Vault upgraded to 1.12.0

All Vault setups have been updated to the latest version 1.12.0. Please refer to the upstream changelogs to see what’s changed:

  • Ability to view client counts per auth and changes to clients over months, therefore, providing more granular visibility into clients.
  • Extended the sys/remount API endpoint to support moving secrets engines and auth method mounts from one location to another, within a namespace or across namespaces.
  • Improved security posture that includes MFA on login for Vault OSS customers.
  • Ability to implicitely achieve consistency via tokens.
  • Support of PKCE on Vault’s OIDC auth method with Telemetry support for the Vault Agent.
  • Improvement of key areas and parity to support using Terraform Provider with Vault.
  • Vault Consul secrets engine provides a templating policy to allow node and service identities to be set on the Consul token creation
  • Snowflake secrets engine added a key/pair-based authentication
  • Vault adds a Kubernetes secrets engine to allow creating dynamic k8s service accounts
  • ADP-Transform extends its functionality by adding a convergent tokenization mode and a tokenization lookup
  • ADP-KM adds four new operations
  • Client count tooling improvements to help understand the attribution of clients better
  • Integration storage autopilot improvements include auto upgrade and redundancy zones
  • Plugin Multiplexing support is extended to secret and auth plugins, allowing them to be managed more efficiently with a single process
  • PKI Key revocation improvements are made to Vault’s PKI engine, introducing a new OCSP responder and automatic CRL rebuilding (with up-to-date Delta CRL), that offers significant performance and data transfer improvements to revocation workflows.
  • BYOK in Transform engines now allow users to import their keys generated elsewhere.
  • KMIP Server Profile adds support for additional operations, allowing Vault to claim support for the baseline server profile.
  • Transform secrets engine supports time-based auto-key rotation for tokenization.
  • Path and Role-based Quotas extend the existing Vault Quota support by allowing quotas to be extended to the API path suffixes and auth mount roles.
  • Licensing termination behavior has changed where non-evaluation licenses (production licenses) will no longer have a termination date.
  • Redis Database Secrets Engine is now available to manage static roles or generation of dynamic credentials, as well as root credential rotation on a stand-alone Redis server.
  • AWS Elasticache Database Secrets Engine is introduced to manage static credentials for AWS Elasticache instances.

There are no next steps needed from your end.