We are pleased to announce the 10.1 release of Topicus KeyHub. This release brings several fixes and addresses some issues found in previous versions. This release changes how access to vaults is granted. Before upgrading, be sure to read these release notes.
Browser extension for Chrome and Firefox
TKH-649 We now have a browser extension for direct access to your vaults from within your browser. When enabled, your rotating password can also be accessed via this extension. The extension is available for Google Chrome and Mozilla Firefox and can be installed directly from the store or at https://www.topicus-keyhub.com/browser-extensions/. The extension requires Topicus KeyHub 10.1 installed on your server to operate.
Internal LDAP server
TKH-540 Topicus KeyHub now embeds a read-only LDAP server. This can be used as an endpoint for synchronisation tools. The server lists all accounts, groups and memberships and is compatible with LDAP v3 compliant clients.
Note: To expose the LDAP server port on the KeyHub server, you need to add
- "389:8389" to the
ports section of the
wildfly container in your
Command line interface improvements
TKH-690 The command line interface introduced in Topicus KeyHub 10.0 has seen many improvements. Error handling and reporting has been improved and input parameters are verified more strictly. Also, it is now possible to search for records not only by UUID, but by name, URL or any other property. For manual usage, secrets can now be entered via a prompt with echoing disabled.
TKH-684 Users are now granted access to vaults immediately when joining a group. This is a change in behaviour compared to previous versions. Although it is still possible for a group manager to revoke access to a vault, this should not be relied upon. If access to (some of the) vault records should be restricted to a subset of the users in a group, a separate group should be created for these records.
The following smaller improvements and bugfixes were made:
TKH-666Application URIs for OAuth2 are no longer required when client credentials grant is allowed.
TKH-672Fixed an error with uploading the first vault recovery key.
TKH-673Fixed a 404 error when opening some pages via bookmarked links.
TKH-674Removed the incorrect 'no access' warning for the KeyHub Administrators group.
TKH-675Fixed an error when logging out with Google as OIDC provider.
TKH-678German translation improved substantially.
TKH-683The audit log for an OAuth2 client can now be viewed.
TKH-685Also search on UUID via quick search in vaults.
TKH-687Fixed an error when changing your password and re-authentication is required.
TKH-688Username and URL are now allowed on all types of vault records.
TKH-691Prevented entering too long reasons or feedback on requests.
TKH-692TOTP records can now be modified without re-entering the secret.
TKH-694Fixed an error with choosing a weak password when registering an internal account.
TKH-695Enabling password sync no longer gives an error about your KeyHub password.