| layout | page_title | description |
|---|---|---|
docs |
1.17.0 release notes |
Key updates for Vault 1.17.0 |
GA date: 2024-06-12
@include 'release-notes/intro.mdx'
Companion updates are Vault updates that live outside the main Vault binary.
None.
Follow the learn more links for more information, or browse the list of Vault tutorials updated to highlight changes for the most recent GA release.
| Release | Update | Description |
|---|---|---|
| Security patches | ENHANCED | Various security improvements to remediate varying severity and informational findings from a 3rd party security audit. |
| Vault Agent and Vault Proxy self-healing tokens | ENHANCED |
Auto-authentication avoids agent/proxy restarts and config changes by
automatically re-authenticating authN tokens to Vault.
Learn more: Vault Agent and Vault Proxy auto-auth |
| Release | Update | Description |
|---|---|---|
| Adaptive overload protection | BETA |
Prevent client requests from overwhelming a variety of server resources
that could lead to poor server availability.
Learn more: Adaptive overload protection overview |
| ACME Client Count | ENHANCED | To improve clarity around client counts, Vault now separates ACME clients from non-entity clients. |
| Public Key Infrastructure (PKI) | GA |
Automate certificate lifecycle management for IoT/EST enabled devices with
native EST protocol support.
Learn more: Enrollment over Secure Transport (EST) overview |
| GA |
Submit custom metadata with certificate requests and store the additional
information in Vault for further analysis.
Learn more: PKI secrets engine API |
|
| Resource management | ENHANCED | Vault now supports a greater number of namespaces and mounts for large-scale Vault installations. |
| GA | Use hierarchical mount paths to organize, manage, and control access to secret engine objects. | |
| GA |
Safely override the max entry size to set different limits for specific
storage entries that contain mount tables, auth tables and namespace
configuration data.
Learn more: max_mount_and_namespace_table_entry_size parameter
|
|
| Transit | GA |
Use cipher-based message authentication code (CMAC) with AES symmetric
keys in the Vault Transit plugin.
Learn more: CMAC support |
| Plugin identity tokens | GA |
Enable AWS, Azure, and GCP authentication flows with workload identity
federation (WIF) tokens from the associated secrets plugins without
explicitly configuring sensitive security credentials.
Learn more: Plugin WIF overview |
| LDAP Secrets Engine | GA |
Use hierarchical paths with roles and set names to define policies that
map 1-1 to LDAP secrets engine roles.
Learn more: Hierarchical paths overview |
| Clock skew and lag detection | GA |
Use the sys/health and sys/ha-status endpoints
to display lags in performance secondaries and performance standby nodes.
Learn more: Clock skew and replication lag overview |
| Deprecated in 1.17 | Retired in 1.17 |
|---|---|
| None | Centrify Auth plugin |
@include 'release-notes/deprecation-note.mdx'