The Vault team is announcing the release of the Vault 1.11 release candidate, as well as Vault 1.10.4, 1.9.7, and 1.8.12 !
Open-source binaries can be downloaded at [1, 2, 3, 4]. Enterprise binaries are available to customers as well.
As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing firstname.lastname@example.org and do not use the public issue tracker. Our security policy and our PGP key can be found at .
These releases contain fixes to low and informational severity findings identified in a recent third-party security audit.
The major features and improvements in the Vault 1.11 release candidate are:
- Autopilot Improvements (Enterprise) : Autopilot on Vault Enterprise now supports automated upgrades and redundancy zones when using integrated storage.
- Kubernetes Secrets Engine : Add support for generating dynamic Kubernetes service account tokens.
- Consul Secrets Engine : Node and Service identities are now supported.
- Snowflake DB Secrets Engine : Keypair based authentication is now supported.
- GCP Auth Engine : Support for non-public GCP endpoints has been added.
- Non-Disruptive Intermediate/Root Certificate Rotation : Allow import, generation and configuration of any number of keys and/or issuers within a PKI mount, providing operators the ability to rotate certificates in place without affecting existing client configurations.
- Key import for Transit : Allow import of private key material to be used in Transit secrets engine.
- KMIP Improvements : Implement operations Query, Import, Encrypt and Decrypt. Improve operations Locate, Add Attribute, Get Attributes and Get Attribute List to handle most supported attributes.
- ADP Tokenization : Add support for convergent tokenization as well as token lookup for some configurations of tokenization transforms.
See the Changelog at  for the full list of improvements and bug fixes.
See the Feature Deprecation Notice and Plans page  for our upcoming feature deprecation plans.
OSS  and Enterprise  Docker images will be available soon.
See  for general upgrade instructions.
As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at .
We hope you enjoy Vault 1.11.0-rc1, 1.10.4, 1.9.7, and 1.8.12!
Sincerely, The Vault Team
 Vault v1.11.0-rc1 Binaries | HashiCorp Releases
 Vault v1.10.4 Binaries | HashiCorp Releases
 Vault v1.9.7 Binaries | HashiCorp Releases
 Vault v1.8.12 Binaries | HashiCorp Releases
 Security at HashiCorp
 vault/CHANGELOG.md at main · hashicorp/vault · GitHub
 Upgrading Vault - Guides | Vault by HashiCorp
 Docker Hub
 Docker Hub
 Feature Deprecation Notice | Vault by HashiCorp
 Vault - HashiCorp Discuss
 Upgrading to Vault 1.10.x - Guides | Vault by HashiCorp