Fortanix Data Security Manager (DSM) SaaS 4.14 comes with some exciting new features, general enhancements, improvements, and resolved issues.
This release is superseded by February 02, 2023, release.
1. New Functionality/Feature(s)
1.1 Support for BLS key type (JIRA: PROD-4660):
This release adds support for generating a new key type called BLS key which is a digital signature scheme that can be used on blockchains for signature aggregation.
For more details refer to the User’s Guide: Key Lifecycle Management.
1.2 Added support for easy wizard integration for Google Cloud EKM interface (JIRA: ROFR-3152):
For more details refer to the Integration Guide: Fortanix DSM with Google EKM Interface.
1.3 Added support for easy wizard integration for Cloud Data Control AWS BYOK (JIRA: ROFR-3152):
For more details refer to the User’s: AWS KMS Group Setup- Using Easy Wizard.
2. Enhancements to Existing Features
- Custom attributes can now be set as empty in the group’s Key metadata policy (JIRA: PROD-5985).
This release allows you to create a security object with empty custom attributes that can be set at the group-level in the Key metadata policy.
For more details refer to the User’s Guide: Key Metadata Policy.
- Added “Download” column to Quorum approval request Completed->Import/Export status page (JIRA: ROFR-3834).
After a user downloads an asymmetric key from the Tasks -> Completed -> Import/Export page, the status of the download completion is shown in the new “Download” column.
- Added tooltip for the “Show warnings” field in the Extended Virtual keys form (JIRA: ROFR-3820).
- Updated text on the DSM Home page (JIRA: PROD-5279)..
- Updated the section “Need some assistance” to “Connect with our help center”.
- Updated the button “CONTACT” to “HELP CENTER”.
- Show the icon for “linked key” for a key in the Security Objects table only when the key is copied from a local Fortanix DSM group (JIRA: ROFR-3782).
- Redesigned the “Integrations” page in Fortanix DSM (JIRA: ROFR-3764).
The integration page now allows users to:
- Search an integration using the Search bar.
- Filter an integration using the check box for an integration category.
- Added AWS XKS banner on the Home page (JIRA: ROFR-3752).
- Improved the depiction of total plugins limit and plugins in use on the DSM subscription page (JIRA: ROFR-3687).
- The Authentication page in the DSM Account Settings page now covers all combinations of use of local password (JIRA: ROFR-3324).
- Added support to copy error message text in toast notifications (JIRA: PROD-3292).
- Updated Account Quorum Policy option text (JIRA: ROFR-3044).
- Updated the description for Secrets – Show value (JIRA: ROFR-3001) The description text after importing a secret is updated to inform user where they can download the key material after quorum approval when they click SHOW VALUE.
- The key state icon is updated to black color for a destroyed key from a previous red color (JIRA: ROFR-2749).
3. Other Improvements
- Added support for setting the “Activation Date” attribute in the “Create key pair” operation for private keys (JIRA: PROD-6095).
- Added support for setting the 'Deactivation Date' attribute for operations such as ‘Create Key Pair’ and ‘rekey keypair’ (JIRA: PROD-6110).
- Added backend logs to track the progress of audit log purge task (JIRA: PROD-6031).
- Added support for deleteAttribute operation to delete attributes of the managed object (JIRA: PROD-5884).
- Added support for 'Activation Date' and 'Deactivation Date' attributes in 'Locate' operation (JIRA: PROD-5873).
- Added support for using managed Cassandra from SGX (JIRA: PROD-5826).
- Added support for online attestation for DCAP (JIRA: PROD-5827).
- Added support for explicitly enabling scalable processors for new clusters (JIRA: PROD-5786).
- Implemented a method to get the value 'IvCounterNonce' from the 'EncryptResponse' object (JIRA: PROD-5973).
- Added support for deployment automation of SQL TDE and rotation via PowerShell (JIRA: PROD-2088).
4. Client Improvements
- JCE: Added a new constructor with key operations (JIRA: PROD-5681).
- KMIP: Added new features for KMIP server Java client (JIRA: PROD-5872).
6. Quality Enhancements/Updates
- Added the ability to rotate Kubernetes root certificate (JIRA: DEVOPS-1501). For more details, refer to the Administration Guide: Kubernetes Root CA Rotation.
- Added the ability for cluster TLS certificate key rotation (JIRA: PROD-578).
7. Bug Fixes
- Fixed an issue where the DONE button was disabled in the Security Objects page for a search filter of type “is one of” and “is none of” (JIRA: ROFR-3870).
- Fixed a crash when adding Google Workspace Easy Wizard integration and then deleting Google SSO (JIRA: ROFR-3868).
- Fixed an issue where the user was unable to delete SSO authentication (JIRA: ROFR-3867).
