v1.4.0

Observability

This release brings a major overhaul to Signatory's metrics and operational visibility:

• Sign handler metrics: New sign_handler_request_duration_milliseconds histogram and sign_handler_requests_total counter for the signing endpoint, labeled by address, status, and request type (#738)
• Watermark operation metrics: New watermark_check_duration_milliseconds histogram and counters for watermark check success/errors across file, DynamoDB, and Firestore backends (#737)
• Consensus round visibility: New consensus_round_total Prometheus counter with address, operation_type, chain_id, and round labels. Consensus round is now included in log output for block, attestation, and preattestation operations. Includes a Grafana dashboard panel for round distribution. (#785)
• Metrics correctness: Fixed signing_ops_total not incrementing for non-generic operations (#723). Fixed incorrect metric behavior on failed sign requests, including proper chain_id labeling and error-only counter increments on failures (#727)
• Metrics documentation: New docs/metrics.md reference with example PromQL queries

Security & Hardening

• Non-root container: Signatory Docker images now run as user signatory (UID 10000) instead of root (see Migration Notes) (#732)
• JWT hardening: Constant-time comparison for JWT authentication, mutex protection for the JWT credential map, and nil middleware guard when JWT is disabled (#729, #774)
• Dependency hygiene: Inlined AES Key Wrap (KWP) from the archived Google Tink module, removing the dependency (#770). Upgraded golang.org/x/net to v0.51.0 (GO-2026-4559) (#773)
• Panic removal: Replaced panic() calls in production code paths with proper error returns (#769)
• Defensive fixes: Guarded against nil dereference in GenerateToken and bare type assertion in watermark rejection metrics (#787)

Improvements

• Cloud KMS resilience: Configurable timeout and max_retries for Google Cloud KMS signing operations with exponential backoff (#728)
• KMS key discovery: Signatory now gracefully skips inaccessible, disabled, or permission-denied keys during AWS KMS and Google Cloud KMS vault iteration instead of failing entirely (#739)
• Public key listing: New signatory-cli list-keys support (#735)
• Ballot sub-kind validation: Fixed a regression where ballot:yay, ballot:nay, and ballot:pass were rejected in allow.generic policy configuration. Thanks to @vch9 for the initial fix. (#755, #768)
• Block round validation: Upgraded gotez to v2.4.3 to fix block round validation (#764)
• Nitro Enclave permissions: Replaced --privileged Docker flag with a scoped seccomp profile for VSock support (#736)

Portable Standalone Binaries

Release archive binaries are now built with zig cc targeting glibc 2.17+, making them portable across virtually all Linux distributions. This fixes the glibc 2.38 dependency in earlier builds that broke Amazon Linux 2023 and other older distributions. Unlike static linking, these binaries support dlopen, so PKCS11/CloudHSM works in standalone mode without Docker. (#777, #779)

Documentation

• Expanded Nitro Enclave page into a full deployment guide covering AWS infrastructure prerequisites, combined KMS + Nitro configuration examples, systemd service units, KMS key policy with PCR0 attestation, remote baker connectivity patterns, and a deployment verification checklist (#776)

Build & Dependencies

• Go 1.25 and GoReleaser v2 (#761)
• gotez v2.4.3 (#764)
• Removed Darwin and Linux/ARMv6 build targets. ARMv7 and ARM64 builds continue to ship; Raspberry Pi 2+ remains supported. (#763)
• CI workflow cleanup: concurrency controls, pinned third-party actions (#767)
• Bumped AWS SDK, GCP KMS, gRPC, and Google API dependencies (#786)

Migration Notes

Non-root container: The Docker image now runs as user signatory (UID 10000) instead of root. If you volume-mount directories for watermark files, configuration, or TLS certificates, ensure they are readable (and writable where needed) by UID/GID 10000. You can customize the UID/GID at build time with --build-arg UID=<uid> --build-arg GID=<gid>. The base image has also changed from debian:buster-slim to ubuntu:24.04. (#732)

Nitro Enclave users: If you run Signatory in Docker with VSock access, the recommended approach is now a scoped seccomp profile instead of --privileged. See the updated Nitro Enclave documentation for details. (#736)

No breaking API or configuration changes. Existing configurations continue to work without modification.

