Release Notes

The following lists new features, resolved issues, and known limitations for new versions of YubiEnroll.

2025

Release 1.1.1 (9 July)

Resolved Issues

  • Reauthenticate if corrupt tokens.json : YubiEnroll stores encrypted API tokens to maintain the login state. If the encryption key changes or the file gets corrupted, the tool can no longer access the contents. This version introduces improved error handling for these scenarios, and the YubiEnroll CLI will now ask for re-authentication in case of a non-decryptable tokens.json file.
  • NFC error with some readers: Enrolling a YubiKey over NFC on Windows could occasionally fail during the initial connection phase over NFC, especially if the key has not already been placed on the reader when the enrollment began. This version improves the NFC handling for greater reliability and robustness.

Release 1.1.0 (23 April)

New Features & Enhancements

  • Enhanced language and messaging for improved clarity and usability.
  • Added support for listing available NFC readers for YubiKey/Security Key connections.
  • Added new enrollment profile option to set random PIN length independently of minimum PIN length, enabling configuration on pre-5.7 keys.
  • Introduced a new --force flag that can be used with yubienroll credentials add, yubienroll credentials delete, yubienroll profiles delete and yubienroll providers delete commands to enhance scripting support for YubiEnroll.
  • Enhanced search for Okta providers to include “username”, “firstName”, “lastName”, and “email”; added “email” field to the users command output. For more information, see Searching for Users.
  • The provider show command now indicates whether a provider is currently active.
  • Base URLs for MS Entra ID and Graph are now optionally configurable to support scenarios like government tenants. For more information, see Adding the Entra ID Provider.
  • Added a new option to require Enterprise Attestation.

Resolved Issues

  • Resolved an issue causing an error when attempting to delete a profile with no providers configured.

2024

Release 1.0.0 (18 December)

First release of YubiEnroll.

Features Included

  • Command line tool (CLI) for Windows.
  • Enabling of enrollment of FIDO credential on behalf of an end user.
  • Support for all YubiKey and Security Key form factors.
  • Setting and managing of PINs.
  • Configuration options include forced PIN changes, minimum PIN length, and user verification.
  • Factory reset of YubiKeys and Security Keys.
  • Support for connecting via NFC or USB.
  • Support for identity providers Okta and Microsoft Entra ID.