[ANN] Vault 1.6.0 Released

Hi folks,

The Vault team is happy to announce the release of Vault 1.6!

Open-source binaries can be downloaded at [1]. Enterprise binaries are available to customers as well.

As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing security@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [2].

The key features and improvements in this release are:

  • Integrated Storage Cloud Auto Join: This feature for integrated storage enables Vault nodes running in the cloud to automatically discover and join a Vault cluster via operator-supplied metadata.
  • Integrated Storage Auto Snapshots (Enterprise): This feature enables an operator to schedule snapshots of the integrated storage backend and ensure those snapshots are persisted elsewhere.
  • Tokenization (Enterprise; Tech Preview): Tokenization supports creating irreversible “tokens” from sensitive data. Tokens can be used in less secure environments, protecting the original data.
  • Key Management Secrets Engine (Enterprise; Tech Preview): This new secret engine allows securely distributing and managing keys to Azure cloud KMS services.
  • Vault Client Count: The Vault web UI and API have been enhanced to display the number of active clients, unique entities, and active direct tokens.
  • Seal Migration: With Vault 1.6, we will support migrating from an auto unseal mechanism to a different mechanism of the same type. For example, if you were using an AWS KMS key to automatically unseal, you can now migrate to a different AWS KMS key.
  • Couchbase Secrets: Vault can now manage static and dynamic credentials for Couchbase.
  • Expanded Password Policy Support: Custom password policies[8] are now supported for all database engines.

See the Changelog at [3] for the full list of improvements and bug fixes.

OSS [5] and Enterprise [6] Docker images will be available soon.


See [4] for general upgrade instructions.

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [7].

We hope you enjoy Vault 1.6!

Sincerely, The Vault Team

[1] https://releases.hashicorp.com/vault/1.6.0
[2] https://www.hashicorp.com/security
[3] https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#160
[4] https://www.vaultproject.io/docs/upgrading
[5] https://hub.docker.com/_/vault
[6] https://hub.docker.com/r/hashicorp/vault-enterprise
[7] https://discuss.hashicorp.com/c/vault
[8] https://www.vaultproject.io/docs/concepts/password-policies


I assume this is like the Cloud Auto Join of Consul and Nomad ?!
I couldn’t find any Vault docs on what settings to use in the config files for this. :frowning_face:

It’s very similar to Consul and Nomad’s functionality. Unfortunately the docs we added are hard to search for, but are available in the following two locations:

Like Consul and Nomad, we’re using go-discover, so the docs there might also be helpful.

1 Like


i have a question. As long as i dont have access to the enterprise binaries im not able to test the new KMS secret engine feature right?

Is there any way to evaluate newly released enterprise features without committing to enterprise licensing?

Kind regards