We are pleased to announce the 10.1 release of Topicus KeyHub. This release brings several fixes and addresses some issues found in previous versions. This release changes how access to vaults is granted. Before upgrading, be sure to read these release notes.
Browser extension for Chrome and Firefox
TKH-649
We now have a browser extension for direct access to your vaults from within your browser. When enabled, your rotating password can also be accessed via this extension. The extension is available for Google Chrome and Mozilla Firefox and can be installed directly from the store or at https://www.topicus-keyhub.com/browser-extensions/. The extension requires Topicus KeyHub 10.1 installed on your server to operate.
Internal LDAP server
TKH-540
Topicus KeyHub now embeds a read-only LDAP server. This can be used as an endpoint for synchronisation tools. The server lists all accounts, groups and memberships and is compatible with LDAP v3 compliant clients.
Note: To expose the LDAP server port on the KeyHub server, you need to add - "389:8389"
to the ports
section of the wildfly
container in your docker-compose.yml
.
Command line interface improvements
TKH-667
TKH-668
TKH-669
TKH-670
TKH-682
TKH-690
The command line interface introduced in Topicus KeyHub 10.0 has seen many improvements. Error handling and reporting has been improved and input parameters are verified more strictly. Also, it is now possible to search for records not only by UUID, but by name, URL or any other property. For manual usage, secrets can now be entered via a prompt with echoing disabled.
Vault access
TKH-671
TKH-684
Users are now granted access to vaults immediately when joining a group. This is a change in behaviour compared to previous versions. Although it is still possible for a group manager to revoke access to a vault, this should not be relied upon. If access to (some of the) vault records should be restricted to a subset of the users in a group, a separate group should be created for these records.
Small improvements
The following smaller improvements and bugfixes were made:
TKH-666
Application URIs for OAuth2 are no longer required when client credentials grant is allowed.TKH-672
Fixed an error with uploading the first vault recovery key.TKH-673
Fixed a 404 error when opening some pages via bookmarked links.TKH-674
Removed the incorrect 'no access' warning for the KeyHub Administrators group.TKH-675
Fixed an error when logging out with Google as OIDC provider.TKH-678
German translation improved substantially.TKH-683
The audit log for an OAuth2 client can now be viewed.TKH-685
Also search on UUID via quick search in vaults.TKH-687
Fixed an error when changing your password and re-authentication is required.TKH-688
Username and URL are now allowed on all types of vault records.TKH-691
Prevented entering too long reasons or feedback on requests.TKH-692
TOTP records can now be modified without re-entering the secret.TKH-694
Fixed an error with choosing a weak password when registering an internal account.TKH-695
Enabling password sync no longer gives an error about your KeyHub password.