Version of Vault running on HCP

HashiCorp Cloud Platform (HCP) HCP Vault
1

The HCP Vault Development instance which I had started one month ago, initially ran v1.8.5, then was updated to v1.8.7 “automagically” in early January, and a week later to v1.9.2.

Which was just in time to explore the OIDC Provider which is in Tech Preview and new to v1.9+.

Now, I have launched fresh instances of HCP Vault in eu-west-1 and eu-central-1. Both came up with v1.8.7, not v1.9.2 as required for OIDC Provider.

About versioning, I have noticed these plans are on the roadmap.

Is there any way to chose the version for the provisioning of new clusters yet, or to “accelerate” or even “force” an upgrade?

1 Like
2

AFAIK – the version is managed by Hashicorp, that’s part of the deal so no you can’t pick the version they’ll keep it up to date with the version they’re currently supporting.

If you really need to stick to a version for compliance, I’d contact them to see if you can include the version sticky as part of a contract.

3

Thank you for your reply. Currently, my problem is not that I would like to stick to an (older) version. But that the two Development instances that I brought up in two different region this morning came up with the previous v1.8.7 which does not support the OIDC Provider which is new in current v1.9.2.

I left the one in eu-west-1 running to see if and when it gets upgraded. At this moment, it is still at v1.8.7. The Version Policy states that “we maintain all clusters on the most recent major and minor versions”.

1 Like
4

I would open a ticket and ask them to run the update the region and your instance, 1.9.x has been out long enough that it sounds like something was missed.

1 Like
5

hello @hb9cwp if you provision a new cluster today, are you still not getting 1.9.2 as the version?

While you cannot currently specify the Vault version through the HCP UI when creating a cluster, you can do so using the HCP Terraform Provider and specifying the min_vault_version parameter for the hcp_vault_cluster resource.

Example

resource "hcp_vault_cluster" "hcp_vault" {
  hvn_id     = hcp_hvn.hvn.hvn_id
  cluster_id = "hcpv-${var.name}"
  tier = var.hcp_vault_tier
  public_endpoint = var.hcp_vault_public
  min_vault_version = "1.9.2"
  
}

I hope this helps!

1 Like
6

Thank you @xka5h, excellent! I am happy to report that a newly created Vault instance via WebUI in eu-west-1 comes up with v1.9.2.

The one I had created yesterday morning in the same HVN also via WebUI was still at v1.8.7 before I deleted it now.

Great hint about the additional TF parameter. I did not think of it, but will use it from now on.

7

Hashicorp did a roadmap Youtube also just recently: Vision for HCP Vault Roadmap Session - YouTube - the version upgrades were mentioned there as well. Looking forward to get some control over upgrades - this is not very production-quality yet considering the lack of controls :slight_smile:

(luckily we’re not in prod mode yet :D)