List view
Long-running parallel track: KMIP integrations across storage, database, network, and cloud platforms. **Work streams** - Storage KMIP integrations - Database integrations - Network & security integrations - Cloud & virtualisation integrations **Depends on** No hard blockers — runs in parallel with Sprints A–D throughout 2026.
Due by January 5, 2027Dynamic secret engines, SAML federation, KMIP split keys, and IoT device enrollment. Starts when G-10 (#863 KV store, Sprint B) and G-02 (#880 LDAP, Sprint C) are merged. **Timeline**: October 2026 → ~Q1 2027 **Issues** - #864 Dynamic secret engine — database credentials (G-14) — 8 weeks - #864 Dynamic secret engine — SSH one-time passwords (G-14) — 4 weeks - #889 SAML 2.0 authentication via authentication server (G-18) — 4 weeks - #870 KMIP Split Key / Shamir secret sharing (G-13) — 4 weeks - #871 EST (RFC 7030) + SCEP — IoT device enrollment (G-19) — 4 weeks **Depends on** - Sprint A · Unblock Enterprise Sales — #889 SAML requires #879 authentication server integration (G-24) - Sprint B · DevOps & Cloud-Native — #864 dynamic secrets require #863 KV secret store (G-10) - Sprint C · Enterprise AuthZ & PKI — #889 SAML requires #880 LDAP (G-02); #870 Split Key requires #651 RBAC (G-03); #871 EST/SCEP requires #860 ACME endpoint (G-12)
Due by August 4, 2026•0/4 issues closedRole-based access control, LDAP, quorum authorization, and PKI endpoints. Starts once G-24 (#879) and G-03 (#651) from Sprint A are merged. **Timeline**: July 2026 → ~November 2026 **Issues** - #880 LDAP / Active Directory authentication via authentication server (G-02) — 3 weeks - #887 Quorum / M-of-N authorization (G-04) — 8 weeks - #860 ACME endpoint RFC 8555 (G-12) — 8 weeks - #888 cert-manager Issuer plugin (G-15) — 4 weeks - #869 FPE FF3-1 + vaulted tokenization (G-01) — 6 weeks **Depends on** - Sprint A · Unblock Enterprise Sales — #880 LDAP requires #879 auth server (G-24) and #651 RBAC (G-03) **Internal dependencies** - #651 RBAC → #887 Quorum - #860 ACME → #888 cert-manager Issuer **Required by** - Sprint D · Secrets & Dynamic Credentials — #870 Split Key requires #651 RBAC; #871 EST/SCEP requires #860 ACME; #889 SAML requires #879 auth server + #880 LDAP
Due by August 25, 2026•0/5 issues closedDeployment tooling, Kubernetes integrations, and cloud-native features. Runs in parallel with Sprint A. **Timeline**: April 27 → ~August 2026 **Issues** - #882 Config secret management — no clear-text secrets in TOML (G-25) — 2 weeks - #863 KV secret store, REST, KV v2-compatible (G-10) — 6 weeks - #861 Kubernetes KMS Provider Plugin (G-06) — 4 weeks - #862 Kubernetes CSI Driver Provider (G-07) — 4 weeks - #883 Azure EKM key lifecycle sync (G-27) — 4 weeks - #884 OCSP responder (G-16) — 2 weeks - #885 Terraform / OpenTofu provider (G-09) — 6 weeks - #886 Helm chart (G-09b) — 2 weeks **Depends on** - Sprint A · Unblock Enterprise Sales — #883 Azure EKM sync requires #859 auto-rotation (G-05)
Due by May 26, 2026•0/8 issues closedCritical features that unblock enterprise sales. All items have no external prerequisites and run in parallel. **Timeline**: April 13 → ~September 2026 (parallel engineering, alongside other ongoing work) **Issues** - #879 Authentication server integration (G-24) — 2 weeks - #868 REST native crypto API (G-08) — 2 weeks - #859 Automatic key rotation policy (G-05) — 3 weeks - #651 Full RBAC + namespace / multi-tenant isolation (G-03) — 8 weeks - #881 Structured audit trail + SIEM integration (G-11) — 4 weeks **Required by** - Sprint B · DevOps & Cloud-Native — #883 Azure EKM sync requires #859 auto-rotation - Sprint C · Enterprise AuthZ & PKI — #880 LDAP requires #879 auth server and #651 RBAC - Sprint D · Secrets & Dynamic Credentials — #889 SAML requires #879 auth server
Due by June 2, 2026•0/6 issues closed