Skip to content

Milestones

List view

  • Sprint E · Integration Ecosystem

    Long-running parallel track: KMIP integrations across storage, database, network, and cloud platforms. **Work streams** - Storage KMIP integrations - Database integrations - Network & security integrations - Cloud & virtualisation integrations **Depends on** No hard blockers — runs in parallel with Sprints A–D throughout 2026.

    Due by January 5, 2027
    0% complete0 open0 closed

  • Sprint D · Secrets & Dynamic Credentials

    Dynamic secret engines, SAML federation, KMIP split keys, and IoT device enrollment. **Issues** - #864 Dynamic secret engine — database credentials (G-14) - #864 Dynamic secret engine — SSH one-time passwords (G-14) - #889 SAML 2.0 authentication via authentication server (G-18) - #870 KMIP Split Key / Shamir secret sharing (G-13) - #871 EST (RFC 7030) + SCEP — IoT device enrollment (G-19) **Depends on** - Sprint A · Unblock Enterprise Sales — #889 SAML requires #879 authentication server integration (G-24) - Sprint B · DevOps & Cloud-Native — #864 dynamic secrets require #863 KV secret store (G-10) - Sprint C · Enterprise AuthZ & PKI — #870 Split Key requires #651 RBAC (G-03); #871 EST/SCEP requires #860 ACME endpoint (G-12)

    Due by August 4, 2026
    0/4 issues closed
    0% complete4 open0 closed

  • Sprint C · Enterprise AuthZ & PKI

    Role-based access control, multi-tenant namespaces, quorum authorization, and PKI endpoints. **Issues** - #880 LDAP / Active Directory authentication via authentication server (G-02) - #887 Quorum / M-of-N authorization (G-04) - #860 ACME endpoint RFC 8555 (G-12) - #888 cert-manager Issuer plugin (G-15) - #869 FPE FF3-1 + vaulted tokenization (G-01) **Depends on** - Sprint A · Unblock Enterprise Sales — #880 LDAP requires #879 auth server integration (G-24) and #651 RBAC (G-03) **Internal dependencies** - #651 RBAC → #887 Quorum - #860 ACME → #888 cert-manager Issuer **Required by** - Sprint D · Secrets & Dynamic Credentials — #870 Split Key requires #651 RBAC; #871 EST/SCEP requires #860 ACME

    Due by August 25, 2026
    0/5 issues closed
    0% complete5 open0 closed

  • Sprint B · DevOps & Cloud-Native

    Deployment tooling, Kubernetes integrations, and cloud-native features. **Issues** - #882 Config secret management — no clear-text secrets in TOML (G-25) - #863 KV secret store, REST, KV v2-compatible (G-10) - #861 Kubernetes KMS Provider Plugin (G-06) - #862 Kubernetes CSI Driver Provider (G-07) - #883 Azure EKM key lifecycle sync (G-27) - #884 OCSP responder (G-16) - #885 Terraform / OpenTofu provider (G-09) - #886 Helm chart (G-09b) **Depends on** - Sprint A · Unblock Enterprise Sales — #883 Azure EKM sync requires #859 auto-rotation (G-05)

    Due by May 26, 2026
    0/8 issues closed
    0% complete8 open0 closed

  • Sprint A · Unblock Enterprise Sales

    Critical features that unblock enterprise sales. **Issues** - #879 Authentication server integration (G-24) - #868 REST native crypto API (G-08) - #859 Automatic key rotation policy (G-05) - #651 Full RBAC + namespace / multi-tenant isolation (G-03) - #881 Structured audit trail + SIEM integration (G-11) **Required by** - Sprint B · DevOps & Cloud-Native — #883 Azure EKM sync requires #859 auto-rotation - Sprint C · Enterprise AuthZ & PKI — #880 LDAP requires #879 auth server; #880 LDAP requires #651 RBAC - Sprint D · Secrets & Dynamic Credentials — #889 SAML requires #879 auth server integration

    Due by June 2, 2026
    0/5 issues closed
    0% complete5 open0 closed