Vault 1.11.0-rc1, 1.10.4, 1.9.7, and 1.8.12 released

Hi folks,

The Vault team is announcing the release of the Vault 1.11 release candidate, as well as Vault 1.10.4, 1.9.7, and 1.8.12 !

Open-source binaries can be downloaded at [1, 2, 3, 4]. Enterprise binaries are available to customers as well.

As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing and do not use the public issue tracker. Our security policy and our PGP key can be found at [5].

These releases contain fixes to low and informational severity findings identified in a recent third-party security audit.

The major features and improvements in the Vault 1.11 release candidate are:

  • Autopilot Improvements (Enterprise) : Autopilot on Vault Enterprise now supports automated upgrades and redundancy zones when using integrated storage.
  • Kubernetes Secrets Engine : Add support for generating dynamic Kubernetes service account tokens.
  • Consul Secrets Engine : Node and Service identities are now supported.
  • Snowflake DB Secrets Engine : Keypair based authentication is now supported.
  • GCP Auth Engine : Support for non-public GCP endpoints has been added.
  • Non-Disruptive Intermediate/Root Certificate Rotation : Allow import, generation and configuration of any number of keys and/or issuers within a PKI mount, providing operators the ability to rotate certificates in place without affecting existing client configurations.
  • Key import for Transit : Allow import of private key material to be used in Transit secrets engine.
  • KMIP Improvements : Implement operations Query, Import, Encrypt and Decrypt. Improve operations Locate, Add Attribute, Get Attributes and Get Attribute List to handle most supported attributes.
  • ADP Tokenization : Add support for convergent tokenization as well as token lookup for some configurations of tokenization transforms.

See the Changelog at [6] for the full list of improvements and bug fixes.

See the Feature Deprecation Notice and Plans page [10] for our upcoming feature deprecation plans.

OSS [8] and Enterprise [9] Docker images will be available soon.


See [7] for general upgrade instructions.

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [11].

We hope you enjoy Vault 1.11.0-rc1, 1.10.4, 1.9.7, and 1.8.12!

Sincerely, The Vault Team

[1] Vault v1.11.0-rc1 Binaries | HashiCorp Releases
[2] Vault v1.10.4 Binaries | HashiCorp Releases
[3] Vault v1.9.7 Binaries | HashiCorp Releases
[4] Vault v1.8.12 Binaries | HashiCorp Releases
[5] Security at HashiCorp
[6] vault/ at main · hashicorp/vault · GitHub
[7] Upgrading Vault - Guides | Vault by HashiCorp
[8] Docker Hub
[9] Docker Hub
[10] Feature Deprecation Notice | Vault by HashiCorp
[11] Vault - HashiCorp Discuss
[12] Upgrading to Vault 1.10.x - Guides | Vault by HashiCorp