature: The UI now supports Break Glass configuration. | |
new feature: BYOK commands have been added to the CLI with dsv byok update.` |
|
|
improvement: The CLI supports the following new flags in the Rest API and CLI for searching and sorting.
improvement: Security updates now prevent hijacking of the UI in a frame. |
|
| improvement: Security updates now prevent hijacking of the UI in a frame. | |
| January 2023 | CLI Release Notes |
| new feature: The following installers have been added for all architectures: Homebrew, Aqua, PowerShell, Curl, Snap, and Scoop. | |
| improvement: All new development can now be added directly to GitHub, rather than using bulk changes. As a result, our workflows are now updated with additional internal tools, including GoReleaser. | |
| fixed: Fixed an issue where authentication providers and SIEM pages were not shown in the UI for some users. | |
| December 2022 | CLI Release Notes |
| improvement: Search functions have been ported to Rest from GraphQL. | |
| improvement: The character limit for policies has been increased from 2k to 8k. | |
| fixed: User members of groups that were delegated rights to create groups and roles were granted the rights in the CLI and API but denied those rights in the UI. Now, the delegated rights are now correctly recognized in the CLI, API, and UI. | |
| fixed: Fixed a bug that incorrectly required a data field when updating a secret in the UI. | |
| November 2022 | CLI Version: 1.39.0 |
| new feature: A new dsv-gitlab plugin is available. The plugin integrates into GitLab CI to retrieve secrets from DSV. | |
| improvement: An endpoint was added to view expired service principals and allow for manual deletion. | |
| improvement: Secrets are now masked in the Jenkins plugin logs. | |
| improvement: Context was added to a dialog that alerts the user when deleting a pool with engines attached. | |
| improvement: Updates have been made to the caching rules for sensitive UI pages. | |
| improvement: Users are prohibited from deleting a break glass secret. | |
| improvement: The API now deletes engines immediately, instead of allowing an optional force flag. | |
improvement: References to the root-ca-path and assumed-role flags have been removed from the CLI documentation. |
|
| improvement: In the CLI, usage is no longer printed for unknown flags. | |
| October 2022 | CLI Version: 1.38.0 |
| new feature: DSV supports Bring Your Own Key (BYOK) encryption key management. | |
| improvement: GitHub updates include access to the CLI and a GitHub action, dsv-github-action, to use Delinea DevOps Secrets Vault for retrieval of your secrets. | |
| new feature: The CLI supports creating a new profile using certificate authentication. | |
| September 2022 | CLI Version: 1.37.0 |
| new feature: The UI includes an Audit page that presents actions recorded for specific users and the date recorded. | |
| new feature: The UI includes a dashboard that presents total requests for an adjustable time interval. Total secrets across all vaults is also displayed on the dashboard. | |
| new feature: Authentication providers can be created and deleted from the UI. | |
| improvement: The default profile can now be changed in the CLI. | |
| improvement: Scriptable initialization for the CLI is available only for username/password or client credentials authentication. | |
| new feature: The Ansible core collection for Delinea DevOps Secrets Vault is now available. | |
| improvement: Added the AWS authentication method for Terraform. | |
| August 2022 | CLI Version: 1.36.0 |
| new feature: The UI now supports SIEM. The user can create and delete SIEM integrations from a selection available in Administration. | |
| new feature: At login, a Remember me on this device checkbox is added. When enabled, the default behavior for storing user credentials is maintained. Disable the checkbox and user credentials are not stored for subsequent logins. | |
| new feature: Added wizard support to add multiple Permission documents to a single Policy. | |
| new feature: Added wizard support for SIEM functions. | |
| fixed: Corrected an issue where during the init configuration, setting the store type to none caused and error. | |
| fixed: Resolved some inconsistencies with Role Name casing when creating or referencing a Role. | |
| July 2022 | CLI Version: 1.35.0 |
| new feature: Official binaries are available for Apple M1s for download at: https://dsv.secretsvaultcloud.com/downloads. | |
| new feature: Splunk is now supported for audit logging in SIEM integrations. | |
| new feature: Edits made to a secret are stored as versions, which can be rolled back and implemented as the current version of the secret. | |
| new feature: Added support for using Declarative syntax to call our Jenkins plugin from a pipeline. | |
| new feature: Cloud Authentication support is added to the Go SDK. | |
| new feature: Ansible Plugin now supports the EU domain and other top level domains. | |
| June 2022 | CLI Version: 1.34.0 |
| new feature: Policies can be viewed, created, and deleted in the UI. Basic policy functionality is supported, with future enhancements to come for full functionality and customization. | |