New Contributors

• @vch9 made their first contribution in #755

Docker

docker pull ecadlabs/signatory:v1.4.0
docker pull ecadlabs/signatory:latest

v1.4.0-rc.1

What's Changed

Portable standalone binaries

Release archive binaries are now built with zig cc targeting glibc 2.17+, making them portable across virtually all Linux distributions. This fixes the glibc 2.38 dependency in v1.4.0-rc.0 that broke Amazon Linux 2023 and other older distributions.

Unlike the static linking approach, these binaries are dynamically linked, so PKCS11/CloudHSM dlopen works in standalone mode. No need to use Docker just for CloudHSM support.

Build infrastructure

• Custom goreleaser-cross-zig build image with zig toolchain baked in (no runtime downloads)
• Migrate deprecated dockers/docker_manifests to dockers_v2
• Portable builds skipped during PR/snapshot CI to keep builds fast

Full Changelog: v1.4.0-rc.0...v1.4.0-rc.1

v1.4.0-rc.0

Observability

This release brings a significant overhaul to Signatory's metrics instrumentation:

• Sign handler metrics: New sign_handler_request_duration_milliseconds histogram and sign_handler_requests_total counter for the signing endpoint, labeled by address, status, and request type (#738)
• Watermark operation metrics: New watermark_check_duration_milliseconds histogram and counters for watermark check success/errors across file, DynamoDB, and Firestore backends (#737)
• Metrics correctness: Fixed signing_ops_total not incrementing for non-generic operations (block, attestation, preattestation, etc.) (#723). Fixed incorrect metric behavior on failed sign requests, including proper chain_id labeling and error-only counter increments on failures (#727)

Improvements

• Ballot sub-kind validation: Fixed a regression where ballot:yay, ballot:nay, and ballot:pass were rejected in allow.generic policy configuration, and added regression tests to prevent recurrence. Thanks to @vch9 for the initial fix and the related gotez reproposal signing issue (#755, #764, #768)
• Cloud KMS resilience: Added configurable timeout and max_retries for Google Cloud KMS signing operations with exponential backoff (#728)
• KMS key discovery: Signatory now gracefully skips inaccessible, disabled, or permission-denied keys during AWS KMS and Google Cloud KMS vault iteration instead of failing entirely (#739)
• Public key listing: New signatory-cli list-keys support for listing public keys (#735)
• Non-root container: Signatory Docker images now run as a non-root user (see Migration Notes) (#732)
• Nitro Enclave: Replaced --privileged Docker flag with a scoped seccomp profile for VSock support (#736)

Code Quality & Hardening

• Replaced panic() calls in production code paths with proper error returns (#769)
• Fixed missing return statements after errors in policy hook, added mutex for JWT credential map, and guarded against nil middleware when JWT is disabled (#774)
• Constant-time comparison for JWT authentication and related hardening (#729)
• Inlined AES Key Wrap (KWP) from the archived Google Tink module, removing the dependency (#770)

Build & Dependencies

• Go 1.25 and GoReleaser v2 (#761)
• gotez v2.4.3 (#764)
• Upgraded golang.org/x/net to v0.51.0 (GO-2026-4559) (#773)
• Bumped AWS SDK, GCP KMS, gRPC, and Google API dependencies
• Removed Darwin/ARM6 build target and cleaned up Dockerfiles (#763)

Migration Notes

Non-root container: The Docker image now runs as user signatory (UID 10000) instead of root. If you volume-mount directories for watermark files, configuration, or TLS certificates, ensure they are readable (and writable where needed) by UID/GID 10000. You can customize the UID/GID at build time with --build-arg UID=<uid> --build-arg GID=<gid> if needed. The base image has also changed from debian:buster-slim to ubuntu:24.04.

