This release significantly enhances operational resilience and security with support for multi-HSM configurations, dynamic HSM management, and integration with HashiCorp Vault. New features for automation, FIPS 140-3 compliance, and remote server management streamline enterprise workflows. Please note this release introduces a new MinIO Commercial License and includes breaking changes to the logging system. ### New Features * **Multi-HSM Support for High Availability**: Configure multiple Hardware Security Modules (HSMs) per cluster to ensure continuous operation during an HSM failure or outage. (#152) * **Dynamic HSM Lifecycle Management**: Add and remove HSMs from a live cluster without downtime using the `minkms add-hsm` and `minkms rm-hsm` commands, simplifying key rotation and migration. (#155) * **HashiCorp Vault as an HSM**: Integrate with HashiCorp Vault's Transit Secret Engine for external master key management, centralizing secrets within your existing infrastructure. (#161) * **Message Authentication Code (MAC) Generation**: Create cryptographic signatures for messages to verify data integrity and authenticity without exposing the master key. (#145) * **Remote Server Restart**: Gracefully restart KMS servers remotely via the `minkms restart` CLI command or a new API endpoint, simplifying configuration reloads without direct server access. (#178) * **Programmatic Configuration and Hierarchical KMS**: Utilize public Go packages for server automation and configure a MinKMS cluster as an HSM for another, enabling tiered security architectures. (#150) * **Developer Mode for Rapid Setup**: Start a temporary server for development and testing with a single command using the `--dev` flag, which automatically handles key generation. (#153) ### Improvements * **Simplified HSM Identity Management**: Compute the default API key and identity directly from an HSM key string, streamlining credential management in HSM-backed environments. (#158) * **Bulk Identity Generation**: Generate all required private keys and identities for a multi-HSM configuration at once using the `--config` flag with the `minkms identity` command. (#172) * **Automated TLS Certificate Reloading**: The server now automatically reloads TLS certificates from disk hourly, enabling seamless certificate rotation without a manual restart. (#176) * **Machine-Readable CLI Output**: The `minkms identity` command now includes a `--json` flag for machine-readable output, simplifying integration with automated scripts. (#175) * **Enhanced HSM Cluster Diagnostics**: The `minkms ls-hsm` command provides more detailed status, distinguishes between configured and sealed keys, and supports offline database inspection for easier troubleshooting. (#154) * **Improved FIPS 140-3 Compliance Support**: Configure a custom internal TLS key to meet FIPS requirements, with `minkms identity` now defaulting to FIPS-compliant ECDSA P256 keys. (#162) * **Actionable Error Logging**: Receive more detailed and structured error messages for database operations and license verification failures, accelerating root cause analysis. (#165, #171) * **Corrected Documentation URL**: The server startup message now directs users to the correct AISTOR Key Manager documentation site. (#163) ### Security Updates * **Unauthenticated Metrics Endpoint**: The `/v1/health/metrics` endpoint is now accessible without authentication, simplifying integration with monitoring tools like Prometheus and improving security by removing the need for sysadmin credentials. (#169) * **Secure-by-Default HSM Connections**: TLS certificate verification is now enforced by default when one MinKMS instance connects to another as an HSM, preventing insecure connections. (#156) * **FIPS-Compliant Key Generation**: The `minkms add-identity` command now defaults to ECDSA P-256 keys and rejects non-ECDSA keys in FIPS mode to enforce compliance. (#166) * **Go Language Update**: Upgraded to Go 1.24.3 to incorporate the latest security patches and language improvements. (#148) * **FIPS Mode Persistence**: The database now records if it was initialized in FIPS mode, a foundational step for future compliance and security enhancements. (#167) ### Bug Fixes * **Corrected HSM Key Sealing**: Resolved a critical issue where adding a new HSM did not properly seal the root key, ensuring successful HSM rotation and migration. (#177) * **Improved API Error Handling**: The KMS handler now returns explicit error messages for unsupported commands, preventing silent failures during API interactions. (#146) * **CLI Command Corrections**: Fixed authentication issues with the `policy add` and `ls-key` commands and corrected the key listing command to `ls-key` in all documentation. (#160) ### Breaking Changes * **New Software License**: The project is now licensed under the MinIO Commercial License. You must review the new terms to ensure compliance. (#174) * **Redesigned Logging System**: The `minkms logs` command has been overhauled. The `--method`, `--api`, `--identity`, and `--ip` flags have been removed, requiring updates to scripts that rely on them. The default log level is now `INFO`. (#159) * **Modified `ls-hsm` Command Output**: The output format of the `minkms ls-hsm` command has changed to provide more detailed diagnostics. Scripts that parse this command's output may need to be updated. (#154) * **Stricter Key Generation in FIPS Mode**: The `minkms add-identity` command now generates ECDSA P-256 keys by default. In FIPS mode, it will reject identities that use non-ECDSA keys. (#166)