| new feature: Kubernetes side car is now supported on Microsoft Windows OS. | |
| new feature: Kubernetes webhook now supports dynamically updating secrets. | |
| May 2022 | CLI Version: 1.33.0 |
| new feature: The UI now supports the creation of secrets in Shared Vaults, as well as Home Vaults. | |
| new feature: The clients attached to a Role are viewable in the UI. Clients can also be created and deleted using new features in the UI. | |
| new feature: Engines and engine pools are now accessible through the UI. Engines and pools can be viewed, created and deleted in the updated UI. | |
improvement: CLI timeout is now manually configurable. If a user's CLI is idle for a predefined amount of time, a timeout is initiated. This is controlled by the refreshTokenTTLHours value in the config file, and can be set per tenant. |
|
| improvement: The creation of a SIEM endpoint inside the CLI is now supported. | |
| April 2022 | CLI Version: 1.32.0 |
| new feature: Added Dynamic Secret Support for MongoDB. When using a MangoDB dynamic secret, you can create and delete local users in a just-in-time manner in your database. | |
| improvement: The CLI wizard has been updated for improved user interaction. | |
| improvement: Searching inside the CLI is more consistent and convenient. Resources can be searched without using the search term. This improvement has been made for Secrets (Home Vault and Root), Groups, Users and Roles. | |
| improvement: Added UI improvements for displaying Home Vault Secrets. Users now can view the personal secrets in the UI that are created in the Home Vault, using the CLI. | |
| improvement: The UI for Users and Secrets includes an Audit tab for viewing audit activity. | |
| improvement: The UI for Secrets allows you to delete secrets. | |
| improvement: The Kubernetes Webhook plug-in now supports custom namespaces. | |
| improvement: The visual appearance of the UI has been updated to represent our company brand. | |
| fixed: Fixed an issue with the SIEM integration to allow for endpoint support. | |
| February 2022 | CLI Version: 1.31.0 |
| improvement: Added guided sub-command support on CLI Wizards to create and update secrets. | |
| improvement: Added support in the Kubernetes Sidecar extension for Authentication by Cert. The Broker can be configured to use the Certificate method of authentication instead of client credentials. | |
| fixed: An incorrect response that displayed after editing/updating a Thycotic One user has been resolved. Previously, updating a Thycotic One user would add an extra thy-one prefix to the displayed user name. | |
| January 2022 | CLI Version: 1.30.0 |
| improvement: When selecting a group in the UI, you will now see a Members tab. You can use the Members tab to add and remove users to and from the selected group. | |
| improvement: We have added Role Management to our UI. You can now view, create, edit, and delete roles, as well as view the client credentials that are attached to the selected role. | |
| December 2021 | CLI Version: 1.29.0 |
| improvement: Our Kubernetes sidecar extension now supports the use of custom namespaces. Pods can now be restricted to only access secrets located in that namespace, thereby preventing pods from accessing secrets that they do not need access to. | |
| improvement: When selecting a user in the UI, you will now see a Membership tab. Here, you will be able to view the current group membership of the selected user, as well as edit the group membership. | |
| fixed: When using the CLI wizard to set up a siem connection, a blank input for the default value of Engine routing would lead to an error "Blank input is invalid". The CLI now allows the blank input and assumes the default value. | |
| fixed: Previously in the CLI, our parsing function would not allow the creation of a secret/role with a '-c' suffix in path. The behavior has been corrected. | |
| fixed: Federated User Accounts (such as thy-one users) were not able to see management modules in UI, due to an issue with querying the logged-in user's permissions. The backend query would come up blank because the prefixed user account (thy-one: |
|
| fixed: User Accounts that were created with usernames that include uppercase letters were not able to see management modules in the UI, due to an issue with querying the logged-in user's permissions. The backend query would come up blank because the user is not recognized in any policy with an uppercase letter (usernames are automatically forced to lowercase when referenced to policies). User and Role creation now forces the casing of characters in user and role names to lowercase. | |
fixed: When editing the currently populated displayname field of a user with an empty string value, the cmd would successfully execute, but it would not actually change the field to an empty value. We have added error handling that states "Editing a User's displayname should be 3 to 100 characters." |
|
| November 2021 | CLI Version: 1.28.0 |