Nitro Enclave users: If you run Signatory in Docker with VSock access, the recommended approach is now a scoped seccomp profile instead of --privileged. See the updated Nitro Enclave documentation for details.

v1.4.0-beta.1

What's Changed

• Improve integration test developer experience by @jevonearth in #716
• Fix signing_ops_total metric not incrementing for non-generic operations by @jevonearth in #723
• Gotez v2.3.20 by @chunkitmax in #733
• Timing attack fix and JWT hardening by @chunkitmax in #729
• Fix #345: Run Signatory container as non-root user by @chunkitmax in #732
• three 3 incorrect metrics behaviours on failed sign request by @chunkitmax in #727
• add timeout and max retries configuration for Cloud KMS signing operations by @chunkitmax in #728
• Doc update by @chunkitmax in #734
• Gotez v2.3.21 by @chunkitmax in #747
• List pub keys by @chunkitmax in #735
• Nitro vsock permission by @chunkitmax in #736
• implement Prometheus metrics for watermark operations by @chunkitmax in #737
• Kms skip inaccessible by @chunkitmax in #739
• Update website dependencies by @jevonearth in #759
• fix: allow ballot sub-kinds (yay/nay/pass) in operation kind validation by @vch9 in #755
• Upgrade to Go 1.25, GoReleaser v2, bump deps by @jevonearth in #761
• Dockerfile cleanup + remove Darwin/ARM6 build targets by @jevonearth in #763
• Fix website dependency vulnerabilities, skip CI for website-only changes by @jevonearth in #765
• CI workflow cleanup: concurrency, third-party actions, minor inconsistencies by @jevonearth in #767
• fix: upgrade gotez/v2 to v2.4.3 to fix block round validation by @jevonearth in #764
• fix: PR 755 follow-up regression test and code quality by @jevonearth in #768

New Contributors

• @vch9 made their first contribution in #755

Full Changelog: v1.3.1-rc1...v1.4.0-beta.1

v1.3.1 Ready for Tallinn 🇪🇪

Protocol Support

Tallinn Protocol: Added support for the Tallinn protocol upgrade via gotez v2.3.14+. This includes updated operation interfaces and protocol constants. (#698)

New Features

Request and Operation Kind Validation: Signatory now performs stricter validation of sign requests and operation kinds. Invalid or unrecognized operation types in requests are now rejected with clear error messages. This provides better security and clearer feedback when misconfigured clients attempt to sign unsupported operations. (#657)

BLS Proof of Possession Control: New allow_proof_of_possession policy flag to explicitly control whether BLS proof-of-possession signing is permitted for tz4 keys. The PoP status is now displayed in key listing logs for better visibility. (#667)

AllowedChains Policy: New allowed_chains configuration option to restrict signing to specific Tezos chain IDs. This allows operators to prevent keys from being used on unintended networks (e.g., ensuring mainnet keys cannot sign testnet operations). Requests without a chain ID are permitted by default for backward compatibility. (#693)

Improvements

ECDSA Signature Canonization: Implemented low-S normalization for ECDSA signatures in Azure and AWS KMS vaults. This ensures signature malleability protection and consistent signature formats across all vault backends. (#702, gotez v2.3.17)

PACK Data Signing: Gotez v2.3.15 now properly handles PACK data as a sign request, enabling signing of packed Michelson data. (#703)

Generic Operation Filtering: The generic sign request endpoint now explicitly filters to only allow operations that are valid under the generic request type, providing clearer boundaries for operation validation. (gotez v2.3.19)

Bug Fixes

JWT Authentication Fallback: Fixed a bug where Authenticate() could return an error even when the fallback parse succeeded, which affected credential rotation scenarios. (#710, #711, #713)

Security Updates

JWT Library Upgrade (CVE-2024-51744): Upgraded the JWT authentication library from v3 to v5 to address a security vulnerability. (#713)

Documentation Updates

New Documentation:

• [DAL & BLS Attestations Guide](https://signatory.io/docs/dal_bls_attestations): Comprehensive guide explaining how DAL attestations work with BLS keys, including the differences between tz4 and non-BLS key encoding
• [Glossary](https://signatory.io/docs/glossary): New reference explaining magic bytes, operation tags, and request kinds

