We are proud to announce the 16th major release of Topicus KeyHub. This release brings a major feature to all our users: a launchpad, for quick access to applications used by your company. Other important and often requested features are: encrypted backups and the ability for group managers to remove groups. As usual, a number of smaller improvements have been made and several issues have been fixed.

The launchpad

TKH-1344 Topicus KeyHub 16.0 features a whole new launchpad. This launchpad allows you to quickly navigate to applications used by your company. Tiles are shared through group memberships. A tile can be added manually, but it is also possible to make Single Sign-on applications and vault records available as a tile on the launchpad simply by checking a checkbox.

Encrypted backups

TKH-1198 Backups of Topicus KeyHub contain sensitive information, such as keys for certificates, secrets for applications and of course the contents of the vaults. Even though most of this information is stored encrypted, a backup of Topicus KeyHub requires additional protection. It is now possible to securely encrypt the entire backup using a PGP-key. The public key, used for encryption, is kept on the appliance and the private key, needed for decryption, can be stored in a secure, offline location. Without this private key, a backup will be completely useless to an attacker.

Removing groups

TKH-839 Removing groups from Topicus KeyHub has always been a difficult task, but not anymore. A manager of a group can now request the removal of that group, including all content and linked items. An overview of the content is displayed to the manager for review. If actions are required before a group can be removed, this is now clearly indicated.

Small improvements

The following smaller improvements and bug fixes were made:

  • TKH-1201 It is now possible to filter groups on the auditor dashboard by clicking on the donuts.
  • TKH-1329 An error was fixed that could abort the installation when uploading the vault recovery key.
  • TKH-1330 The SAML logout flow no longer gives an error when the subject format is not 'Primary identifier'.
  • TKH-1335 Checksums for all downloads are now available.
  • TKH-1338 A bug was fixed where an error during testing a linked system was not handled correctly.
  • TKH-1339 An error was fixed when a user tried to create multiple groups on a linked system with the same name.
  • TKH-1346 Errors during login are now correctly handled and reported back to the user, fixing an endless redirect loop.
  • TKH-1352 It is no longer possible to claim ownership of groups on linked systems by creating a second linked system with a different prefix.
  • TKH-1353 Notifications about expired vault records are now displayed to all members of a group, not just the managers.
  • TKH-1354 Inactive accounts are no longer counted as member of a group on the auditor dashboard.
  • TKH-1355 Refresh tokens are now protected against replay attacks.
  • TKH-1357 TKH-1370 Testcase coverage was increased substantially throughout the codebase. Our total coverage is now at 93%.
  • TKH-1358 It is no longer possible to create empty vault records via the CLI.
  • TKH-1359 Support was added to the CLI to remove vault records.
  • TKH-1361 More formats are now supported when using encrypted private keys.
  • TKH-1363 Administration of applications and linked systems can now only be transferred to groups that have this enabled.
  • TKH-1364 Notifications for expired certificates for directories were not always displayed correctly.
  • TKH-1366 A bug was fixed that prevented a manager to grant an application access to a vault. Topicus KeyHub would continue to ask for the user's password.
  • TKH-1372 The application server was upgraded to WildFly 19.
  • TKH-1374 It is now possible to share a vault record with a personal vault that is still empty.
  • TKH-1377 When creating a new group as KeyHub administrator, it is now possible to enable technical administration without having to send a request.