| new feature: Geolocation-Based Routing - Previously, our data flow configuration was an active-passive failover with the East Coast site as our primary for all U.S. customers. To ensure the same performance for our West and East Coast customers, we have changed to an active-active failover configuration. Now, U.S. customers will automatically route to the site closest to their Data Center, further minimizing any latency issues. Geolocation is determined by IP address. | |
| improvement: Added the delete function for deleting groups in the UI. | |
| October 2021 | CLI Version: 1.27.0 |
| improvement: Added the ability to View and Create Groups in the UI. | |
| improvement: Added the Last Login field to the User Preference Page in the UI. | |
| improvement: Authentication by certificate is now available as an option in the CLI. | |
| fixed: Runtime error when using a bad flag for the dsv group create command. | |
| fixed: Broken Azure authentication due to a change from Microsoft (letter casing was changed in the Resource Group ID). Reauthorization may be required. | |
| September 2021 | CLI Version: 1.26.0 |
| improvement: Added Support for AWS EC2 instances that use IMDSv2. Support for IMDSv1 will continue. | |
| improvement: Added the ability to view, create, and edit users in the UI. (Safari not supported) | |
| fixed: Resolved an issue where Azure authentication fails when attempting to initialize dsv from an azure VM. | |
| August 2021 | CLI Version: 1.25.0 |
| Engine Version: 1.9.0 | |
| improvement: Authentication by Certificate now requires a Base64 encoded private key along with the certificate. | |
| improvement: BreakGlass enhancement - When deleting a user, DSV will now check to see if the user is a member on the new admin list for breakglass. This is to ensure that no user on this list is deleted without providing a replacement for the potential breakglass admin. | |
| improvement: Added guided sub-command support on CLI Wizards for Clients, BreakGlass, Engine, and Pool. | |
| improvement: In the DSV UI, added the ability to make changes to editable fields on existing secrets. | |
| July 2021 | CLI Version: 1.24.0 |
| improvement: For GCP Dynamic Secrets, added configurable time-to-live for OAuth. | |
| improvement: Breakglass will now allow duplicate policy entries and cleanup duplicates upon removal. | |
| improvement: In the DSV UI, improved the view/preview of basic secret attributes. | |
| June 2021 | CLI Version: 1.23.0 |
| Engine Version: 1.8.0 | |
| new feature: DSV now supports authentication by certificate. | |
| fixed: Fixed a bug preventing the DSV Engine from connecting in .au regions. | |
| May 2021 | CLI Version: 1.22.0 |
| Engine Version:1.7.0 | |
| new feature: The emergency Break Glass feature allows DSV users to recover Super Administrator access if those credentials are lost or compromised. | |
| new feature: Introduced the first version of a web GUI. It includes the ability to list secrets that you have access to. | |
| new feature: SIEM integration is now available through the DSV engine. | |
| new feature: The DSV Engine can now be run as a service. | |
| April 2021 | CLI Version: 1.21.0 |
| new feature: DSV now supports Encryption as a Service using user-supplied keys. | |
new feature: The report command generates a list of secrets or groups. Use the secret subcommand to see the secrets available to a user, group, or role. Use the group subcommand to see the group memberships of a user or role. |
|
| improvement: Users and roles can now be searched by provider or fully-qualified name. | |
| improvement: Thycotic One user login is now interactive in the CLI. The API login route has been disabled. | |
| March 2021 Release 2 | CLI Version: 1.2.0 |
| Engine Version: 1.6 | |
| new feature: DSV now offers a fully managed Encryption as a Service. | |
improvement: Users can be given a display name using the --displayname flag. |
|
| improvement: Maximum policy limit per tenant has been increased from 500 to 1,000. | |
improvement: Secrets can now be accessed by ID using the --id flag. |
|
improvement: Secret searches can now be sorted using the --sort flag. |
|
| March 2021 | CLI Version: 1.19.0 |
| Engine Version: 1.5 | |
| improvement: Unresponsive SIEM endpoints will be automatically deregistered after ten failed attempts. | |
| improvement: DSV now supports syslog SIEM integration over TCP. | |
| improvement: The dsv-engine now prioritizes flags over configuration files. | |
improvement: The help menu for the audit command has been updated. |
|
| fixed: When creating a new thycotic-one user, passing an external-id flag will no longer prevent account creation. | |
| fixed: The dsv-engine wizard for Windows PowerShell and macOS bash no longer truncates user-token and private-key. | |
| February 2021 | CLI Version: 1.18.0 |
| Engine Version: 1.4 | |
| new feature: Added wizards for run and register in the DSV Engine. | |
| new feature: Added dynamic secret support for Azure Microsoft Graph API. | |
| improvement: Added DSV_VERBOSITY flag for use with docker image scripts. | |
| fixed: Engines registered in containers will now run using the newly created configuration file. | |
| January 2021 | CLI Version: 1.17.0 |
| Engine Version: 1.3 | |
