[4.28] - May 28, 2024

Fortanix Data Security Manager (DSM) SaaS 4.28 comes with some exciting new enhancements and resolved issues.

This release is for SaaS only and is not available for on-premises installations. Updates in this release will be part of a future on-premises release.

1. Enhancements to Existing Features

  • Removed the Transparent Encryption Proxy (TEP) wizard from the Integrations tab on Fortanix DSM. (JIRA: ROFR-4795).

2.png Figure 1: Removed TEP Wizard

2. DSM-Accelerator Improvements and Bug Fixes

3. Known Issues

  • When you edit the starting time of a Key rotation policy for a security object with the value as single digit time, for example: 01:00 am, it shows an error “Invalid date/time selected. Please make sure you filled in a valid 12-hour time”(JIRA: ROFR-4786).
    Workaround: Re-enter the rotate start time by removing the “0” before the single digit time and enter a new time (e.g. 01:00 am to 2:00 am).
  • After downgrading Fortanix DSM to version 4.25, it still shows the Node size field with a null value for LMS keys that were added in DSM version 4.26, even though the Node size is not a supported parameter in the older version (JIRA: PROD-8278).
  • Unable to create an LMS key with the following height combinations of 20.
    • 5, 20, and vice versa
  • The hyperlink color for the field “Follow the instructions in” in the “Add Instance” form for Google Workspace Client-Side Encryption (CSE) still reflects the old link color value (JIRA: ROFR-4789).

    Screenshot from 2024-02-26 16-30-19.png

    Figure 2: Client ID of CSE Application

  • The sync key API returns a “400 status code and response error” if its short-term access token expires during the synchronization of a group linked to AWS KMS (JIRA: PROD-3903). Workaround: increase the timeout of the temporary session token beyond the expected duration of the sync key operation.
  • exclude does not work in the proxy configuration for operations such as attestation (JIRA: PROD-3311).
  • Unable to create an app when a Custom Group Role has the Create Apps permission enabled. This affects users who need to create App or Plugin entries (JIRA: PROD-5764). Workaround: use the predefined Administrative User definition under Settings.
  • Rotating a GCP BYOK key to a pre-existing Fortanix DSM-hosted key (Rotate to DSM key) is not supported (JIRA: PROD-6722).
    Workaround: You can manually copy an existing AES 256 key from a normal DSM group to a GCP-backed group. This key automatically becomes the currently active crypto key version in the GCP key ring.
  • The “Rotate linked key” feature fails with an error for keys in an externally backed group where the external entity is a Google Cloud Platform key ring (JIRA: PROD-6828).
    Workaround: You must first manually rotate the source key in the regular DSM group and then copy the rotated key to the GCP group.
  • If an Azure key is rotated and then soft-deleted, only one version of the key is soft-deleted (JIRA: PROD-6947).
    Workaround: Perform a key scan in DSM to synchronize the key state with Azure.
  • The create operation for security object creation does not work for the Azure Managed HSM plugin (JIRA: PROD-7078).
  • The retry mechanism does not work as expected in the DSM-Accelerator Webservice (JIRA: PROD-7068).
  • Copying an RSA or EC key from a normal DSM group to an AWS KMS-backed DSM group does not work as expected and results in an error (JIRA: PROD-7787).
    Workaround: Export the RSA or EC key from the normal DSM group and import it into the AWS KMS-backed DSM group.


Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful