Is KV-2 the default secret engine on Vault v1.8.x?


I’m still looking into the documentation, but if someone has a knowledge on this that will be great.

Is KV-2 the default secret engine on Vault v1.8.x?

Thank you,
Laurentius Purba

If you mean does

vault secrets enable kv

No, that still mounts v1.


vault secrets enable kv-v2

enables the kv v2 engine.

KV isn’t deprecated, it’s just a version-less version of the two. If you don’t need secret versioning it’s a smaller footprint. I, personally, like the safety of v2 but you’re not forced to use it.

Thanks @aram .

My bad, I should have clearly stated my question.

If I want to install vault v1.8, fresh install, is kv2 the default secret engine?

Yes, if you use:

vault secrets enable kv-v2

Hmm. That’s not my question. So, I guess by default only cubbyhole is the default engine. The others, we should explicitly enable it.

But, if I run it in -dev mode, then the default is kv2 as per this link.

The answer is still the same as above, so if you answer as to why you care that would be a better question and we can arrive at an answer.