Documentation Fixes:

• Fixed incomplete AWS KMS configuration example in start.md
• Fixed POP companion key example to use correct 'attestation' permission for tz4 keys
• Fixed YubiHSM SDK version typo (2012.12 → 2021.12)
• Various grammatical and consistency fixes (#697)

Dependencies

• gotez: v2.3.13 → v2.3.19 (Tallinn protocol, signature canonization, PACK data handling, operation filtering)
• JWT library: v3 → v5 (security fix)
• AWS SDK: Updated to latest versions
• Google Cloud SDK: firestore v1.20.0, kms v1.24.0
• HashiCorp Vault API: v1.22.0

Testing and Quality

• Added Tallinn protocol integration tests (#701)
• Added AWS Nitro Enclave integration test (#658)
• Improved AWS KMS tz2 signing tests with multiple iterations (#702)
• Added BLS proof of possession integration tests (#667)
• Enhanced integration test infrastructure with better error reporting

Migration Notes

No Breaking Changes: Existing configurations continue to work. The new validation and policy features are opt-in.

Recommended Actions:

• Review your policy configuration if you want to use the new allowed_chains or allow_proof_of_possession features
• If you use JWT authentication with credential rotation, this release fixes a bug that may have caused authentication failures during rotation

What's Next

We're continuing to improve Signatory for enterprise and institutional operators:

• Enhanced Observability: Improved metrics and logging for better operational visibility and monitoring integration
• CloudHSM Backend for Nitro Enclave Signer: Adding AWS CloudHSM support as a key storage backend for the Nitro Enclave signer, providing FIPS 140-2 Level 3 certified hardware security (#724)
• Audit Readiness Enhancements: Signatory is already built with auditability in mind; we're adding features to make compliance workflows even smoother, including improved audit logging and documentation for SOC 2 control mapping

v1.3.1-rc1

Protocol Support

Tallinn Protocol: Added support for the upcoming Tallinn protocol upgrade via gotez v2.3.14+. This includes updated operation interfaces and protocol constants. (#698)

New Features

Request and Operation Kind Validation: Signatory now performs stricter validation of sign requests and operation kinds. Invalid or unrecognized operation types in requests are now rejected with clear error messages. This provides better security and clearer feedback when misconfigured clients attempt to sign unsupported operations. (#657)

BLS Proof of Possession Control: New allow_proof_of_possession policy flag to explicitly control whether BLS proof-of-possession signing is permitted for tz4 keys. The PoP status is now displayed in key listing logs for better visibility. (#667)

AllowedChains Policy: New allowed_chains configuration option to restrict signing to specific Tezos chain IDs. This allows operators to prevent keys from being used on unintended networks (e.g., ensuring mainnet keys cannot sign testnet operations). Requests without a chain ID are permitted by default for backward compatibility. (#693)

Improvements

ECDSA Signature Canonization: Implemented low-S normalization for ECDSA signatures in Azure and AWS KMS vaults. This ensures signature malleability protection and consistent signature formats across all vault backends. (#702, gotez v2.3.17)

PACK Data Signing: Gotez v2.3.15 now properly handles PACK data as a sign request, enabling signing of packed Michelson data. (#703)

Generic Operation Filtering: The generic sign request endpoint now explicitly filters to only allow operations that are valid under the generic request type, providing clearer boundaries for operation validation. (gotez v2.3.19)

Bug Fixes

JWT Authentication Fallback: Fixed a bug where Authenticate() could return an error even when the fallback parse succeeded, which affected credential rotation scenarios. (#710, #711, #713)

Security Updates

JWT Library Upgrade (CVE-2024-51744): Upgraded the JWT authentication library from v3 to v5 to address a security vulnerability. (#713)

Documentation Updates

New Documentation:

• DAL & BLS Attestations Guide: Comprehensive guide explaining how DAL attestations work with BLS keys, including the differences between tz4 and non-BLS key encoding
• Glossary: New reference explaining magic bytes, operation tags, and request kinds

Documentation Fixes:

• Fixed incomplete AWS KMS configuration example in start.md
• Fixed POP companion key example to use correct 'attestation' permission for tz4 keys
• Fixed YubiHSM SDK version typo (2012.12 → 2021.12)
• Various grammatical and consistency fixes (#697)

Dependencies

• gotez: v2.3.13 → v2.3.19 (Tallinn protocol, signature canonization, PACK data handling, operation filtering)
• JWT library: v3 → v5 (security fix)
• AWS SDK: Updated to latest versions
• Google Cloud SDK: firestore v1.20.0, kms v1.24.0
• HashiCorp Vault API: v1.22.0

Testing and Quality

• Added Tallinn protocol integration tests (#701)
• Added AWS Nitro Enclave integration test (#658)
• Improved AWS KMS tz2 signing tests with multiple iterations (#702)
• Added BLS proof of possession integration tests (#667)
• Enhanced integration test infrastructure with better error reporting

Migration Notes

No Breaking Changes: Existing configurations continue to work. The new validation and policy features are opt-in.

Recommended Actions:

• Review your policy configuration if you want to use the new allowed_chains or allow_proof_of_possession features
• If you use JWT authentication with credential rotation, this release fixes a bug that may have caused authentication failures during rotation

What's Next

We're continuing to improve Signatory for enterprise and institutional operators:

• Enhanced Observability: Improved metrics and logging for better operational visibility and monitoring integration
• CloudHSM Backend for Nitro Enclave Signer: Adding AWS CloudHSM support as a key storage backend for the Nitro Enclave signer, providing FIPS 140-2 Level 3 certified hardware security (#724)
• Audit Readiness Enhancements: Signatory is already built with auditability in mind—we're adding features to make compliance workflows even smoother, including improved audit logging and documentation for SOC 2 control mapping

---

This release candidate includes Tallinn protocol support, new policy controls for enhanced operational security, and continued improvements for enterprise deployments. Please test thoroughly and report any issues.

v1.3.1-beta.2

Changelog

• 442501b Fix JWT authentication fallback bug and upgrade to v5 (#713)
• e6710a8 Gotez v2.3.15 handles PACK data as a sign request (#703)
• 53e99d9 Gotez v2.3.18 (#709)
• 2bc79dc Gotez v2.3.19 (#715)
• 18557cb Tallinn integration test (#701)
• e44fd3b chore(website): update dependencies (#712)
• 909a13e multiple iterations for transfer operations with aws kms vault in integration tests (#702)

v1.3.1-beta.1

Changelog

• 8269755 BLS proof of possession control (#667)
• 32a2b48 Request and operation kind validation (#657)
• 344ab1e Tallinn protocol (#698)
• 342efa4 Update README.md (#668)
• 757fd9f add nitro enclave integration test (#658)
• fe1279a chore(website): update all Docusaurus dependencies (#699)
• 9c9269c feat: add AllowedChains to policy (#693)
• ce9415a update attribute-condition of WIP and add caution note for security risks in doc (#645)

v1.3.0 - Ready for the Seoul Train

Major New Features

Cloud Trusted Execution Environment (TEE) Backends (Beta)

AWS Nitro Enclave Backend: Signatory now supports secure key operations inside AWS Nitro Enclaves via VSock communication with the signatory-io/tee-signer component. Keys are handled inside the enclave and sealed using AWS KMS, with no persistent storage in the enclave itself. See Nitro Enclave Backend for detailed setup instructions.

Google Confidential Space Backend: New backend for secure key operations in Google Cloud Confidential Space environments. Provides hardware-based memory encryption and integrity verification for enhanced security. See Confidential Space Backend and Confidential Space Setup for configuration details.

Beta Status: Both Nitro Enclave and Google Confidential Space backends are considered beta features. While we encourage operators to test these features, please exercise caution and report any issues. For support and feedback, please contact frontdesk@ecadlabs.com. We operate under a mutual "pre-NDA" basis for such inquiries.

