HashiCorp Vault 0.8.1
We are proud to announce the release of HashiCorp Vault 0.8.1, which includes a number of exciting new features, improvements, and bug fixes.
In addition to some bug fixes and minor enhancements, Vault 0.8.1 contains new functionality including the following new features:
-
Google Cloud Platform IAM Authentication Backend: Vault now supports authentication using Google Cloud IAM identities.
This is a feature developed by Google’s Open Source team in collaboration with the HashiCorp Vault Team. See their blog post for more details.
-
Oracle Database Secret Backend: Vault now supports dynamically generating credentials for Oracle databases via an external plugin. See the plugin's repository for more details.
-
PingID Push Support for Path-Based MFA (Enterprise): PingID Push can now be used for MFA with the new path-based MFA introduced in Vault Enterprise 0.8.
-
Permitted DNS Domains Support in PKI: The pki backend now supports specifying permitted DNS domains for CA certificates, allowing you to narrowly scope the set of domains for which a CA can issue or sign child certificates. This is supported for both root and intermediate CA certificates.
-
Plugin Backend Reload Endpoint: Plugin backends can now be triggered to reload using the
sys/plugins/reload/backend
endpoint and providing either the plugin name or the mounts to reload. -
Self-Reloading Plugins: The plugin system will now attempt to reload a crashed or stopped plugin, once per request
The release includes additional new features, general improvements, and bug fixes. The Vault 0.8.1 changelog provides a full list of changes. As always, please test in an isolated environment before upgrading and follow Vault's Upgrade Guide.
A big thanks to our amazing community for their ideas, bug reports, and pull requests.
Sign up for the latest HashiCorp news
More blog posts like this one

Streaming HCP Vault audit logs to Amazon CloudWatch for secure, real-time visibility
Learn how to automatically stream HCP Vault Dedicated audit logs into Amazon CloudWatch for real-time monitoring and compliance.

Anonymize RAG data in IBM Granite and Ollama using HCP Vault
Learn how to configure tokenization and masking with HCP Vault's transform secrets engine for data and pass it to IBM Granite, Ollama, and Open WebUI for RAG.

HashiCorp Vault and FIPS 140-3: Strengthening security and compliance
HashiCorp Vault now supports FIPS 140-3, the latest NIST standard for cryptographic modules.