Hi folks,
The Vault team is announcing the release of Vault 1.14, as well as 1.13.4, 1.12.8, and 1.11.12.
Open-source binaries can be downloaded at [1, 2, 3, 4]. Enterprise binaries are available to customers as well.
As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing security@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found at [5].
Each of these releases (1.14.0, 1.13.4, 1.12.8, and 1.11.12) will include Automated License Utilization Reporting, which sends minimal product-license metering data [13] to HashiCorp without requiring you to manually collect and report them.
The major features and improvements in the 1.14 release are:
- Vault PKI - ACME: Support for the ACME certificate lifecycle management protocol is now added to the Vault PKI plugin. Enables standard ACME clients, such as EFF’s certbot, CNCF’s k8s cert-manager etc., to request certificates from a Vault server without needing to know Vault APIs or auth mechanisms.
- Vault PKI - New UI: Revamped PKI UI goes live. Was released as beta in 1.13. Delivers superior user experience via UI in areas such as - workflows, metadata, issuer info, mount and tidy configuration, cross signing, multi-issuers etc.
- Agent Proxy Mode: Vault Agent’s proxy mode is now available as a separate command.
- Environment Variables through Vault Agent: Introducing a new process-supervisor mode for Vault Agent which allows injecting secrets as environment variables into a child process using new templated configuration.
- Automated License Utilization Reporting: Added automated license utilization reporting, which sends minimal product-license metering data [13] to HashiCorp without requiring you to manually collect and report them.
- New UI Navigation: Vault 1.14 introduced several user experience improvements including sidebar navigation, dismissable banners & an improved PKI user experience.
- AWS Secrets Engine - Static Roles: The engine now supports creation of static roles to manage static credentials for AWS IAM users.
- MongoDB Atlas Database Engine - User X.509 Certificates: The engine now supports generating X.509 credentials for dynamic roles for client authentication against MongoDB instances in Atlas.
- Replication Improvements (Enterprise): In Vault 1.14 the team has made numerous replication bug fixes and improvements. See the Changelog [6] for full details.
- Vault Secrets Operator for Kubernetes: Vault secrets are available in Kubernetes as native K8s secrets, freeing application developers to focus on application code and enabling security operations teams to manage secrets through Vault. Support for secrets rotation and pod rolling brings the benefits of Vault dynamic secrets to Kubernetes without app modifications.
See the Changelog at [6] for the full list of improvements and bug fixes.
See the Feature Deprecation Notice and Plans page [11] for our upcoming feature deprecation plans.
Note: In Vault 1.14 we will stop publishing official Dockerhub images and publish only our Verified Publisher images. Users of Docker images should pull from “hashicorp/vault” instead of “vault”.
OSS [9] and Enterprise [10] Docker images will be available soon.
Upgrading
See [7] for general upgrade instructions, and [8] for upgrade instructions and known issues.
As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [12].
We hope you enjoy Vault 1.14!
Sincerely, The Vault Team
[1] Vault v1.14.0 Binaries | HashiCorp Releases
[2] Vault v1.13.4 Binaries | HashiCorp Releases
[3] Vault v1.12.8 Binaries | HashiCorp Releases
[4] Vault v1.11.12 Binaries | HashiCorp Releases
[6] https://github.com/hashicorp/vault/blob/main/CHANGELOG.md#1140
[7] Upgrading Vault - Guides | Vault | HashiCorp Developer
[8] 1.14.0 | Vault | HashiCorp Developer
[9] Docker
[10] Docker
[11] Feature Deprecation Notice | Vault | HashiCorp Developer
[12] Vault - HashiCorp Discuss
[13] Automated license utilization reporting | Vault | HashiCorp Developer