Protocol Seoul Support

Operation Naming Updates: Updated operation interfaces and policy mapping for Protocol Seoul:

• preendorsement → preattestation
• endorsement → attestation
• Corresponding double-evidence kinds updated

Versioned Signing: Introduced versioned signing to accommodate protocol-era message formats for tz4/BLS workflows.

DAL Attestation Support: Added support for attestation_with_dal operation type for Data Availability Layer attestations.

DAL Node Users: If you are running a DAL node in your baking setup, you must add attestation_with_dal to the allow: block in your Signatory configuration to participate in DAL attestations and earn additional rewards. See the DAL section in Baking with DAL (Data Availability Layer) for configuration details.

Enhanced Watermark Management

Google Firestore Watermark Backend: New distributed watermark tracking backend for GCP high-availability deployments. Provides reliable watermark persistence across multiple Signatory instances. See GCP Firestore Watermark for configuration details.

DynamoDB Watermark Backend: Continues to be available for AWS deployments with improved reliability.

API Enhancements

BLS Proof of Possession: New GET /bls_prove_possession/{key} endpoint to obtain tz4/BLS proof-of-possession signatures.

Versioned Key Signing: POST /keys/{key} now supports ?version= parameter to select signing version for protocol-specific message formats.

CLI Improvements

Key Generation: New signatory-cli generate command to generate keys on supported backends with options:

• --vault: Specify vault backend
• --type: Key algorithm (tz1 (ed25519), tz2 (secp256k1), tz3 (p256), tz4 (bls))
• --num: Number of keys to generate

Enhanced Import: Improved signatory-cli import command with:

• Support for Base58 secrets and PKCS#8 PEM formats
• Multiple key import capability
• Improved passphrase handling

Documentation Updates

New Documentation:

• Nitro Enclave Backend: AWS Nitro Enclave backend setup and configuration
• Confidential Space Backend: Google Confidential Space backend overview
• Confidential Space Setup: Detailed setup guide for Confidential Space
• GCP Firestore Watermark: Google Firestore watermark backend configuration

Updated Documentation:

• Tezos Baking Guide: Improved diagrams, agnostic commands, and enhanced content
• Ledger Backend: Nano S EOL notice, NVRAM wear information, and watermark notes
• Watermarks: Updated with Firestore backend information

Bug Fixes

• Fixed list-requests command crash issue
• Improved integration test stability with enhanced sandbox environment
• Enhanced operation-kind tests with second node for manual baking scenarios

Deprecation Warnings

Configuration Deprecation: Added warnings for deprecated configuration options:

• endorsement should be replaced with attestation
• preendorsement should be replaced with preattestation

These warnings help operators prepare for Protocol Seoul while maintaining backward compatibility.

Dependencies

All dependencies have been updated to their latest versions, including signatory/gotez to v2.3.13 for latest protocol interfaces and new cloud service SDKs for enhanced TEE support.

Testing and Quality

• Enhanced integration test suite with improved stability
• Added comprehensive test coverage for new backends
• Migrated legacy watermark tests to new integration suite
• Improved operation-kind tests with multi-node sandbox environment

Migration Notes

No Breaking Changes: This release maintains backward compatibility with existing tz1, tz2, and tz3 operations. Existing deployments will continue to work without modification.

Protocol Preparation: This release prepares Signatory for Tezos Protocol Seoul and its aggregated attestations feature.

Beta Features: Nitro Enclave, Confidential Space, and Firestore watermark backends are marked as beta and will be promoted to general availability in future releases.

Related Projects

• signatory-io/tee-signer: Required component for both AWS Nitro Enclave and Google Confidential Space backend operations
• ecadlabs/gotez: Updated to latest version for Protocol Seoul support

---

---

This release represents a significant milestone in Signatory's evolution, introducing cloud TEE capabilities while maintaining the reliability and security that operators expect.

Signatory development is partly funded by the Tezos Foundation.

v1.3.0-rc2

Changes since v1.3.0-rc1

• Updated Go dependencies.

See v1.3.0-rc2 Release Notes for full details of release.