[ANN] Vault 1.7.0-rc1 Released

24 views
Skip to first unread message

Meggie Ladlow

unread,
Mar 10, 2021, 7:50:45 PM3/10/21
to HashiCorp Announcements
Hi folks,

The Vault team has released the release candidate of HashiCorp Vault 1.7!

Open-source binaries can be downloaded at [1]. Enterprise binaries are available to customers as well.

As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing secu...@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [2].

The key features and improvements in this release candidate are:

  • Integrated Storage Autopilot: Vault 1.7 adds dead server cleanup, server stabilization for new nodes joining a cluster, and a health check API to our integrated storage backend.
  • Lease Expiration Improvements: We have improved our handling of lease expirations to prevent lease expirations from blocking Vault startup.
  • Client Controlled Consistency (Enterprise): With Vault 1.7, it will be possible for Vault clients to control Vault consistency via request headers.
  • Automatic Barrier Key Rotation: In Vault 1.7 the barrier key will be rotated automatically to reduce the risk of nonce reuse cryptanalysis.
  • Tokenization (Enterprise; GA): Tokenization supports creating irreversible “tokens” from sensitive data. Tokens can be used in less secure environments, protecting the original data. Tokenization released as a preview in Vault 1.6, and is now Generally Available.
  • Database Secrets Engine (UI): We’ve added a screen to configure database secrets engines and dynamic database credential generations for MongoDB to the Vault UI in Vault 1.7.
  • Terraform Cloud/Enterprise Secrets Engine: Vault can now dynamically generate API tokens for Terraform Cloud and Terraform Enterprise.
  • Snowflake Secrets Engine: Vault can now manage static and dynamic credentials for Snowflake.
  • Key Management Secrets Engine (Enterprise): Key Management Secrets Engine, released for preview in Vault 1.6, is now Generally Available with support for Azure Key Vault. Additionally, support for AWS KMS has been added (beta).
  • OpenLDAP Secrets Engine: OpenLDAP Secrets can now manage dynamic LDAP credentials.
  • Vault Agent: Vault Agent can now support a persistent cache in Kubernetes environments, streamlining the handoff of leases and tokens between an Init and Sidecar container. 
  • AWS Secrets: IAM tags can now be added to dynamic user credentials.

See the Changelog at [3] for the full list of improvements and bug fixes.

OSS [5] and Enterprise [6] Docker images will be available soon.

---

Upgrading

See [4] for general upgrade instructions.

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [7].

We hope you enjoy the Vault 1.7 release candidate!

Sincerely, The Vault Team

Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages