mosip · nagendra0721 · May 12, 2026 · Jun 2, 2026 · Jan 30, 2026 · Jan 30, 2026
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
-[![Maven Package upon a push](https://github.com/mosip/keymanager/actions/workflows/push_trigger.yml/badge.svg?branch=develop)](https://github.com/mosip/keymanager/actions/workflows/push_trigger.yml)
-[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?branch=develop&project=mosip_keymanager&metric=alert_status)](https://sonarcloud.io/dashboard?branch=develop&id=mosip_keymanager)
+[![Maven Package upon a push](https://github.com/mosip/keymanager/actions/workflows/push-trigger.yml/badge.svg?branch=release-1.4.x)](https://github.com/mosip/keymanager/actions/workflows/push-trigger.yml)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?branch=release-1.4.x&project=mosip_keymanager&metric=alert_status)](https://sonarcloud.io/dashboard?branch=release-1.4.x&id=mosip_keymanager)
 
 # Key Manager
 
@@ -17,7 +17,7 @@ Reference: [Key Manager](https://docs.mosip.io/1.2.0/id-lifecycle-management/sup
 - **Key Hierarchy**: Manages Root, Module, and Encryption/Decryption keys.
 
 ## Services
-- **kernel-keymanager-service**: Core microservice that exposes REST APIs. 
+- **kernel-keymanager-service**: Core microservice that exposes REST APIs.
 - **keys-generator**: Utility job used to generate the initial set of cryptographic keys required by MOSIP.
 - **keys-migrator**: Utility tool used to securely migrate cryptographic keys between HSMs.
 
@@ -32,11 +32,11 @@ There are two ways to set up the Key Manager service locally:
 - JDK 21 or higher
 - Maven 3.9.x
 - PostgreSQL 10 or higher
-- SoftHSM or a compatible HSM
+- SoftHSM, HSM, PKCS12(.p12) file or JCE
 - Docker (for Docker-based setup)
 
 ## Database Setup
-The Key Manager service requires a PostgreSQL database to store its data. 
+The Key Manager service requires a PostgreSQL database to store its data.
 Follow the steps below to set up the database:
 
 **Clone the Repository**
@@ -54,13 +54,13 @@ Follow the steps below to set up the database:
    ```
 
 **Option 2: Manual Setup**
-1. Create a database 
-Log into postgresql and create a database for the Key Manager service.
+1. Create a database
+   Log into postgresql and create a database for the Key Manager service.
 ```sql
 CREATE DATABASE mosip_keymgr;
 ```
-2. Create a schema 
-Log into postgresql and create a schema for the Key Manager service.
+2. Create a schema
+   Log into postgresql and create a schema for the Key Manager service.
 ```sql
 CREATE SCHEMA keymgr;
 ```
@@ -110,8 +110,8 @@ The service configuration can be found in `kernel/kernel-keymanager-service/src/
 
 4. **Verify and Interact**
    Once the service is up and running, you can explore the APIs:
-   - **Swagger UI**: Access the interactive API documentation at [http://localhost:8088/v1/keymanager/swagger-ui/index.html#/](http://localhost:8088/v1/keymanager/swagger-ui/index.html#/)
-   - **Postman**: You can also import the collection and test the APIs using [Postman](https://www.postman.com/).
+    - **Swagger UI**: Access the interactive API documentation at [http://localhost:8088/v1/keymanager/swagger-ui/index.html#/](http://localhost:8088/v1/keymanager/swagger-ui/index.html#/)
+    - **Postman**: You can also import the collection and test the APIs using [Postman](https://www.postman.com/).
 
 > **Note**: Keymanager relies on standard OAuth2/OIDC bearer token authentication. You may use MOSIP Auth Adaptor or any compatible OAuth2/OIDC provider to secure the REST APIs.
 
