1. Docs


See our buildlog for relationships between specific docker hashes and version tags. The most recent releases are at the bottom of the file. There will only ever be multiple hashes for a single version tag if the underlying image was rebuilt to fix a security vulnerability.


  • Switched to structured JSON logging


  • Added tenantId to Tenant Secret List response.
  • Added tags filter to Tenant Secret List request body.


  • Added support for specifying key leasing requirement when creating a KMS configuration.
  • Added field to tenant response structure indicating whether the tenant has been invited but not yet accepted the invitation.


  • Added support for key leasing requirements for tenants.
    • When creating a new tenant, your organization’s default key leasing requirement will be used (see Organization Settings in Config Broker).
    • The Tenant Update endpoint can be used to change an individual tenant’s key leasing requirement.


  • Added endpoints to manage tenant secrets.
    • Tenant secrets can be listed, and individual secrets can begin/commit rotation.


  • Added support for Thales KMS configurations.
    • KMS config create, list, get, and update endpoints all work with the new config type.


  • Breaking: Changed KMS Config Get to not return decrypted KMS config credentials. The decrypted keyPath will still be returned.
  • Added support for managing tenant tags
    • Added new endpoints to list, create, assign, and un-assign tags
  • Added new version of the Tenant Create endpoint
    • POST /api/2/tenants accepts tags to assign to tenants. If no tags are provided, none will be assigned.
    • POST /api/1/tenants does not accept tags. The tenant will be created with the Default tag for the vendor.


  • Added multi arch builds. amd64 and arm64 docker containers are both published to GCR.
  • Added ability to invite tenant admins on tenant creation.
  • Added ability to resend tenant invites.


  • Added support for KMS configs assigned to multiple organizations
  • Added endpoints for managing assignments
  • Fixed a bug in the grant/revoke logic for the TSP group

Was this page helpful?