Current release: v0.1.43.Documentation Index
Fetch the complete documentation index at: https://docs.dfns.co/llms.txt
Use this file to discover all available pages before exploring further.
May 6th, 2026HSM vendor support:
- IBM EP11 support added: multi-card init, secure-key concept, EdDSA and ECDSA generate/sign, pre-generation.
- Thales HSM support added (including Cloud Luna), with a dedicated runbook.
- OpenCryptoki integration reworked, then removed in favor of the higher-level HSM interface.
- SQLite added as a keystore option, with strict tables and a read-only mode.
- HA SQLite mode added.
- Postgres migrations reorganized into a dedicated subfolder.
- Pre-generation of keys supported on startup, with topup capability.
- Pre-generation supported in
pkcs11-executormode.
- Sign by public key supported as an alternative to signing by
key_id. - Signing integrity verification using ed25519.
- Returned and stored public keys are now compressed.
- New
hsm-clifor HSM operations without a proxy connection. - New
benchcommand on the driver CLI. - Async flow: driver can return pending processes to the proxy REST API.
- Multi-platform
hsm-proxyimages (amd64 and s390x). - Version printed at
hsm-driverandhsm-proxystartup.
January 9th, 2026Operational:
- Documented HSM keystore creation in pregen mode.
- Client cert parsing: customer names containing dots are now accepted.
- Client cert domain handling is now dynamic.
December 22nd, 2025Operational:
- Client stale timeout is now a configurable parameter on
hsm-proxy. - Proxy can drop driver connections that have gone stale.
- IBM runbook updated with HA SQLite instructions.
December 17th, 2025First release of the Dfns HSM signer tracked in this changelog.