new feature: Added sendWelcomeEmail property. When a user is created using Thycotic One for authentication, setting sendWelcomeEmail to true will send a new login email to the user. |
|
new feature: Added ability to modify authentication provider details using the edit subcommand. |
|
| improvement: After account lockout from failed authentication, the CLI now displays the time remaining until reauthentication is available. | |
| improvement: Updated dsv-engine validation and API error messages for clarity. | |
| fixed: When querying log data, the correct dates will display. | |
fixed: Client credential URL value no longer switches with search. |
|
| fixed: External ID is no longer required for Thycotic One users. | |
| December 2020 | CLI Version: 1.16.0 |
| Engine Version: 1.2 | |
| new feature: Added dynamic secret support for contained MSSQL databases. | |
new feature: Added ephemeral client credentials. Credentials can be limited using the --uses and --ttl flags. |
|
| improvement: Passwords can no longer be reused, increasing security. | |
| improvement: DSV APIs now limit the number of invalid login attempts, increasing security. | |
| improvement: Azure dynamic secrets now use consistent naming conventions between the base and dynamic secret. | |
| improvement: strictTransportHeader is present in requests. | |
| November 2020 | CLI Version: 1.15.0 |
| Engine Version: 1.1 | |
| new feature: Added dynamic secret support for PostgreSQL and Oracle databases. | |
improvement: Engines and pools can now be manipulated via the engine and pool commands. |
|
| October 2020 | CLI Version: 1.14 |
| Engine Version: 1.0 | |
| new feature: Added the DSV Engine. This agent is installed on the customer network for access while limiting the need to open the firewall. Initially for database dynamic secrets, but in the future will be used for password rotation, authentication, or other needs. | |
| new feature: Bootstrapped client credentials. When creating client credentials, a one-time use URL can be created so that the new machine or application can retrieve the Client Secret. | |
| September 2020 | CLI Version: 1.13 |
| improvement: CLI name changed from "thy" to "dsv" in downloads and documentation for all commands | |
| new feature: Home Vault GA. Completed Roles, GetByVersion, Rollback, Restore, Policy for giving others access. | |
| improvement: Wizards for Groups will not allow invalid Users | |
| improvement: Wizards for Users look for Auth provider and act accordingly rather than ask for a password first | |
| improvement: secrets attributes can be updated without affecting other fields | |
| improvement: Thycotic One users not sent sign-up emails by default. Can change this setting | |
| improvement: whoami command provides more information for cloud auth providers | |
| improvement: Group names can't have spaces | |
| improvement: Roles with Auth providers must include an external ID | |
| August 2020 (Update 1) | CLI Version: 1.12.1 |
| fixed: CLI update check | |
| August 2020 | CLI Version: 1.12 |
| new feature: Home Vault Beta. Users get their own secret space without needing a policy. | |
| improvement: Global flags defined | |
| improvement: Policy update help information and examples. | |
| improvement: Improved auth-provider help | |
| improvement: Pre-validation for SIEM endpoints | |
| fixed: Added Metadata to Groups | |
| July 2020 (Update 1) | fixed: Enforce case insensitivity on subjects returned in JWT record. |
| July 2020 | CLI Version: 1.11 |
| new feature: SSH public key generation and SSH Certificate signing/storage was added. | |
| new feature: CLI now contains wizards for Users, Groups, and Roles. | |
| improvement: Policy update help information and examples. | |
| improvement: Added IDs and status information to audit records. | |
| improvement: Standardized on the use of colons for policies instead of slashes | |
| fixed: Enhancements to auth providers. | |
| fixed: Group memberships are not evaluated for policy updates. | |
| fixed: Group member sometimes returned code 500 (internal server error) on deletion attempt. | |
| June 2020 | CLI Version: 1.10 |
| new feature: SIEM endpoints. Support Syslog, CEF, and JSON log formatting on TLS,TCP, UDP, HTTP, and HTTPS transport protocols. | |
| new feature: Introduced CLI wizards to PKI, SIEM, Policy, and Auth-provider commands for simplified human navigation. | |
| improvement: Additional Secrets search capabilities. Enabled search for Secrets on any attribute, path, or description. | |
| improvement: Provide the ability to add a CRL URL to a signing certificate. | |
| fixed: CLI version check fixed regardless of the update cache | |
| fixed: Group membership evaluated for policy updates. | |
| update: Deprecated "settings" attribute on the Configuration document will be removed next release. All auth provider management should go through the config/auth endpoint | |
| May 2020 | CLI Version: 1.9 |
| new feature: Google Cloud Platform (GCP) Dynamic secrets. DSV can issue ephemeral secrets for GCP service accounts | |
| new feature: OIDC Support. Thycotic One can connect to any IDP provider that supports OIDC and in-turn those users can authenticate to DSV. | |
