Context
Change Type: API change
Product area: Platform services
Component: REST API
Deployed at: eu.latest.cumulocity.com, apj.cumulocity.com, jp.cumulocity.com, cumulocity.com, us.cumulocity.com, emea.cumulocity.com
Technical details
Build artifact: cumulocity (2025.376.0)
Internal ID: MTM-63640
Description
With this change, the secure-tenant-options feature is enabled by default.
As previously announced, this security feature restricts the decryption of encrypted tenant options with the credentials. prefix. These options can only be decrypted by system users (such as bootstrap or microservice users) if they own the options.
Ownership is determined based on the category of the tenant option, in the following priority:
- The
settingsCategorydefined in the microservice manifest. - The microservice’s context path.
- The microservice name.
Important
This change enforces the security model announced earlier in 2025. Microservices attempting to decryptcredentials.*options in categories not owned by them will receive static<<Encrypted>>values.
We recommend verifying microservices to ensure they are correctly aligned with their owned option categories and do not rely on accessing external credentials.