Vault - 0.11.4


(October 23rd, 2018)


  • core: HA lock file is no longer copied during operator migrate [GH-5503].
    We've categorized this as a change, but generally this can be considered
    just a bug fix, and no action is needed.


  • Transit Key Trimming: Keys in transit secret engine can now be trimmed to
    remove older unused key versions
  • Web UI support for KV Version 2: Browse, delete, undelete and destroy
    individual secret versions in the UI
  • Azure Existing Service Principal Support: Credentials can now be generated
    against an existing service principal


  • core: Add last WAL in leader/health output for easier debugging [GH-5523]
  • identity: Identity names will now be handled case insensitively by default.
    This includes names of entities, aliases and groups [GH-5404]
  • secrets/aws: Added role-option max_sts_ttl to cap TTL for AWS STS
    credentials [GH-5500]
  • secret/database: Allow Cassandra user to be non-superuser so long as it has
    role creation permissions [GH-5402]
  • secret/radius: Allow setting the NAS Identifier value in the generated
    packet [GH-5465]
  • secret/ssh: Allow usage of JSON arrays when setting zero addresses [GH-5528]
  • secret/transit: Allow trimming unused keys [GH-5388]
  • ui: Support KVv2 [GH-5547], [GH-5563]
  • ui: Allow viewing and updating Vault license via the UI
  • ui: Onboarding will now display your progress through the chosen tutorials
  • ui: Dynamic secret backends obfuscate sensitive data by default and
    visibility is toggleable


  • agent: Fix potential hang during agent shutdown [GH-5026]
  • auth/ldap: Fix listing of users/groups that contain slashes [GH-5537]
  • core: Fix memory leak during some expiration calls [GH-5505]
  • core: Fix generate-root operations requiring empty otp to be provided
    instead of an empty body [GH-5495]
  • identity: Remove lookup check during alias removal from entity [GH-5524]
  • secret/pki: Fix TTL/MaxTTL check when using sign-verbatim [GH-5549]
  • secret/pki: Fix regression in 0.11.2+ causing the NotBefore value of
    generated certificates to be set to the Unix epoch if the role value was not
    set, instead of using the default of 30 seconds [GH-5481]
  • storage/mysql: Use varbinary instead of varchar when creating HA tables


Oct. 23, 2018, midnight
Register or login to:
  • 🔍View and search all Vault releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google