Request Timeouts: A default request timeout of 90s is now enforced. This
setting can be overwritten in the config file. If you anticipate requests
taking longer than 90s this setting should be updated before upgrading.
(NOTE: will be re-added into 0.11.1 as it broke more than anticipated. There
will be some further guidelines around when this will be removed again.)
sys/ Top Level Injection: For the last two years for backwards
compatibility data for various sys/ routes has been injected into both the
Secret's Data map and into the top level of the JSON response object.
However, this has some subtle issues that pop up from time to time and is
becoming increasingly complicated to maintain, so it's finally being
removed.
Path Fallback for List Operations: For a very long time Vault has
automatically adjusted list operations to always end in a /, as list
operations operates on prefixes, so all list operations by definition end
with /. This was done server-side so affects all clients. However, this
has also led to a lot of confusion for users writing policies that assume
that the path that they use in the CLI is the path used internally. Starting
in 0.11, ACL policies gain a new fallback rule for listing: they will use a
matching path ending in / if available, but if not found, they will look
for the same path without a trailing /. This allows putting list
capabilities in the same path block as most other capabilities for that
path, while not providing any extra access if list wasn't actually
provided there.
Performance Standbys On By Default: If you flavor/license of Vault
Enterprise supports Performance Standbys, they are on by default. You can
disable this behavior per-node with the disable_performance_standby
configuration flag.
AWS Secret Engine Roles: The AWS Secret Engine roles are now explicit about
the type of AWS credential they are generating; this reduces reduce
ambiguity that existed previously as well as enables new features for
specific credential types. Writing role data and generating credentials
remain backwards compatible; however, the data returned when reading a
role's configuration has changed in backwards-incompatible ways. Anything
that depended on reading role data from the AWS secret engine will break
until it is updated to work with the new format.
Token Format (Enterprise): Tokens are now represented as a base62 value;
tokens in namespaces will have the namespace identifier appended.
FEATURES:
Namespaces (Enterprise): A set of features within Vault Enterprise
that allows Vault environments to support Secure Multi-tenancy within a
single Vault Enterprise infrastructure. Through namespaces, Vault
administrators can support tenant isolation for teams and individuals as
well as empower those individuals to self-manage their own tenant
environment.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/hashicorp/vault/sdk from 0.10.2 to 0.11.0.
Changelog
Sourced from github.com/hashicorp/vault/sdk's changelog.
... (truncated)
Commits
87492f9Cut version 0.11.0c05e39aUpdate version numbersdc86fdeSync plugin updatesf913d4cUI Onboarding Wizards (#5196)e53560fFix default TTL for AWS secrets (#5203)c9a4fdfFix Azure Secrets API example8667143Pass the ctx value to make the race detector happy (#5201)3437e82refactor aws secret ui (#5193)4377a6eFix build06b2aebchangelog++Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show