We are proud to announce the release of HashiCorp Vault 0.7.3, which includes a number of exciting new features, improvements, and bug fixes, as well as some security updates.
This release contains security relevant changes. Please ensure that you refer to the linked changelog, if you are users of the App-Id or Cert (TLS) authentication backends.
In addition to a number of bug fixes and minor enhancements, Vault 0.7.3 includes:
ed25519 Signing/Verification in Transit with Key Derivation - The Transit backend now supports generating ed25519 keys for signing and verification functionality. These keys support derivation, allowing you to modify the actual encryption key used by supplying a context value.
Key Version Specification for Encryption in Transit - You can now specify the version of a key you use to wish to generate a signature, ciphertext, or HMAC. This can be controlled by the
min_encryption_versionkey configuration property.
- Replication Primary Discovery (Enterprise) - Replication primaries will now advertise the addresses of their local HA cluster members to replication secondaries. This helps recovery if the primary active node goes down and neither service discovery nor load balancers are in use to steer clients.
The release includes additional new features, general improvements, and bug fixes. The Vault 0.7.3 changelog provides a full list of changes. As always, please test in an isolated environment before upgrading and follow Vault's upgrade guide.
A big thanks to our always-amazing community for their ideas, bug reports, and pull requests.