HashiCorp’s version 1.8 Vault is now generally available. The update is the first to come with Vault Diagnose, which has been added to help users find out why the Vault server has downtimes or booting failures.
In cases like that, using the ‘vault operator diagnose’ command will give you a clear description of why Vault can’t service requests.
It also sends information to ops personnel about unsafe configs and statuses. The latter is important since misconfigurations are behind many of the severity 1 and 2 cases the company sees.
Starting with version 1.8, the tool will be able to issue credentials for pre-made GCP Service Accounts since some environments do not allow for automated tools to access some permissions they may need.
The integrated expiration manager has been slightly changed to prevent it from trying to revoke leases that cannot be revoked, clean up older irrevocable leases, and offer reporting using API and CLI.
Another improvement is the UI, which now validates more input, has descriptions for authentication methods on the login page, hides secret inputs, and alerts users when unsealing fails due to license problems.
What else is new?
Users are advised to remember that in the new version the recommended way to manage licenses now uses the License Autoloading via [license_path] in the configuration file. Alternatively, one can use the environment variable [VAULT_LICENSE_PATH] or [VAULT_LICENSE.]
Feature-wise, Vault Enterprise now allows separate Storage Autopilot configuration for disaster recovery secondary clusters, which can be managed independently of each other.
Additional Control Group functionality for Control Group approval on a subset is possible instead of on all operations on a path. Enterprise customers can use Vault for keys management in AWS’s Key Management Service, as well as automates lifecycle operations like creating and rotating keys.
Find out more about the release here.