Builder Vault (TSM) Release 72.2.0
October 1st, 2025 by Michael Bæksvang Østergaard
Versions
Database: 7.13.0
Node Communication: 34.2
Node Configuration: 26.5
Client API: 62.3
Client Communication: 32.5Changelog
Client Communication:
- Added new endpoints for RSA in the PKCS#11 module
- Added new endpoints for AES unwrap in the PKCS#11 module
- Management API: Added 1 minute, 5 minute, and 15 minute averages for operations to metrics
- Added Swagger (openAPI) UI for Management API at /management/docs and download at /management/openapi.yaml
Node Configuration:
- Added RSAImportKey, RSADecrypt to PKCS11
- Disable management server authentication for specific roles by specifying an empty API key
Client API:
- Added support for creation (load) of RSA keys and encryption/decryption operations in the PKCS#11 module
- Added support for Unwrapping of AES encrypted AES keys in the PKCS#11 module
Patch changes (no effect on compatibility):
- More debug logging for MPC operations, connection establishment, database use and external encryptor pluginDetails
Management API Swagger/OpenAPI UI and Download
When the management server is enabled, it now includes Swagger UI documentation, and a URL for downloading the OpenAPI yaml definitions, found under:
/management/docs /management/openapi.yaml
respectively.
Unauthenticated access to Management API
Specifying an empty API key under the management server API keys, grants unauthenticated access with the specified permissions. Previously you would need to enter a hash of the empty string to achieve the same result.
Debug information with duration
When running the TSM with a log level of DEBUG many operations are now logged together with a duration indicating how long time the operation took. If the operations fails, then no duration is logged.