| layout | page_title | description |
|---|---|---|
docs |
Upgrading to Vault 1.7.0 - Guides |
This page contains the list of deprecations and important or breaking changes
for Vault 1.7.0. Please read it carefully. |
This page contains the list of deprecations and important or breaking changes for Vault 1.7.0 compared to 1.6. Please read it carefully.
If your Vault installation is at least a year old, the barrier key will be
automatically rotated once, and then subsequently will be rotated per the
settings in the new sys/rotate/config endpoint. This is a precaution to
ensure the number of encryptions performed by the barrier key is fewer than that
recommended by
NIST SP 800-38D.
AWS Auth concepts and endpoints that use the "whitelist" and "blacklist" terms
have been updated to more inclusive language (e.g. /auth/aws/identity-whitelist has been
updated to/auth/aws/identity-accesslist). The old and new endpoints are aliases,
sharing the same underlying data. The legacy endpoint names are considered deprecated
and will be removed in a future release (not before Vault 1.9). The complete list of
endpoint changes is available in the AWS Auth API docs.
Due to the known issue, Transform Secrets Engine users are recommended to upgrade to version 1.7.0. Due to the known issue, Lease Count Quota users with DR Secondaries are recommended to upgrade to version 1.7.4.
- Autopilot is not currently supported on DR Secondary clusters, or in Integrated Storage's HA-only mode.
- If the IP address in the raft peer list is different from the configured
cluster address, autopilot may be unable to determine the leader node. If
affected, you should disabled autopilot by setting the
VAULT_RAFT_AUTOPILOT_DISABLEenvironment variable to 1.
@include 'transform-upgrade.mdx'
@include 'lease-count-quota-upgrade.mdx'