2021-03-01 16:45:22 +00:00
|
|
|
---
|
|
|
|
layout: docs
|
2021-12-08 21:52:51 +00:00
|
|
|
page_title: Upgrading to Vault 1.7.x - Guides
|
2021-03-01 16:45:22 +00:00
|
|
|
description: |-
|
|
|
|
This page contains the list of deprecations and important or breaking changes
|
2021-12-08 21:52:51 +00:00
|
|
|
for Vault 1.7.x. Please read it carefully.
|
2021-03-01 16:45:22 +00:00
|
|
|
---
|
|
|
|
|
|
|
|
# Overview
|
|
|
|
|
|
|
|
This page contains the list of deprecations and important or breaking changes
|
2021-12-08 21:52:51 +00:00
|
|
|
for Vault 1.7.x compared to 1.6. Please read it carefully.
|
2021-03-01 16:45:22 +00:00
|
|
|
|
2021-12-21 22:49:41 +00:00
|
|
|
## Go Version
|
|
|
|
|
|
|
|
Vault 1.7.8 and higher are built with Go 1.16. Please review the [Go Release
|
|
|
|
Notes](https://golang.org/doc/go1.16) for full details. Vault 1.7.0-1.7.7 are
|
|
|
|
built with Go 1.15.
|
|
|
|
|
2021-03-01 16:45:22 +00:00
|
|
|
## Barrier Key Auto-Rotation
|
|
|
|
|
2021-03-26 22:32:15 +00:00
|
|
|
If your Vault installation is at least a year old, the barrier key will be
|
|
|
|
automatically rotated once, and then subsequently will be rotated per the
|
2021-04-06 17:49:04 +00:00
|
|
|
settings in the new `sys/rotate/config` endpoint. This is a precaution to
|
2021-03-26 22:32:15 +00:00
|
|
|
ensure the number of encryptions performed by the barrier key is fewer than that
|
|
|
|
recommended by
|
2021-03-24 21:32:23 +00:00
|
|
|
[NIST SP 800-38D](https://csrc.nist.gov/publications/detail/sp/800-38d/final).
|
|
|
|
|
2021-03-26 22:32:15 +00:00
|
|
|
## AWS Auth Endpoint Changes and Deprecations
|
|
|
|
|
|
|
|
AWS Auth concepts and endpoints that use the "whitelist" and "blacklist" terms
|
|
|
|
have been updated to more inclusive language (e.g. `/auth/aws/identity-whitelist` has been
|
|
|
|
updated to`/auth/aws/identity-accesslist`). The old and new endpoints are aliases,
|
|
|
|
sharing the same underlying data. The legacy endpoint names are considered **deprecated**
|
|
|
|
and will be removed in a future release (not before Vault 1.9). The complete list of
|
|
|
|
endpoint changes is available in the [AWS Auth API docs](/api-docs/auth/aws#deprecations-effective-in-vault-1-7).
|
|
|
|
|
2021-08-27 16:33:44 +00:00
|
|
|
@include 'alpine-314.mdx'
|
|
|
|
|
2021-12-08 21:52:51 +00:00
|
|
|
@include 'entity-alias-mapping.mdx'
|
|
|
|
|
2021-03-24 21:32:23 +00:00
|
|
|
## Known Issues
|
|
|
|
|
2021-08-23 21:58:06 +00:00
|
|
|
Due to the known issue, Transform Secrets Engine users are recommended to upgrade to version 1.7.0.
|
|
|
|
Due to the known issue, Lease Count Quota users with DR Secondaries are recommended to upgrade to version 1.7.4.
|
2021-03-24 21:32:23 +00:00
|
|
|
|
|
|
|
### Autopilot
|
|
|
|
|
2021-04-06 17:49:04 +00:00
|
|
|
- Autopilot is not currently supported on DR Secondary clusters, or in
|
2021-03-24 21:32:23 +00:00
|
|
|
Integrated Storage's HA-only mode.
|
2021-04-06 17:49:04 +00:00
|
|
|
- If the IP address in the raft peer list is different from the configured
|
2021-03-24 21:32:23 +00:00
|
|
|
cluster address, autopilot may be unable to determine the leader node. If
|
|
|
|
affected, you should disabled autopilot by setting the
|
2021-03-25 14:51:31 +00:00
|
|
|
`VAULT_RAFT_AUTOPILOT_DISABLE` environment variable to 1.
|
2021-03-24 21:32:23 +00:00
|
|
|
|
|
|
|
@include 'transform-upgrade.mdx'
|
2021-08-23 21:58:06 +00:00
|
|
|
|
|
|
|
@include 'lease-count-quota-upgrade.mdx'
|
2021-12-08 21:52:51 +00:00
|
|
|
|