Vault 1.12.0 released

Hi folks,

The Vault team is announcing the GA release of Vault 1.12.0!

Open-source and Enterprise binaries can be downloaded at [1].

As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing security@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [2].

The major features and improvements in 1.12.0 are:

  • PKI Key revocation: Improvements are made to Vault’s PKI engine, introducing a new OCSP responder and automatic CRL rebuilding (with up-to-date Delta CRL), that offers significant performance and data transfer improvements to revocation workflows.
  • BYOK in Transform engines: It now allows users to import their keys generated elsewhere.
  • KMIP Server Profile: Adds support for additional operations, allowing Vault to claim support for the baseline server profile.
  • Transform secrets engine: supports time-based auto-key rotation for tokenization.
  • Path and Role-based Quotas: Extend the existing Vault Quota support by allowing quotas to be extended to the API path suffixes and auth mount roles.
  • Licensing: Termination behavior has changed where non-evaluation licenses (production licenses) will no longer have a termination date.
  • Redis Database Secrets Engine: Users can use Vault to manage static role or dynamic credentials for Redis OSS. The engine works similarly to other database secrets engines.
  • AWS Elasticache Database Secrets Engine: Users may use Vault to manage static credentials for AWS Elasticache instances. The engine will work similarly to other database secrets engines.

See the Changelog at [3] for the full list of improvements and bug fixes.

See the Feature Deprecation Notice and Plans page [7] for our upcoming feature deprecation plans.

Of particular note, we currently publish two versions of Docker images, one under the HashiCorp Verified Publisher account and one as official Dockerhub images. With Vault 1.12, we are announcing that we will cease publication of the official Dockerhub images and make Docker images available only through our Verified Publisher account. Users of Docker images should pull from “hashicorp/vault” instead of “vault”.

OSS [5] and Enterprise [6] Docker images will be available soon.


Upgrading

See [4] for general upgrade instructions, and [9] for upgrade instructions and known issues for 1.12.

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [8].

We hope you enjoy Vault 1.12.0!

Sincerely, The Vault Team

[1] https://releases.hashicorp.com/vault

[2] Security at HashiCorp

[3] https://github.com/hashicorp/vault/blob/main/CHANGELOG.md#1120

[4] Upgrading Vault - Guides | Vault by HashiCorp

[5] Docker Hub

[6] Docker Hub

[7] Feature Deprecation Notice | Vault by HashiCorp

[8] Vault - HashiCorp Discuss

[9] Upgrading Vault - Guides | Vault by HashiCorp

1 Like