open-vault/website/content/docs/upgrading/upgrade-to-1.7.x.mdx

60 lines
2.3 KiB
Plaintext
Raw Normal View History

---
layout: docs
page_title: Upgrading to Vault 1.7.x - Guides
description: |-
This page contains the list of deprecations and important or breaking changes
for Vault 1.7.x. Please read it carefully.
---
# Overview
This page contains the list of deprecations and important or breaking changes
for Vault 1.7.x compared to 1.6. Please read it carefully.
## Go Version
Vault 1.7.8 and higher are built with Go 1.16. Please review the [Go Release
Notes](https://golang.org/doc/go1.16) for full details. Vault 1.7.0-1.7.7 are
built with Go 1.15.
## Barrier Key Auto-Rotation
If your Vault installation is at least a year old, the barrier key will be
automatically rotated once, and then subsequently will be rotated per the
settings in the new `sys/rotate/config` endpoint. This is a precaution to
ensure the number of encryptions performed by the barrier key is fewer than that
recommended by
[NIST SP 800-38D](https://csrc.nist.gov/publications/detail/sp/800-38d/final).
## AWS Auth Endpoint Changes and Deprecations
AWS Auth concepts and endpoints that use the "whitelist" and "blacklist" terms
have been updated to more inclusive language (e.g. `/auth/aws/identity-whitelist` has been
updated to`/auth/aws/identity-accesslist`). The old and new endpoints are aliases,
sharing the same underlying data. The legacy endpoint names are considered **deprecated**
and will be removed in a future release (not before Vault 1.9). The complete list of
endpoint changes is available in the [AWS Auth API docs](/api-docs/auth/aws#deprecations-effective-in-vault-1-7).
@include 'alpine-314.mdx'
@include 'entity-alias-mapping.mdx'
## Known Issues
Due to the known issue, Transform Secrets Engine users are recommended to upgrade to version 1.7.0.
Due to the known issue, Lease Count Quota users with DR Secondaries are recommended to upgrade to version 1.7.4.
### Autopilot
- Autopilot is not currently supported on DR Secondary clusters, or in
Integrated Storage's HA-only mode.
- If the IP address in the raft peer list is different from the configured
cluster address, autopilot may be unable to determine the leader node. If
affected, you should disabled autopilot by setting the
2021-03-25 14:51:31 +00:00
`VAULT_RAFT_AUTOPILOT_DISABLE` environment variable to 1.
@include 'transform-upgrade.mdx'
@include 'lease-count-quota-upgrade.mdx'