@@ -138,10 +138,10 @@ The service configuration can be found in `kernel/kernel-keymanager-service/src/
 Scripts for deployment are available in the `deploy` directory.
 ### Pre-requisites
 * Set KUBECONFIG variable to point to existing K8 cluster kubeconfig file:
-  * ```
+    * ```
     export KUBECONFIG=~/.kube/<my-cluster.config>
     ```
-    
+
 ### Install
   ```
     $ cd deploy

diff --git a/db_scripts/mosip_keymgr/ddl/keymgr-ca_cert_store.sql b/db_scripts/mosip_keymgr/ddl/keymgr-ca_cert_store.sql
@@ -63,4 +63,11 @@ COMMENT ON COLUMN keymgr.ca_cert_store.is_deleted IS 'IS_Deleted : Flag to mark
 COMMENT ON COLUMN keymgr.ca_cert_store.del_dtimes IS 'Deleted DateTimestamp : Date and Timestamp when the record is soft deleted with is_deleted=TRUE';
 -- ddl-end --
 COMMENT ON COLUMN keymgr.ca_cert_store.ca_cert_type IS 'CA Certificate Type : Indicates if the certificate is a ROOT or INTERMEDIATE CA certificate';
--- ddl-end --
+-- ddl-end --
+
+--PERFORMANCE INDEXES--
+CREATE INDEX IF NOT EXISTS idx_ca_cert_store_cr_dtimes ON keymgr.ca_cert_store USING btree (cr_dtimes);
+CREATE INDEX IF NOT EXISTS idx_ca_cert_store_del_dtimes ON keymgr.ca_cert_store USING btree (del_dtimes);
+CREATE INDEX IF NOT EXISTS idx_ca_cert_store_upd_dtimes ON keymgr.ca_cert_store USING btree (upd_dtimes);
+CREATE INDEX IF NOT EXISTS idx_ca_cert_times ON keymgr.ca_cert_store USING btree (cr_dtimes, upd_dtimes, del_dtimes);
+--END PERFORMANCE INDEXES--
diff --git a/db_upgrade_scripts/mosip_keymgr/sql/1.2.0.1_to_1.2.1.0_rollback.sql b/db_upgrade_scripts/mosip_keymgr/sql/1.2.0.1_to_1.2.1.0_rollback.sql
@@ -0,0 +1 @@
+\echo 'Upgrade Queries not required for transition from $CURRENT_VERSION to $UPGRADE_VERSION'
diff --git a/db_upgrade_scripts/mosip_keymgr/sql/1.2.0.1_to_1.2.1.0_upgrade.sql b/db_upgrade_scripts/mosip_keymgr/sql/1.2.0.1_to_1.2.1.0_upgrade.sql
@@ -0,0 +1 @@
+\echo 'Upgrade Queries not required for transition from $CURRENT_VERSION to $UPGRADE_VERSION'
diff --git a/db_upgrade_scripts/mosip_keymgr/sql/1.2.1.0_to_1.3.0_rollback.sql b/db_upgrade_scripts/mosip_keymgr/sql/1.2.1.0_to_1.3.0_rollback.sql
@@ -0,0 +1,15 @@
+-- Below script required to rollback from 1.3.0 to 1.3.0-B4
+\c mosip_keymgr
+
+COMMENT ON COLUMN keymgr.ca_cert_store.ca_cert_type
+    IS NULL;
+
+-- Drop the ca_cert_type column (if it exists)
+ALTER TABLE IF EXISTS keymgr.ca_cert_store
+    DROP COLUMN IF EXISTS ca_cert_type;
+
+-- ROLLBACK FOR PERFORMANCE OPTIMIZATION INDEXES
+DROP INDEX IF EXISTS keymgr.idx_ca_cert_store_cr_dtimes;
+DROP INDEX IF EXISTS keymgr.idx_ca_cert_store_del_dtimes;
+DROP INDEX IF EXISTS keymgr.idx_ca_cert_store_upd_dtimes;
+DROP INDEX IF EXISTS keymgr.idx_ca_cert_times;
diff --git a/db_upgrade_scripts/mosip_keymgr/sql/1.2.1.0_to_1.3.0_upgrade.sql b/db_upgrade_scripts/mosip_keymgr/sql/1.2.1.0_to_1.3.0_upgrade.sql
@@ -0,0 +1,16 @@
+-- Below script required to upgrade from 1.3.0-B4 to 1.3.0
+\c mosip_keymgr
+
+ALTER TABLE IF EXISTS keymgr.ca_cert_store
+    ADD COLUMN ca_cert_type character varying(25);
+
+COMMENT ON COLUMN keymgr.ca_cert_store.ca_cert_type
+    IS 'CA_Certificate Type: Specifies the type of CA_Certificate e.g., Root, Intermediate';
+
+
+--PERFORMANCE INDEXES--
