All Vault setups have been updated to the latest version 1.12.0
. Please refer to the upstream changelogs to see what’s changed:
- Ability to view client counts per auth and changes to clients over months, therefore, providing more granular visibility into clients.
- Extended the sys/remount API endpoint to support moving secrets engines and auth method mounts from one location to another, within a namespace or across namespaces.
- Improved security posture that includes MFA on login for Vault OSS customers.
- Ability to implicitely achieve consistency via tokens.
- Support of PKCE on Vault’s OIDC auth method with Telemetry support for the Vault Agent.
- Improvement of key areas and parity to support using Terraform Provider with Vault.
- Vault Consul secrets engine provides a templating policy to allow node and service identities to be set on the Consul token creation
- Snowflake secrets engine added a key/pair-based authentication
- Vault adds a Kubernetes secrets engine to allow creating dynamic k8s service accounts
- ADP-Transform extends its functionality by adding a convergent tokenization mode and a tokenization lookup
- ADP-KM adds four new operations
- Client count tooling improvements to help understand the attribution of clients better
- Integration storage autopilot improvements include auto upgrade and redundancy zones
- Plugin Multiplexing support is extended to secret and auth plugins, allowing them to be managed more efficiently with a single process
- PKI Key revocation improvements are made to Vault’s PKI engine, introducing a new OCSP responder and automatic CRL rebuilding (with up-to-date Delta CRL), that offers significant performance and data transfer improvements to revocation workflows.
- BYOK in Transform engines now allow users to import their keys generated elsewhere.
- KMIP Server Profile adds support for additional operations, allowing Vault to claim support for the baseline server profile.
- Transform secrets engine supports time-based auto-key rotation for tokenization.
- Path and Role-based Quotas extend the existing Vault Quota support by allowing quotas to be extended to the API path suffixes and auth mount roles.
- Licensing termination behavior has changed where non-evaluation licenses (production licenses) will no longer have a termination date.
- Redis Database Secrets Engine is now available to manage static roles or generation of dynamic credentials, as well as root credential rotation on a stand-alone Redis server.
- AWS Elasticache Database Secrets Engine is introduced to manage static credentials for AWS Elasticache instances.
There are no next steps needed from your end.