1. Docs


See our buildlog for relationships between specific docker hashes and version tags. The most recent releases are at the bottom of the file. There will only ever be multiple hashes for a single version tag if the underlying image was rebuilt to fix a security vulnerability.


  • Added endpoints to manage tenant secrets.
    • Tenant secrets can be listed, and individual secrets can begin/commit rotation.


  • Added support for Thales KMS configurations.
    • KMS config create, list, get, and update endpoints all work with the new config type.


  • Breaking: Changed KMS Config Get to not return decrypted KMS config credentials. The decrypted keyPath will still be returned.
  • Added support for managing tenant tags
    • Added new endpoints to list, create, assign, and un-assign tags
  • Added new version of the Tenant Create endpoint
    • POST /api/2/tenants accepts tags to assign to tenants. If no tags are provided, none will be assigned.
    • POST /api/1/tenants does not accept tags. The tenant will be created with the Default tag for the vendor.


  • Added multi arch builds. amd64 and arm64 docker containers are both published to GCR.
  • Added ability to invite tenant admins on tenant creation.
  • Added ability to resend tenant invites.


  • Added support for KMS configs assigned to multiple organizations
  • Added endpoints for managing assignments
  • Fixed a bug in the grant/revoke logic for the TSP group

Was this page helpful?