VaultPilot 2.0.0
VaultPilot 2.0.0 is the current public release for the self-hosted Windows Server vault. It moves the public product identity from PassMan to VaultPilot while preserving the compatibility aliases that existing installations may still rely on.
Release date: 2026-06-30
What changed
- VaultPilot is now the public product and release name across the console, docs, release assets, update manifest and operator-facing language.
- PassMan remains a legacy compatibility alias for older service names, data paths, environment variables, cookies, headers, extension protocol strings, update aliases and rollback decisions.
- The Overview screen now works as an operator cockpit for security posture, recommendations, breach status, server readiness, operational state, record distribution, update signals, access trend, maintenance and recent activity.
- Server System groups log rotation, retention, diagnostics, public host, port, HTTPS certificate state, restart guidance and non-destructive maintenance boundaries in one place.
- License screens explain plan, capacity, trial/licensed state, write state, expiry/renewal risk and module availability in operator language.
- Extension, offline share decrypter and DC Agent packages use VaultPilot naming while preserving compatibility behavior where older deployments need it.
Compatibility
New installs should use VaultPilotServer, VaultPilot Server, C:\ProgramData\VaultPilot, VAULTPILOT_*, vaultpilot-update.json and VaultPilot package names.
Existing installs may still rely on PassManServer, PassMan Server, C:\ProgramData\PassMan, PASSMAN_*, passman_session, x-passman-request, passman-update.json and legacy package names. Those names remain available for migration, rollback and old-client compatibility.
Security and trust
- Zero-knowledge boundaries are unchanged. Vault keys, master-derived keys, plaintext secrets, API keys, private keys and master passwords are not persisted or logged.
- Server API payload validation, RBAC checks, CSRF header expectations, extension pairing and signed update manifest verification remain active.
- Browser extension decrypted vault snapshots stay in runtime memory only. Background-worker restart or suspension locks the extension again.
- Diagnostics remain redacted and non-destructive. The console does not clear logs, caches, browser history, databases, update jobs or customer data.
Published assets
Verify asset names, file sizes and SHA-256 values before internal redistribution.
| Asset | Size | SHA-256 |
|---|---|---|
VaultPilot-2.0.0-x64.msi |
66,118,490 | c3c3189572fc5936f30e0f14e5d12b2ed4702e3db0efd32a1c8d2eba65b67842 |
vaultpilot-update.json |
1,430 | a6610b266c4a3bee2d689615e5f1b2bccf15067af3d8c0094832b10d67fb9351 |
vaultpilot-browser-vault-extension.zip |
181,103 | 7f95df52d796c8bb73196569dc77cfc220aadd7e971ca323825d505e947c02aa |
vaultpilot-extension-update.json |
257 | de3b30a3cdc2a58188d6421f96d8e164ead5406ebbee614e1569ac20eec69f55 |
vaultpilot-share-decrypter.zip |
102,632 | b6cd0cdc8cd2bd670348fca2587f7ad6d54604d2fa3c9d159e6a35c15301ed8a |
vaultpilot-share-decrypter.json |
219 | 7dca1ad23057223a221eaa0058b6ae8a5dfa4d12cbbcdf73b4249545cd34211b |
vaultpilot-dc-agent.ps1 |
98,891 | de8c4df43ff69b9a277e2cfaf4cb14f553512cf13b318eec45b725db1113e0fc |
vaultpilot-dc-agent.json |
212 | 9082376283457eeddbffd3aee8d4e6ed1b46674d498d027467a9eff6308f7f4e |
Operator checklist
- Take a server backup before production update.
- Download the MSI and manifest from this GitHub Release.
- Confirm the manifest, SHA-256 values, MSI signer evidence and asset list.
- Run the MSI as Administrator on the Windows server.
- After upgrade, verify the Windows service, data directory, Update Center state, extension pairing, active sessions, audit retention, license state and Server System diagnostics.
- If rollback is required, use a previously verified signed release package and the retained PassMan compatibility aliases. Do not manually edit ProgramData folders as a rollback method.
Documentation
- Repository home: https://github.com/ucsahinn/vaultpilot
- Release asset verification: https://github.com/ucsahinn/vaultpilot/blob/main/docs/en/release-asset-verification.md
- Turkish documentation: https://github.com/ucsahinn/vaultpilot/blob/main/docs/tr/README.md
- Security policy: https://github.com/ucsahinn/vaultpilot/blob/main/SECURITY.md