[ANN] Vault 1.5.0 Released

Hi folks,

The Vault team is happy to announce the release of Vault 1.5!

Open-source binaries can be downloaded at [1]. Enterprise binaries are available to customers as well. Release notes are available at [8].

As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing security@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [2].

The key features and improvements in this release are:

  • Monitoring : We have released a Splunk App [9] for Enterprise customers. The app is accompanied by an updated monitoring guide and a few new metrics to enable OSS users to effectively monitor Vault.
  • Password Policies: Allows operators to customize how passwords are generated for select secret engines (OpenLDAP, Active Directory, Azure, and RabbitMQ).
  • Replication UI Improvements : We have redesigned the replication UI to highlight the state and relationship between primaries and secondaries and improved management workflows, enabling a more holistic understanding of multiple Vault clusters.
  • Resource Quotas : As of 1.5, Vault supports specifying a quota to rate limit requests on OSS and Enterprise. Enterprise customers also have access to set quotas on the number of leases that can be generated on a path.
  • OpenShift Support : We have updated the Helm charts to allow users to install Vault onto their OpenShift clusters.
  • Seal Migration : We have made updates to allow migrations from auto unseal to Shamir unseal on Enterprise.
  • AWS Auth Web Identity Support : We’ve added support for AWS Web Identities, which will be used in the credentials chain if present.
  • Vault Monitor : Similar to the monitor command for Consul and Nomad, we have added the ability for Vault to stream logs from other Vault servers at varying log levels.
  • AWS Secrets Groups Support : IAM users generated by Vault may now be added to IAM Groups.
  • Integrated Storage as HA Storage : In Vault 1.5, it is possible to use Integrated Storage as HA Storage with a different storage backend as regular storage.
  • OIDC Auth Provider Extensions : We’ve added support to OIDC Auth to incorporate IdP-specific extensions. Currently this includes expanded Azure AD groups support.
  • GCP Secrets : Support BigQuery dataset ACLs in absence of IAM endpoints.

See the Changelog at [3] for the full list of improvements and bug fixes.

OSS [5] and Enterprise [6] Docker images will be available soon.


See [4] for general upgrade instructions.

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [7].

We hope you enjoy Vault 1.5!

Sincerely, The Vault Team

[1] https://releases.hashicorp.com/vault/1.5.0
[2] https://www.hashicorp.com/security
[3] https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#150
[4] https://www.vaultproject.io/docs/upgrading
[5] https://hub.docker.com/_/vault
[6] https://hub.docker.com/r/hashicorp/vault-enterprise
[7] https://discuss.hashicorp.com/c/vault
[8] https://www.vaultproject.io/docs/release-notes/1.5.0
[9] https://splunkbase.splunk.com/app/5093/


I wonder when Vault 1.5 will find its way into the official Hashicorp Linux Repository? Still missing it for Debian buster.