| improvement: If a base secret has a dynamic secret linked to it, it errors on attempt to delete it. | |
| improvement: New flag for singing a leaf certificate that includes the singing certificate for the trust chain | |
| fixed: Groups with 3rd party auth fixed | |
| fixed: Client permission check | |
| fixed: Restore user with 3rd party auth | |
| April 2020 | CLI Version: 1.8 |
| new feature: Google Cloud Platform Authentication using service accounts and GCE metadata | |
| new feature: X.509 Certificate Issuance. Certificate signing capablilties. | |
| improvement: Azure dynamic secret role validation | |
| improvement: Azure dynamic secret temporary service principal cleanup. (deletes expired service principals in Azure MSI) | |
| improvement: Dynamic secrets easier to edit | |
| fixed :CLI encryption key works if store path is in a non-default location. | |
| fixed :Client tokens used even if already logged in. | |
| March 2020 | new feature: Azure Dynamic Secrets. DSV can use Azure Service Principals to provide ephermal credentials |
| new feature: (API only) Ability to issue X.509 certificates | |
| improvement: Ability to retrieve auth settings by version | |
| improvement: Make help commands available even if the CLI config is missing | |
| improvement: Protect error check. Protect against creating policy errors | |
| improvement: Ability to search for dynamic secrets given a base secret | |
| improvement: Improved error reporting for dynamic secrets | |
| fixed : A malformed policy could prevent reading all policies. | |
| February 2020 | improvement: protect against user lockout. When editing authentication providers, block any changes that locks the user out of the account. |
| improvement: audit search results now inclusive of the dates in a range (previously the first day was omitted). | |
| improvement: consistent version listing. Removed the “v” in the version number when searching older versions to be consistent with other listings. | |
| new feature: AWS Dynamic secrets. DevOps Secrets Vault can use AWS Security Token Service (STS) to provide ephemeral AWS credentials. | |
| January 2020 | improvement: the rollback command allows you to roll back Secrets (and Policies and Authentication Providers) to their earlier versions |
| improvement: Windows users can now more easily edit Secrets, with Notepad or another designated editor opening right from the command line | |
| fixed: a defect in the Kubernetes extension caused verbose error reporting on irrelevant conditions | |
| December 2019 | improvement: the thy init command no longer requires an --advanced flag, as it now always steps through key initialization settings |
| improvement: the DSV CLI executables will now prompt when a new version is available for download | |
| fixed: a defect in CLI audit log listing behavior would show listings even when the start date was in the future and would show listings later than the end date | |
| November 2019 | improvement: after deleting a Secret, Role, User, Group, Policy, or Authentication Provider, the new restore command will undelete the item up to 72 hours later |
| improvement: architectural changes back uptime of 99.999 percent; continuous backup enables hot backup fail-over in under a minute | |
| October 2019 | improvement: a Secret’s data, attributes, and description can be individually updated via the update command’s new --data, --attributes and --desc flags, respectively |
| improvement: the Secret update command’s new Boolean --overwrite flag controls whether the --data flag’s content overwrites or merges with extant data object fields | |
| improvement: improvement: updated server side policy caching to better handle permission updates | |
| improvement: the CLI now supports finding and examining audit logs, previously possible only via the API | |
| September 2019 | improvement: better scaling of configuration files achieved by keeping policies and authentication providers in separate files |
| improvement: the permissions command has been superseded by the policy command; named policies no longer require everyone to modify a global document | |
| improvement: the new Change Password feature enables users to change their passwords | |
| improvement: adding Users to a Group achieves permissions delegation | |
| improvement: deleting a Secret now deletes all past versions, rather than just the latest | |
| fixed: the API Audit Search function’s bug, related to the improperly named Secret parameter, is resolved by the properly named path parameter | |
| August 2019 | fixed: issue where the refresh token generated by Thycotic One authentication was not correctly generating the full subject name and could cause access denied errors |
| fixed: issue where adding a pre-existing Thycotic One user as a DSV User would not correctly save the Thycotic One user id | |
| fixed: issue where the config created and updated metadata fields that were not properly shown in responses | |
| added: version validation to config update to help prevent conflicts | |
| July 2019 | first General Availability of the service |