+CREATE INDEX IF NOT EXISTS idx_ca_cert_store_cr_dtimes ON keymgr.ca_cert_store USING btree (cr_dtimes);
+CREATE INDEX IF NOT EXISTS idx_ca_cert_store_del_dtimes ON keymgr.ca_cert_store USING btree (del_dtimes);
+CREATE INDEX IF NOT EXISTS idx_ca_cert_store_upd_dtimes ON keymgr.ca_cert_store USING btree (upd_dtimes);
+CREATE INDEX IF NOT EXISTS idx_ca_cert_times ON keymgr.ca_cert_store USING btree (cr_dtimes, upd_dtimes, del_dtimes);
+--END PERFORMANCE INDEXES--
diff --git a/db_upgrade_scripts/mosip_keymgr/sql/1.3.0_to_1.4.0_rollback.sql b/db_upgrade_scripts/mosip_keymgr/sql/1.3.0_to_1.4.0_rollback.sql
@@ -0,0 +1 @@
+\echo 'Upgrade Queries not required for transition from $CURRENT_VERSION to $UPGRADE_VERSION'
diff --git a/db_upgrade_scripts/mosip_keymgr/sql/1.3.0_to_1.4.0_upgrade.sql b/db_upgrade_scripts/mosip_keymgr/sql/1.3.0_to_1.4.0_upgrade.sql
@@ -0,0 +1 @@
+\echo 'Upgrade Queries not required for transition from $CURRENT_VERSION to $UPGRADE_VERSION'
diff --git a/db_upgrade_scripts/mosip_keymgr/sql/1.4.0_to_1.4.1_rollback.sql b/db_upgrade_scripts/mosip_keymgr/sql/1.4.0_to_1.4.1_rollback.sql
@@ -0,0 +1 @@
+\echo 'Rollback Queries not required for transition from $CURRENT_VERSION to $UPGRADE_VERSION'
diff --git a/db_upgrade_scripts/mosip_keymgr/sql/1.4.0_to_1.4.1_upgrade.sql b/db_upgrade_scripts/mosip_keymgr/sql/1.4.0_to_1.4.1_upgrade.sql
@@ -0,0 +1 @@
+\echo 'Upgrade Queries not required for transition from $CURRENT_VERSION to $UPGRADE_VERSION'
diff --git a/db_upgrade_scripts/mosip_keymgr/sql/ca_cert_table_update.sql b/db_upgrade_scripts/mosip_keymgr/sql/ca_cert_table_update.sql
diff --git a/deploy/key-migration-utility/install.sh b/deploy/key-migration-utility/install.sh
@@ -7,7 +7,7 @@ if [ $# -ge 1 ] ; then
 fi
 
 NS=key-migration-utility
-CHART_VERSION=0.0.1-develop
+CHART_VERSION=1.4.1-rc.1
 
 echo Creating $NS namespace
 kubectl create ns $NS

diff --git a/deploy/keymanager/install.sh b/deploy/keymanager/install.sh
@@ -7,7 +7,7 @@ if [ $# -ge 1 ] ; then
 fi
 
 NS=keymanager
-CHART_VERSION=0.0.1-develop
+CHART_VERSION=1.4.1-rc.1
 
 echo Creating $NS namespace
 kubectl create ns $NS

diff --git a/deploy/softhsm/install.sh b/deploy/softhsm/install.sh
@@ -8,7 +8,7 @@ if [ $# -ge 1 ] ; then
 fi
 
 NS=softhsm
-CHART_VERSION=0.0.1-develop
+CHART_VERSION=1.4.1-rc.1
 
 echo Create $NS namespaces
 kubectl create ns $NS

diff --git a/helm/key-migration-utility/Chart.yaml b/helm/key-migration-utility/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: key-migration-utility
 description: A Helm chart to migrate keys from any keystore type to any other supported format.
 type: application
-version: 0.0.1-develop
+version: 1.4.1-rc.1
 appVersion: ""
 dependencies:
   - name: common
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		\echo 'Upgrade Queries not required for transition from $CURRENT_VERSION to $UPGRADE_VERSION'
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		\echo 'Upgrade Queries not required for transition from $CURRENT_VERSION to $UPGRADE_VERSION'
Comment thread nagendra0721 marked this conversation as resolved.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		\echo 'Rollback Queries not required for transition from $CURRENT_VERSION to $UPGRADE_VERSION'