We are pleased to announce Topicus KeyHub 13.0. With this release our virtual appliance is ready for general use. Also we started delivering the first features for compliance management. As usual, a number of smaller improvements have been made and many issues have been fixed.

Topicus KeyHub virtual appliance

The Topicus KeyHub virtual appliance no longer has a beta status. It is now ready for general use. While the existing way of upgrading via the docker containers will remain possible, we recommend everyone to migrate to the appliance.


The following improvements to the appliance were made:

  • TKH-935 Support for monitoring via SNMP was added.
  • TKH-939 Logs can now be viewed directly from the appliance manager.
  • TKH-1000 Let's encrypt can now be used to automatically obtain certificates.
  • TKH-1045 Updates and backups can now be scheduled to run automatically.
  • TKH-1057 The docker container for the internal reverse proxy has been rewritten from scratch to make it more secure, reliable and allow support for Let's encrypt.
  • TKH-1058 The virtual appliance can now be configured to be backed up in various ways.
  • TKH-1064 Not only the number of updates, but also the actual updates can now be inspected before updating.
  • TKH-1065 The appliance manager now has a dashboard with the most important information about its performance.
  • TKH-1067 Logs, docker images and backups are now automatically cleaned up over time.
  • TKH-1068 Support for Xen HVM was added.
  • TKH-1071 It is now possible to install directly from a backup.

Auditing groups

TKH-1046 With Topicus KeyHub 13.0 we delivered the first feature for compliance management: auditing a group. A manager of a group can initiate an audit of the group, confirming the users in the group. In future versions, these audits can be reviewed by other managers and managers of the special security officers group. Expect many more features in this area in the upcoming releases!


Enforcing a rotating password on all users

TKH-965 To stimulate the use of a rotating password, which is much more secure than reusing your directory password, it is now possible to enforce this on all users via the directory. When enabled, users will be required to enable password rotation when they provision a group.


Small improvements

The following smaller improvements and bug fixes were made:

  • TKH-820 As preparation for the dashboard for security officers, one group can now be marked as the security officers group.
  • TKH-882 The performance of the My groups page has been improved.
  • TKH-1018 Measuring test code coverage no longer results in numerous exceptions in the logs.
  • TKH-1019 An audit record is now created when an account is (re)enabled.
  • TKH-1040 A warning is shown when a password is entered with caps-lock enabled.
  • TKH-1043 The performance and reliability of the audit log page has been improved.
  • TKH-1053 The application server has been upgraded to WildFly 14.
  • TKH-1059 Using very old bookmarks to the login page no longer triggers errors when invalid data is given via the auth parameter.
  • TKH-1060 Broken pipes (and other I/O related errors) are no longer logged by default.
  • TKH-1061 Multiple concurrent authentications for the same account from the same browser could cause all but the first to fail.
  • TKH-1056 TKH-1062 Pressing cancel when editing or viewing a vault record no longer causes the record to (visually) disappear from its vault.
  • TKH-1063 Pressing ESC when searching for a record on some pop-overs could cause an error.
  • TKH-1066 Providing a very long reason when activating a group no longer gives an error.
  • TKH-1069 SSO with PagerDuty via SAML 2 is now supported.