Skip to content

1.4.0

Choose a tag to compare

View all tags
@swcurran swcurran released this 15 Nov 18:44
· 173 commits to main since this release
1.4.0
11f27ec
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

ACA-Py 1.4.0 delivers a major internal upgrade centered on the introduction of Kanon Storage, a new modular storage architecture that separates cryptographic key management from general data persistence. Kanon moves ACA-Py’s non-key data (connections, credentials, protocol records, etc.) out of the encrypted Askar wallet into a dedicated, database-native storage layer that is encrypted at rest. Askar now functions purely as a Key Management Service (KMS), responsible for secure creation and use of keys and secrets. This shift enables ACA-Py deployments to leverage the full capabilities of their database engines—better indexing, analytics, and scalability—while preserving strong security boundaries around key material.

Kanon Storage is optional and fully backward compatible. Developed by the team at VeriDID (https://verid.id), this contribution represents a major advancement in ACA-Py's modular architecture and storage flexibility, and we extend our thanks to the VeriDID developers (notably dave-promulgare and vinaysingh8866) for their work in designing and implementing this foundational change. Existing ACA-Py deployments using Askar for all storage continue to function unchanged and can migrate to Kanon at any time. New deployments are encouraged to adopt Kanon for improved performance and operational flexibility. See the Kanon Storage documentation for details on configuration, migration, and best practices.

Alongside Kanon, this release includes significant refactoring in the AnonCreds revocation subsystem, modernization of event handling via an updated EventBus, and improvements to credential signing for SD-JWT to ensure correct verification-method key usage. Developers will also notice lint rule revisions, post-Kanon cleanup, and smaller enhancements to demos and test infrastructure such as the --debug-webhooks flag and interop test fixes. Together, these updates improve maintainability, observability, and readiness for large-scale production use.

1.4.0 Deprecation Notices

In an upcoming ACA-Py release, we will be dropping from the core ACA-Py repository the AIP 1.0 RFC 0036 Issue Credentials v1.0 and RFC 0037 Present Proof v1.0 DIDComm protocols. Each of the protocols will be moved to the ACA-Py Plugins repo. All ACA-Py implementers that use those protocols SHOULD update as soon as possible to the AIP 2.0 versions of those protocols (RFC 0453 Issue Credential v2.0 and RFC 0454 Present Proof v2.0, respectively). Once the protocols are removed from ACA-Py, anyone still using those protocols MUST adjust their configuration to load those protocols from the respective plugins.

The acapy_agent.revocation_anoncreds package has been deprecated and relocated to acapy_agent.anoncreds.revocation for improved consistency across the codebase. The change should only affect ACA-Py Plugins that implement AnonCreds, but other developers should also take note.

The wallet-type configuration value askar is now deprecated and all deployments still using that wallet type should migrate to either the askar-anoncreds or (ideally) kanon-anoncreds wallet types.

Breaking Changes

This release introduces no breaking changes for existing ACA-Py deployments. Existing instances can continue to use Askar for both key and data storage by default.

Implementers are encouraged to evaluate Kanon as the preferred approach for new deployments or planned upgrades. Kanon provides better scalability, performance, and integration with database-native capabilities such as indexing, analytics, and external management tools — while maintaining secure handling of cryptographic keys within Askar.

