This release features Integrated Storage enhancements, a new Key Management Secrets Engine, Transform Secrets Engine updates, and more.
We are pleased to announce the general availability of HashiCorp Vault 1.6. Vault provides secrets management, data encryption, and identity management for any application on any infrastructure.
In this release, we added enhancements to Integrated Storage, added the ability of tokenizing sensitive data to the Transform Secrets Engine, made web UI improvements, and added a new Key Management Secret Engine.
This release includes the following key features and improvements:
This release also includes many additional new features, workflow enhancements, general improvements, and bug fixes. The Vault 1.6 changelog provides a list of all changes.
We introduced Integrated Storage in Vault 1.2, which allows Vault admins to configure an internal storage option for storing Vault’s persistent data rather than using an external storage backend. With each release, we continue to improve the operational experience and we are pleased to announce two highly requested features:
For more information on either of these Integrated Storage enhancements, please see our documentation and a detailed Learn Guide.
With Vault 1.6, we added Tokenization support as a technical preview, as well as a way to configure FPE and data masking transformations through the Transform web UI. The Transform Secrets Engine is an Advanced Data Protection (ADP) feature and part of Vault Enterprise used to protect secrets that reside in untrusted or semi-trusted systems outside of Vault through the use of one-way (masking) and two-way transformations via data type protection transformation.
Tokenization can replace sensitive data with unique values (tokens) that are unrelated to the original value in any algorithmic sense. Tokenization is a stateful procedure to facilitate mapping between tokens and various cryptographic values (one-way hash function of the token, encrypted metadata, etc.) including the encrypted plaintext itself.
For more information on Transform Secret Engine, please see our documentation, and a detailed Learn Guide.
Many cloud providers offer a key management system (KMS), where encryption keys can be issued and stored, for maintaining a root of trust. However, this often leads to manual work when you are looking to bring your own keys so we added a new Key Management Secrets Engine as a technical preview to help manage and securely distribute keys to various cloud KMS services.
This new Key Management Secrets Engine is in technical preview, and only supports Azure at the moment, but we plan to support all major cloud providers shortly. Using this new feature you can use Vault to connect to and manage Azure’s Key Vault, for automating many lifecycle operations, such as writing, reading, updating, and rotating keys. This should greatly simplify the process of bringing your own keys to a cloud provider and managing the lifecycle of those keys.
For more information on Key Management Secrets Engine, please see our documentation and a detailed Learn Guide.
There are many new features in Vault 1.6 that have been developed over the course of the 1.5.x releases. For many of these features you can learn more using detailed hands-on learn guides through the HashiCorp Learn site. We have summarized a few of the larger features below, and you can consult the changelog for full details:
Vault 1.6 introduces significant new functionality. As such, please review the general upgrade instructions page for details.
As always, we recommend upgrading and testing this release in an isolated environment. If you experience any issues, please report them on the Vault GitHub issue tracker or post to the Vault discussion forum. As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing security@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found here.
For more information about Vault Enterprise, visit hashicorp.com/products/vault. Users can download the open source version of Vault at vaultproject.io.
We hope you enjoy Vault 1.6.
A recap of HashiCorp infrastructure and security news and developments on AWS from the past year, from self-service provisioning to fighting secrets sprawl and more.
Vault benchmark is an open source tool that tests the performance of HashiCorp Vault auth methods and secrets engines.
If you’re attending AWS re:Invent in Las Vegas, Nov. 27 - Dec. 1, visit us for breakout sessions, expert talks, and product demos to learn how to accelerate your adoption of a cloud operating model.