Vault 1.9.0-rc1 released!

Hi folks,

The Vault team has released the first release candidate of Vault 1.9!

Open-source binaries can be downloaded at [1]. Enterprise binaries are available to customers as well.

As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing and do not use the public issue tracker. Our security policy and our PGP key can be found at [2].

The key fixes and improvements in this release are:

  • Customizable HTTP Headers : Users can now customize HTTP headers returned from the Vault server for the full range of Vault endpoints.
  • KVv2 - Custom Metadata : The KvV2 secrets engine now allows custom metadata defined by users.
  • KVv2 - HTTP PATCH (Tech Preview) : The KVv2 secrets engine now supports partial updates via HTTP PATCH.
  • Namespace API Lock (Enterprise) : Vault has added the capability to lock API access at the namespace level.
  • UI Support for Databases : The UI now supports Elasticsearch, Oracle, and Postgres database plugins.
  • Updated UI for KV Secret Engine : The KV secret engine has a new streamlined workflow, with the ability to add custom metadata, a separate tab for viewing metadata per secret, and other updates.
  • UI PKI Certificate Metadata : Updated UI for the PKI Secrets Engine to display certificate metadata for common name, issue date, expiration date, and serial number.
  • Client Count : Many improvements across the UI for seeing clients per namespace, data export option, and view totals earlier than month end. Updated formula for handling non-entity tokens.
  • OIDC Provider (Tech Preview) : Vault can now act as an OIDC provider. Applications that support OIDC can now delegate authentication and authorization to Vault using OIDC.
  • Key Management Secrets Engine (Enterprise) : The Key Management Secrets Engine now supports distributing keys to GCP KMS.
  • Azure Secrets : Support for rotating the root password has been added. Additionally, the engine has been updated to support the Microsoft Graph APIs.
  • Transform Secrets Engine (Enterprise) : Added advanced handling of encode and decode in format preserving encryption (FPE), including support for roles that can partially decode.

See the Changelog at [3] for the full list of improvements and bug fixes.

OSS [5] and Enterprise [6] Docker images will be available soon.


See [4] for general upgrade instructions.

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at [7].

We hope you enjoy the Vault 1.9 release candidate!

Sincerely, The Vault Team

[1] Vault v1.9.0-rc1 Binaries | HashiCorp Releases
[2] Security at HashiCorp
[3] vault/ at main · hashicorp/vault · GitHub
[4] Upgrading Vault - Guides | Vault by HashiCorp
[5] Docker Hub
[6] Docker Hub
[7] Vault - HashiCorp Discuss
[8] Frequently Asked Questions (FAQ) | Vault by HashiCorp
[9] Install a HashiCorp Enterprise License | Nomad - HashiCorp Learn


Just a heads up the email is cut off and links to on click.

Thanks for the catching this. Fixed.

1 Like