Skip to main content

Release Notes for Styra DAS On-Premises 0.3.2

The Styra DAS On-premises 0.3.2 was released on April 3, 2020.

Release Summary

Styra DAS On-premises 0.3.2 delivers the binaries, new features and enhancements, known issues and solutions.


The following shows the location for Styra DAS On-premises 0.3.2.

  • Location: s3://styra-release/releases/0.3.2/on-premises.tar.gz.
  • AWS Link: aws s3 presign s3://styra-release/releases/0.3.2/on-premises.tar.gz --expires-in 604000.

Make sure Signature Version 4 is on, otherwise make expiration will be one hour long. You can set s3 to use sigv4 by default in the cli using aws configure set default.s3.signature_version s3v4, see

New Features and Enhancements

This section describes the New Features and Enhancements that focus on Command Line Interface (CLI), Identity and Access Management (IAM), Integration, Secret, Security, and Systems.

Command Line Interface (CLI)

  • Improve the CLI check validation. This feature enables debug logging, ideally HTTP or GRPC request logging. You can configure the token and endpoint for the CLI with environment variables (ENV), instead of writing a configuration file.

Identity and Access Management (IAM)

  • Added support for custom Scopes for OpenID Connect for Single Sign On (SSO). For more information, you can refer to the SSO documentation.


  • Add a storage option to export the decision logs to S3 bucket.

Postgres Secret

  • Move PostgreSQL on-premises password to a secret: This feature allows you to load and store PostgreSQL connection credentials to a Kubernetes secret.


  • Remove curl and shell from on-premises image. This feature improves the security and prevent users from executing arbitrary commands within the container.


  • The API exposes additional configuration parameters during system creation in the UI. This features adds options to configure timeout, and failure policy in the system creation dialog.

Known Issues

  • SSO scope configurations might need a call back to get the email for the identity provider.
  • Using external Elasticsearch service might need an extra --sniff parameter.