Changelog

User-visible changes to ScaiVault, newest first. Versioning is API-path based — breaking changes ship under a new path version (v2) and don't disturb v1 callers.

1.0.0 — 2026-05-17#

Public launch.

Available API surfaces. Secrets (CRUD, versioning, expiration, soft-delete with recovery, batch read), Policies (path-pattern rules with IP/MFA/time-window conditions), Rotation (auto and event-driven, with grace periods and warn-before notifications), PKI (internal CA hierarchy + ACME via Let's Encrypt/ZeroSSL/BuyPass/Google + CSR workflow + trust anchors + CRL/OCSP), Dynamic Secrets (Postgres/MySQL/MongoDB/Redis/AWS/Azure/GCP/SSH), Federation (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, GCP Secret Manager — proxy or sync mode), Webhooks and Subscriptions, Audit log with export to S3/GCS/Azure.

Clients shipped. Python, JavaScript/TypeScript, .NET. Python and .NET fully cover the API; JavaScript covers everything except a handful of admin-only operations. CLI (scaivault) and MCP server (67 tools) for shell and agent integration.

Identity. Authentication delegated to ScaiKey. Three-level tenancy (partner / tenant / identity). Identity cache synced from ScaiKey, kept fresh by webhooks plus a 15-minute background reconciliation.

Crypto. Envelope encryption with per-row data keys wrapped by a KMS-held root. AWS KMS, GCP KMS, Azure Key Vault, HashiCorp Vault Transit, and PKCS#11 HSMs (including TPM 2.0) supported.

Limits. Default rate limits per identity per endpoint category — see Rate Limiting. Quotas per tenant — see Multi-tenancy.

Public docs. This site.

What's next#

We track upcoming work in our public roadmap. The shape and content of the API is stable; ongoing work is operational (more DNS providers, more dynamic engines, more federation backends).