This release significantly enhances operational resilience and security management by introducing multi-HSM support for high availability and integration with HashiCorp Vault. Administrators gain zero-downtime HSM lifecycle management, while developers benefit from streamlined testing workflows and new programmatic configuration options.

### New Features
- **Multi-HSM Support**: Configure multiple Hardware Security Modules (HSMs) per cluster to ensure high availability and fault tolerance during an HSM failure. (#152)
- **HashiCorp Vault Integration**: Use HashiCorp Vault's Transit Secret Engine as an external HSM for centralized, policy-driven master key management. (#161)
- **Dynamic HSM Management**: Add or remove HSMs from a live cluster without service interruption, simplifying key rotation and hardware migration. (#155)
- **Message Authentication Codes (MACs)**: Generate cryptographic signatures for messages to verify their integrity and authenticity without exposing the master key. (#145)
- **Programmatic Configuration**: Utilize public Go packages to automate server configuration and manage HSMs, enabling integration with orchestration tools. (#150)
- **Developer Mode**: Start a temporary server instance with a single command (`--dev`) for rapid development and testing, eliminating manual key setup. (#153)

### Improvements
- **Enhanced HSM Status Command**: The `minkms ls-hsm` command now provides more detailed diagnostics and supports offline database inspection for easier troubleshooting. (#154)
- **FIPS 140-3 Compliance**: Operate in a FIPS-compliant mode by configuring a custom ECDSA P256 private key for internal cluster communication. (#162)
- **Redesigned Logging System**: The logging engine has been overhauled for improved performance and message processing. (#159)
- **Simplified Credential Management**: The `minkms identity` command can now directly compute an API key and identity from an HSM key string. (#158)

### Security Updates
- **Secure by Default**: TLS certificate verification is now enforced by default for all HSM connections to prevent man-in-the-middle attacks. (#156)
- **Go Runtime Update**: Upgraded to Go 1.24.3 to incorporate the latest language-level security patches. (#148)

### Bug Fixes
- **CLI Authentication**: Resolved an issue where `policy add` and `ls-key` commands failed to authenticate correctly when an API key was provided. (#160)
- **API Error Reporting**: The KMS handler now returns a clear error message when an unsupported command is received. (#146)
- **Documentation Correction**: Corrected the `ls-key` command name in help text and fixed the documentation URL displayed on server startup. (#160, #163)

### Breaking Changes
- **Logging Command Flags Removed**: Due to a logging system redesign, the `minkms logs` command no longer supports the `--method`, `--api`, `--identity`, or `--ip` flags. Scripts must be updated to use external tools like `grep` for filtering. The default log level is now `INFO`. (#159)
- **HSM Status Command Output**: The output format of `minkms ls-hsm` has changed to provide more detailed information. Scripts that parse this output may require modification. (#154)