We are pleased to announce the 10.1 release of Topicus KeyHub. This release brings several fixes and addresses some issues found in previous versions. This release changes how access to vaults is granted. Before upgrading, be sure to read these release notes.

Browser extension for Chrome and Firefox

TKH-649 We now have a browser extension for direct access to your vaults from within your browser. When enabled, your rotating password can also be accessed via this extension. The extension is available for Google Chrome and Mozilla Firefox and can be installed directly from the store or at https://www.topicus-keyhub.com/browser-extensions/. The extension requires Topicus KeyHub 10.1 installed on your server to operate.


Internal LDAP server

TKH-540 Topicus KeyHub now embeds a read-only LDAP server. This can be used as an endpoint for synchronisation tools. The server lists all accounts, groups and memberships and is compatible with LDAP v3 compliant clients.

Note: To expose the LDAP server port on the KeyHub server, you need to add - "389:8389" to the ports section of the wildfly container in your docker-compose.yml.


Command line interface improvements

TKH-667 TKH-668 TKH-669 TKH-670 TKH-682 TKH-690 The command line interface introduced in Topicus KeyHub 10.0 has seen many improvements. Error handling and reporting has been improved and input parameters are verified more strictly. Also, it is now possible to search for records not only by UUID, but by name, URL or any other property. For manual usage, secrets can now be entered via a prompt with echoing disabled.

Vault access

TKH-671 TKH-684 Users are now granted access to vaults immediately when joining a group. This is a change in behaviour compared to previous versions. Although it is still possible for a group manager to revoke access to a vault, this should not be relied upon. If access to (some of the) vault records should be restricted to a subset of the users in a group, a separate group should be created for these records.

Small improvements

The following smaller improvements and bugfixes were made:

  • TKH-666 Application URIs for OAuth2 are no longer required when client credentials grant is allowed.
  • TKH-672 Fixed an error with uploading the first vault recovery key.
  • TKH-673 Fixed a 404 error when opening some pages via bookmarked links.
  • TKH-674 Removed the incorrect 'no access' warning for the KeyHub Administrators group.
  • TKH-675 Fixed an error when logging out with Google as OIDC provider.
  • TKH-678 German translation improved substantially.
  • TKH-683 The audit log for an OAuth2 client can now be viewed.
  • TKH-685 Also search on UUID via quick search in vaults.
  • TKH-687 Fixed an error when changing your password and re-authentication is required.
  • TKH-688 Username and URL are now allowed on all types of vault records.
  • TKH-691 Prevented entering too long reasons or feedback on requests.
  • TKH-692 TOTP records can now be modified without re-entering the secret.
  • TKH-694 Fixed an error with choosing a weak password when registering an internal account.
  • TKH-695 Enabling password sync no longer gives an error about your KeyHub password.