---
title: Changelog
path: changelog
status: published
---

# Changelog

User-visible changes to ScaiVault, newest first. Versioning is API-path based — breaking changes ship under a new path version (`v2`) and don't disturb `v1` callers.

## 1.0.0 — 2026-05-17

Public launch.

**Available API surfaces.** Secrets (CRUD, versioning, expiration, soft-delete with recovery, batch read), Policies (path-pattern rules with IP/MFA/time-window conditions), Rotation (auto and event-driven, with grace periods and warn-before notifications), PKI (internal CA hierarchy + ACME via Let's Encrypt/ZeroSSL/BuyPass/Google + CSR workflow + trust anchors + CRL/OCSP), Dynamic Secrets (Postgres/MySQL/MongoDB/Redis/AWS/Azure/GCP/SSH), Federation (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, GCP Secret Manager — proxy or sync mode), Webhooks and Subscriptions, Audit log with export to S3/GCS/Azure.

**Clients shipped.** Python, JavaScript/TypeScript, .NET. Python and .NET fully cover the API; JavaScript covers everything except a handful of admin-only operations. CLI (`scaivault`) and MCP server (67 tools) for shell and agent integration.

**Identity.** Authentication delegated to [ScaiKey](https://scaikey.scailabs.ai). Three-level tenancy (partner / tenant / identity). Identity cache synced from ScaiKey, kept fresh by webhooks plus a 15-minute background reconciliation.

**Crypto.** Envelope encryption with per-row data keys wrapped by a KMS-held root. AWS KMS, GCP KMS, Azure Key Vault, HashiCorp Vault Transit, and PKCS#11 HSMs (including TPM 2.0) supported.

**Limits.** Default rate limits per identity per endpoint category — see [Rate Limiting](./advanced/rate-limiting). Quotas per tenant — see [Multi-tenancy](./core-concepts/multi-tenancy).

**Public docs.** This site.

## What's next

We track upcoming work in our public roadmap. The shape and content of the API is stable; ongoing work is operational (more DNS providers, more dynamic engines, more federation backends).