- Fixed an issue where the user was able to click the INSTALL button for any upgrade from Fortanix DSM UI (JIRA: ROFR-3856).
- Fixed an issue where
get_csrswas failing due to incorrect parameters in config-values configmap (JIRA: DEVOPS-3529).
- Fixed an issue where updating the pagination results in an error (JIRA: ROFR-3836).
- Fixed an issue where updating the “azure-key-name” custom metadata field causes future updates to fail (JIRA: PROD-6131).
- Fixed arithmetic errors in plugins (JIRA: PROD-6124).
- Fixed an issue where if the user sets "Log retention days" to an older date for which the logs lie in an old database table, then audit log purging is not happening. (JIRA: PROD-6119).
- Fixed confusing text on the Quorum approval request dialog (JIRA: ROFR-3828).
- Fixed an issue where the actor name was not shown for audit log entry when the actor is a plugin (JIRA: ROFR-3819).
- Fixed an issue where the DSM-Accelerator webservice was unable to perform local DES3-CBC and CBCNOPAD key:112 encrypt or decrypt operations (JIRA: PROD-6056).
- Fixed an issue where the user was unable to import other keys after trying to import the KCDSA key (JIRA: ROFR-3812).
- Fixed an issue where an LMS key did not allow APPMANAGEABLE or VERIFY permissions (JIRA: ROFR-3509).
- Fixed an issue in Google Workspace CSE where the Key service URL was hard coded to the AMER cluster (JIRA: ROFR-3810).
- Fixed an issue where the Quorum policy change requests do not display well in Firefox on a Linux machine (JIRA: ROFR-3807).
- Fixed an issue where certain keys that are allowed in the group-level cryptographic policy but removed from the account-level cryptographic policy are not allowed to be created at the group level until the page is refreshed (JIRA: ROFR-3803).
- Fixed an issue that now allows validating searching for UUIDs in data tables such as security objects list, app list, audit log list, and so on (JIRA: ROFR-3798).
- Fixed an issue that did now allow reducing the
log_retention_periodfrom 2 to 1 day (JIRA: ROFR-3786).
- Fixed an issue that now does not allow X25519 and ED25519 keys to be wrapped using AES key with KWP mode (JIRA: ROFR-3785).
- Fixed an issue where group policy indicators were not displayed on apps and plugins pages (JIRA: ROFR-3776).
- Fixed an issue in Azure BYOK flow where n-1 azure tags were getting pushed to Azure KMS key when Azure tags are added after key creation (JIRA: PROD-5949).
- Fixed missing tooltip for AWS Multi region keys (JIRA: ROFR-3774).
- Fixed an issue where the import operation creates two key versions instead of one for GCP-backed groups (JIRA: PROD-5944).
- Fixed an issue where the user was unable to create an EC key after the ECKCDSA type is selected and then the EC type is selected (JIRA: ROFR-3765).
- Fixed an issue where the DSM SCP backup config requires manually editing secrets (JIRA: DEVOPS-3398).
- Fixed an issue in the Customize Account workflow where uploading an SVG file format logo from the accounts page results in an error (JIRA: ROFR-3736).
- Fixed an issue where the New Features and Customization in the Settings tab in the System Administration view has the same parent class name: "tab-customizations" (JIRA: ROFR-3731).
- Fixed an issue where switching from the sysadmin to the regular account results in a 403 error in
GET (admin/v1/cluster)(JIRA: ROFR-3749).
- Fixed an issue where the IP address is not captured in the sysadmin log for a User login (JIRA: PROD-5774).
- Fixed an issue in custom tokenization where conflicting suffix type in between the 'Hexadecimal' data type, does not show an error message (JIRA: ROFR-3676).
- Fixed an issue that now shows an error message when LDAP login API exceeds the maximum time limit (JIRA: ROFR-3593).
- Fixed an issue in custom tokenization where entering
length_limit(4294967295) does not allow
max_length_limitto exceed 9 digits (JIRA: ROFR-3458).
- Fixed an issue in custom tokenization where entering
max_valueof more than 17 digits, takes the value as 0 for the remaining digits. (JIRA: ROFR-3457).
- Fixed an issue in custom tokenization where the user was unable to create a custom token security object with a max value containing 1.0e+21 (JIRA: ROFR-3455).
- Fixed an issue where the UI was showing the wrong color code for a destroyed key (JIRA: ROFR-3002).
- Fixed an issue where the scroll bar was missing for a modal window (JIRA: ROFR-2798).
8. Known Issues
- The sync key API returns a “400 status code and response error” due to the short-term access token expiry during the sync key operation of a group linked to AWS KMS (JIRA: PROD-3903).
excludedoes not work in the proxy config for operations such as attestation (JIRA: PROD: 3311).
- Unable to create an app when a Custom Group Role has the Create Apps permission enabled (JIRA: PROD: 5764).