What's Changed

  • Add --debug-webhooks config to demo agents by @jamshale in #3865
  • chore(deps): Bump openwallet-foundation/acapy-agent from py3.12-1.3.1 to py3.12-1.3.2 in /demo/multi-demo by @dependabot[bot] in #3869
  • chore(deps): Bump openwallet-foundation/acapy-agent from py3.12-1.3.1 to py3.12-1.3.2 in /demo/docker-agent by @dependabot[bot] in #3868
  • chore(deps): Bump openwallet-foundation/acapy-agent from py3.12-1.3.1 to py3.12-1.3.2 in /demo/playground by @dependabot[bot] in #3867
  • chore(deps): Bump github/codeql-action from 3.29.8 to 3.29.11 in the all-actions group by @dependabot[bot] in #3862
  • chore(deps): Bump markdown from 3.8.2 to 3.9 by @dependabot[bot] in #3873
  • chore(deps-dev): Bump pytest-cov from 6.2.1 to 6.3.0 by @dependabot[bot] in #3872
  • ♻️ Refactor and modularize anoncreds revocation package by @ff137 in #3861
  • fix: Repair Interop tests url by @jamshale in #3881
  • chore(deps): Bump pynacl from 1.5.0 to 1.6.0 by @dependabot[bot] in #3880
  • chore(deps): Bump the all-actions group across 1 directory with 4 updates by @dependabot[bot] in #3882
  • chore(deps-dev): Bump ruff from 0.12.10 to 0.13.0 by @dependabot[bot] in #3879
  • chore(deps-dev): Bump pydevd-pycharm from 252.25557.70 to 252.26199.25 by @dependabot[bot] in #3878
  • chore(deps-dev): Bump pytest-cov from 6.3.0 to 7.0.0 by @dependabot[bot] in #3877
  • Chore(chart): delete chart files and add chart relocation notice by @i5okie in #3883
  • chore(deps-dev): Bump pydevd from 3.3.0 to 3.4.1 by @dependabot[bot] in #3884
  • chore(deps): Bump postgres from 17 to 18 in /demo/docker-test/db by @dependabot[bot] in #3889
  • chore(deps-dev): Bump pydevd-pycharm from 253.17525.96 to 253.24325.40 by @dependabot[bot] in #3898
  • chore(deps): Bump the all-actions group across 1 directory with 4 updates by @dependabot[bot] in #3890
  • 🔧 🎨 Revise lint rules by @ff137 in #3900
  • Kanon Storage by @dave-promulgare in #3850
  • 🎨 Post-Kanon cleanup by @ff137 in #3901
  • ♻️ 💥 Refactor EventBus notify method by @ff137 in #3690
  • (fix) Properly use VM key when signing [SD-]JWT by @gmulhearn in #3892
  • chore(deps): Bump the all-actions group with 3 updates by @dependabot[bot] in #3899
  • chore(deps-dev): Bump ruff from 0.13.3 to 0.14.0 by @dependabot[bot] in #3905
  • chore(deps): Bump github/codeql-action from 4.30.7 to 4.30.8 in the all-actions group by @dependabot[bot] in #3908
  • chore(deps): Bump pydantic from 2.11.3 to 2.12.0 in /scenarios by @dependabot[bot] in #3903
  • chore(deps): Bump aiohttp from 3.12.15 to 3.13.0 by @dependabot[bot] in #3902
  • 🎨 Move AnonCreds set_active_registry route by @ff137 in #3915
  • 1.4.0rc0 by @swcurran in #3912
  • 🎨 Fix and simplify AnonCreds-backend checks by @ff137 in #3913
  • ✨ Implement ProfileSessionHandle by @ff137 in #3914
  • Upgrade demo dockerfile acapy images to 1.3.2 by @jamshale in #3910
  • Documentation for Kanon Storage under Features/Kanon Storage by @dave-promulgare in #3918
  • chore(deps-dev): Bump pydevd-pycharm from 253.24325.40 to 253.27642.35 by @dependabot[bot] in #3919
  • chore(deps): Bump github/codeql-action from 4.30.8 to 4.30.9 in the all-actions group by @dependabot[bot] in #3921
  • fix(kanon):fixed password bug and tests for kanon postgres by @vinaysingh8866 in #3922
  • Update bcvrin test genesis url by @PatStLouis in #3926
  • Add document metadata to response by @PatStLouis in #3925
  • chore(deps): Bump the all-actions group with 2 updates by @dependabot[bot] in #3930
  • Add skip verification option for credential storage by @PatStLouis in #3928
  • Enable remote config by @PatStLouis in #3927
  • chore(deps): Bump github/codeql-action from 4.31.0 to 4.31.2 in the all-actions group by @dependabot[bot] in #3932
  • fix(kanon):storage postgres provisioning issues by @vinaysingh8866 in #3931
  • 1.4.0rc1 by @swcurran in #3933
  • feat: Add kanon profile sqlite issuance/presentation/revocation scena… by @jamshale in #3934
  • Disable kanon profile scenario tests by @jamshale in #3943
  • chore(deps): Bump pytest from 8.4.0 to 8.4.2 in /scenarios by @dependabot[bot] in #3942
  • chore(deps): Bump pytest from 8.4.0 to 8.4.2 in /demo/playground/examples by @dependabot[bot] in #3941
  • chore(deps): Bump markdown from 3.9 to 3.10 by @dependabot[bot] in #3939
  • chore(deps-dev): Bump pre-commit from 4.3.0 to 4.4.0 by @dependabot[bot] in #3938
  • Add sub wallet created event by @PatStLouis in #3946
  • Update AdminAPI.md by @Jsyro in #3936
  • feat: Upgrade anoncreds to version 0.2.3 by @jamshale in #3949
  • Timeout issue fix by @vinaysingh8866 in #3950
  • chore(deps): Bump docker/metadata-action from 5.8.0 to 5.9.0 in the all-actions group by @dependabot[bot] in #3945
  • fix: removed redundant SET client_encoding calls by @vinaysingh8866 in #3951
  • 1.4.0 by @swcurran in #3948

New Contributors

Full Changelog: 1.3.2...1.4.0

Contributors

swcurran, i5okie, and 8 other contributors
Assets 2
Loading