This release features a new Integrated Storage Autopilot feature along with production readiness for Tokenization via Transform and the Key Management Secrets Engine.
We are pleased to announce the general availability of HashiCorp Vault 1.7. Vault provides secrets management, data encryption, and identity management for any application on any infrastructure.
Vault 1.7 focuses on improving Vault’s core workflows and making key features production-ready to better serve your use cases. In this release, we added an Autopilot feature to Integrated Storage for a more operator-friendly experience, promoted Tokenization via Transform and the Key Management Secret Engine to general availability, made performance and reliability improvements, as well as many smaller improvements across the project.
This release includes the following key features and improvements:
This release also includes many additional new features, workflow enhancements, general improvements, and bug fixes. The Vault 1.7 changelog and release notes provide a list of all changes.
We introduced Integrated Storage in Vault 1.2, which allows Vault admins to configure an internal storage option for storing Vault’s persistent data rather than using an external storage backend. With each subsequent Vault release, we have continued to improve the operational experience and we are pleased to announce a highly requested feature called Autopilot.
The Autopilot features allow for automatic, operator-friendly management of the Integrated Storage servers (similar to Consul’s Autopilot subsystem). The autopilot includes:
For more information on either of these Integrated Storage enhancements, please see our documentation and a detailed Learn Guide.
The Transform secrets engine handles secure data transformations and tokenization against user-provided input value and is part of the Vault Enterprise Advanced Data Protection (ADP) module. Transform currently supports format-preserving encryption (FPE), data masking, and tokenization as data transformation types.
We are happy to announce Tokenization is out of technical preview and is now generally available for production workflows. Using the tokenization transformation you can create irreversible “tokens” from sensitive data often encountered in PCI-DSS use-cases, GDPR regulations, or when handling personally identifiable information (PII).
For more information on Transform Secret Engine, please see our documentation and a detailed Learn Guide.
Many cloud providers offer a Key Management Service (KMS), where encryption keys can be issued and stored, for maintaining a root of trust. The Key Management secrets engine provides a consistent workflow for distribution and lifecycle management of cryptographic keys in various key management service (KMS) providers. It allows organizations to manage the key lifecycle of keys Vault has distributed and maintain centralized control of those keys in Vault while still taking advantage of cryptographic capabilities native to the KMS providers.
We are happy to announce that the Key Management Secrets Engine is out of technical preview and is ready for production use for Azure Key Vault. We also added support for AWS KMS as a beta feature in this release. Using this feature you can use Vault to manage keys in Azure Key Vault, for automating many lifecycle operations, such as creation, reading, updating, and rotating keys. This greatly simplifies the process of bringing your own keys to a cloud provider and managing the lifecycle of those keys.
For more information on the Key Management Secrets Engine, please see our documentation and a detailed Learn Guide.
There are many new features in Vault 1.7 that have been developed over the course of the 1.6.x releases. For many of these features you can learn more using detailed hands-on learn guides through the HashiCorp Learn site. We have summarized a few of the larger features below, and you can consult the changelog for full details:
Vault 1.7 introduces significant new functionality. As such, please review the general upgrade instructions page for details.
As always, we recommend upgrading and testing this release in an isolated environment. If you experience any issues, please report them on the Vault GitHub issue tracker or post to the Vault discussion forum. As a reminder, if you believe you have found a security issue in Vault, please responsibly disclose by emailing security@hashicorp.com and do not use the public issue tracker. Our security policy and our PGP key can be found here.
For more information about Vault Enterprise, visit hashicorp.com/products/vault. Users can download the open source version of Vault at vaultproject.io.
We hope you enjoy Vault 1.7.
Learn about the ACME protocol for PKI, the common problems it solves, and why it should be part of your certificate management roadmap.
New HashiCorp Vault ecosystem integrations extend security use cases for customers.
With Vault and Boundary, HashiCorp makes its debut in Gartner’s Magic Quadrant for privileged access management.