Changelog

Secryn version history

Changelog

v1.0.0 — Initial Release

  • Release Date: TBD

We’re excited to introduce Secryn v1.0.0, the first public release of our fully self-hosted secret, key, and certificate management platform. This version delivers the complete foundation of the Secryn architecture, built with a focus on security, simplicity, versioning, and full data ownership.

Below is a summary of everything included in the initial release.

Core Platform

  • Project-based organization structure
  • Support for multiple Vaults per Project
  • Restricted Vaults for tighter per-vault access control
  • Clean, modern UI built with Vue + shadcn
  • Full audit, request, and user activity tracking
  • Comprehensive App Settings panel (branding, SMTP, theme overrides, etc.)
  • Installation wizard for first-time setup
  • Backup & restore module with encrypted archives

Secrets Management

  • Create, update, delete, and restore secrets
  • Secret versioning with unlimited history
  • One-click restore to any previous version
  • Optional masked or revealed secret display
  • Expiration support with scheduled alerting
  • Public secret-name listing via API (with vault access key)

Key Management

  • RSA and EC key generation
  • Support for 2048, 3072, and 4096-bit RSA keys
  • Upload existing private keys
  • Per-key public URL support (optional)
  • Automatic visibility control (public/private)
  • Expiration support and rotation reminders
  • Vault-scoped key access via API

Certificate Management

  • Create self-signed certificates
  • Upload existing certificates
  • Download certificate + private key bundle
  • Per-certificate public URL support (optional)
  • Expiration tracking and notifications
  • Certificate metadata + lifecycle history
  • Vault-scoped certificate access via API

User Management & RBAC

  • Users are added at the Project level
  • Four predefined roles: Admin, Project Manager, Contributor, Read-Only
  • Role capabilities enforced across Web UI and API
  • Restricted Vault rules override project access
  • Role & Permissions matrix with modal view

API & Access Model

  • Vault-level access keys for secure API access
  • Get secrets, keys, certificates via API
  • Fetch a single resource or filtered groups
  • Public resource access when visibility is enabled
  • Full REST API documentation

MCP Server (AI Integration)

  • Built-in Secryn MCP server for agent-based secret retrieval
  • Supports secret, key, and certificate requests
  • Validates vault ID + access key automatically
  • Health check endpoint for agent initialization
  • Configurable via Installation Wizard and App Settings

Scheduling & Email Notifications

  • Automatic expiration reminders at 90/60/30/14/7/1 days
  • Digest emails (daily/weekly) to all admins
  • SMTP configuration with live test support
  • Global “Allow Email Notifications” user preference

Backups & Restore

  • Full database backup
  • Encrypted backup archive
  • Downloadable private encryption key
  • Restore workflow with overwrite protection

Logs

  • Audit Logs — who changed what
  • Request Logs — what API endpoints were called
  • User Logs — login attempts, IPs, timestamps
  • Searchable, filterable views
  • Export options

Developer & Deployment

  • Docker-compatible
  • Spin Pro supported
  • Reverse proxy friendly (Traefik/Nginx)
  • Environment-based configuration
  • REST + MCP for extensibility

v1.0.0 Summary

This release establishes Secryn as a complete, self-hosted foundation for securely managing secrets, keys, and certificates with strong RBAC controls, versioning, API accessibility, and AI agent compatibility.

All further versions will build on top of this baseline.

Vaults

Programmatically manage vaults and their lifecycle.

Sample Release Template

Example changelog entry to illustrate how to document a Secryn release.