The Vault team is happy to announce the release of Vault 1.9!
Open-source binaries can be downloaded at . Enterprise binaries are available to customers as well.
As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing firstname.lastname@example.org and do not use the public issue tracker. Our security policy and our PGP key can be found at .
In 1.9.0 we have added a documentation page covering some planned deprecations . Please review this page.
The key fixes and improvements in this release are:
- Customizable HTTP Headers: Users can now customize HTTP headers returned from the Vault server for the full range of Vault endpoints
- KVv2 - Custom Metadata: The KvV2 secrets engine now allows custom metadata defined by users
- KVv2 - HTTP PATCH (Tech Preview): The KVv2 secrets engine now supports partial updates via HTTP PATCH
- Namespace API Lock (Enterprise): Vault has added the capability to lock API access at the namespace level
- UI Support for Databases: The UI now supports Elasticsearch, Oracle, and Postgres database plugins
- Updated UI for KV Secret Engine: The KV secret engine has a new streamlined workflow, with the ability to add custom metadata, a separate tab for viewing metadata per secret, and other updates.
- PKI Secrets Engine (UI): Updated UI for the PKI Secrets Engine to display certificate metadata for common name, issue date, expiration date, and serial number.
- Client Count: Many improvements across the UI for seeing clients per namespace, data export option, and view totals earlier than month end. Updated formula for handling non-entity tokens.
- OIDC Provider (Tech Preview): Vault can now act as an OIDC provider. Applications that support OIDC can now delegate authentication to Vault using OIDC.
- Key Management Secrets Engine (Enterprise): The Key Management Secrets Engine now supports distributing keys to GCP KMS
- Azure Secrets: Support for rotating the root password has been added. Additionally, the engine has been updated to support the Microsoft Graph APIs.
- Transform Secrets Engine (Enterprise): Added advanced handling of encode and decode in format preserving encryption (FPE), including support for roles that can partially decode.
See the Changelog at  for the full list of improvements and bug fixes.
See the Feature Deprecation Notice and Plans page  for our upcoming feature deprecation plans.
OSS  and Enterprise  Docker images will be available soon.
See  for general upgrade instructions.
As always, we recommend upgrading and testing this release in an isolated environment. If you experience any non-security issues, please report them on the Vault GitHub issue tracker or post to the Vault Discuss Forum at .
We hope you enjoy Vault 1.9!
Sincerely, The Vault Team
 Vault v1.9.0 Binaries | HashiCorp Releases
 Security at HashiCorp
 vault/CHANGELOG.md at main · hashicorp/vault · GitHub
 Upgrading Vault - Guides | Vault by HashiCorp
 Docker Hub
 Docker Hub
 Vault - HashiCorp Discuss
 Feature Deprecation Notice | Vault by HashiCorp