Vault 1.16.1 release notes
GA date: 2024-04-04
Release notes provide an at-a-glance summary of key updates to new versions of Vault. For a comprehensive list of product updates, improvements, and bug fixes refer to the changelog included with the Vault code on GitHub.
We encourage you to upgrade to the latest release of Vault to take advantage of continuing improvements, critical fixes, and new features.
Important changes
Vault companion updates
Companion updates are Vault updates that live outside the main Vault binary.
Release | Update | Description |
---|---|---|
Vault Secrets Operator (v0.5) | ENHANCED | Use templating to format, transform, and decode secrets before syncing to Kubernetes secret. Learn more: Secret data transformation |
Core updates
Follow the learn more links for more information, or browse the list of Vault tutorials updated to highlight changes for the most recent GA release.
Release | Update | Description |
---|---|---|
Endpoint hardening | ENHANCED | Minimize network exposure by selectively redacting select fields like IP addresses, cluster names, and Vault version from the HTTP responses of your Vault server. Learn more: redact_addresses parameter |
External plugins | GA | Run external plugins in their own container with native container platform controls. Learn more: Containerize Vault plugins |
Enterprise updates
Release | Update | Description |
---|---|---|
Long-term support | GA | Reduce risk and operational overhead with Vault Enterprise Long-Term Support (LTS) releases. Learn more: LTS overview |
Vault GUI | GA | Configure custom messages and display those messages to targeted users in the Vault GUI. Learn more: Custom UI messages |
Audit logging | GA | Filter audit logs to write data to different destinations based on the content. Learn more: Filter syntax for audit results |
Static secret caching | GA | Use Vault Proxy to cache static secrets for a set period of time and receive event notifications when secrets change. Learn more: Vault Proxy static secret caching |
Event notifications | GA | Subscribe to notifications for various events in Vault. Includes support for filtering, permissions, and cluster configurations with K-V secrets. Learn more: Events |
Public Key Infrastructure (PKI) | BETA | Automate certificate lifecycle management for IoT/EST enabled devices with native EST protocol support Learn more: Enrollment over Secure Transport (EST) |
Default lease count quotas | GA | New server deployments automatically create a lease count quota in the root namespace with a 300K limit. Learn more: Lease count quotas |
License utilization reporting | STATUS | Use the Vault CLI to bundle and report usage data to HashiCorp for clusters that do not report license utilization data automatically. Learn more: Manual license utilization reporting |
Secrets syncing | BETA | Sync Key Value (KV) v2 data between Vault and secrets managers from AWS, Azure, Google Cloud Platform (GCP), GitHub, and Vercel. Learn more: Secrets Sync |
AWS plugin | GA | Use automatic identity tokes for workload identity federation authentication flows with the AWS secret engine without explicitly configuring sensitive security credentials. Learn more: AWS secrets engine |
Feature deprecations and EOL
Deprecated in 1.15 | Retired in 1.15 |
---|---|
None | None |
Please refer to the Deprecation Plans and Notice page for up-to-date information on feature deprecations and plans or the Feature Deprecation FAQ for general questions about our deprecation process.