New and Updated Vault Tutorials for 1.10 Release
Try out the new and enhanced features introduced in Vault 1.10 with step-by-step tutorials on HashiCorp Learn.
HashiCorp Vault 1.10 was released on March 23rd, introducing some exciting new features and enhancements. Now you can visit the Vault 1.10 Release Highlights collection on HashiCorp Learn and start exploring what's new.
» Move Secrets Engines and Auth Methods Across Namespaces
Vault 1.10 extended the sys/remount API endpoint to support moving secrets engines and auth methods from one mount location to another. If you are running Vault Enterprise with namespaces, you can move them from one namespace to another.
The new Move Secrets Engines and Auth Methods Across Namespaces tutorial demonstrates how easily you can move secrets engines and auth methods from one mount path to the new target path across namespaces.
» IBM Db2 Credential Management
Many large enterprises that use IBM Db2 databases are delegated to using local usernames and passwords for access into Db2 databases. Using Vault's OpenLDAP secrets engine, you can let Vault manage the credential lifecycle for Db2 environments.
The IBM Db2 Credential Management tutorial demonstrates how to use the OpenLDAP secrets engine to solve the Db2 credential management challenge.
» Vault Usage Metrics
The Vault usage metrics dashboard in Vault 1.10 enables you to select a billing period more easily than before.
In addition, you can view client count per auth mount. You can also view month over month changes to clients via the API.
See the updated Vault Usage Metrics tutorial to learn more about this enhanced experience.
» Multi Factor Authentication (MFA)
Multi-factor authentication (MFA) is a mechanism for outsourcing secondary authentication for your website (or other product) to a third-party one-time key provider.
Vault 1.10 added an open source login MFA integration for additional authentication (authN) using time-based one-time password (TOTP), Okta, Duo, and PingIdentity.
The Enable Login Multi Factor Authentication (MFA) tutorial demonstrates MFA with PingID.
» Server-Side Consistency Tokens
Vault 1.10 introduced an updated token format to enable greater control over the consistency model, allowing performance standby nodes to decide whether to forward requests.
See the Tokens tutorial to learn about the new token format. If you are a Vault Enterprise user, refer to the Performance Standby Nodes tutorial, which describes the server-side consistent token.
» Automatic Key Rotation
If you are storing encrypted data, you should periodically rotate the encryption key to make it difficult for a malicious user to make unauthorized attempts to decrypt the data.
Vault 1.10 introduced the capability to rotate your encryption key automatically. Check the updated Encryption as a Service: Transit Secrets Engine tutorial, which demonstrates the automatic key rotation feature.
» Vault AWS Lambda Extension
The Vault AWS Lambda Extension tutorial was updated to demonstrate the caching configuration for the Vault Lambda extension local proxy server so that it does not forward every request to the Vault server.
» Vault as an OIDC Identity Provider
Vault 1.9 introduced the ability to configure Vault as an OIDC identity provider as a Technical Preview. It is now generally available in 1.10. This lets users leverage pre-existing Vault identities for authN into their applications.
See the Vault as an OIDC Identity Provider tutorial for step-by-step instructions.
» More to Learn
For other tutorials on all the features of Vault, including videos and in-browser hands-on lab environments using real cloud compute resources that we provide for you, visit HashiCorp Learn.
Sign up for the latest HashiCorp news
More blog posts like this one
HashiCorp at re:Invent 2024: Security Lifecycle Management with AWS
A recap of HashiCorp security news and developments on AWS from the past year, for your security management playbook.
HCP Vault Dedicated adds secrets sync, cross-region DR, EST PKI, and more
The newest HCP Vault Dedicated 1.18 upgrade includes a range of new features that include expanding DR region coverage, syncing secrets across providers, and adding PKI EST among other key features.
Fix the developers vs. security conflict by shifting further left
Resolve the friction between dev and security teams with platform-led workflows that make cloud security seamless and scalable.