open-vault/website/content/docs/deprecation/faq.mdx

89 lines
6.3 KiB
Plaintext
Raw Normal View History

[Doc Assembly Branch] Vault 1.9 release (#12944) * new document for feature deprecation notice * fixed errors * Update website/content/docs/feature-deprecation-notice.mdx Co-authored-by: Meggie <meggie@hashicorp.com> * Update website/content/docs/feature-deprecation-notice.mdx Co-authored-by: Meggie <meggie@hashicorp.com> * Update website/content/docs/feature-deprecation-notice.mdx Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com> * Update website/content/docs/feature-deprecation-notice.mdx Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com> * Update feature-deprecation-notice.mdx * added new faq page * added content for faq * updated faq page based on aarti's feedback * added client count faq * fixed a broken link * added links * fixed spacing issue * added new release notes page * edited the client count faq * edited the feature deprecation faq * edited the featue deprecation notice and plans * edited the release notes * added new oidc provider doc * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * incorporated feedback * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * changed mnt_acc to mount_accessor * rewritting content * added doc link * fixed link error * fixed spacing error * incorporate additional feedback * more feedback * incorporated more feedback * fixed headings * fixed a heading * incorproate changes * incorporate feedback * modified RN based on feedback * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com> * updated final release notes * updated image * fixed link * added a new hyperlink to the etcd document * add and modify notes; update scope template * break identity docs into separate pages * fix nav for identity token * fix nav links; add links on overview * use real example IDs * fix typos * incorporated additional feedback Co-authored-by: Meggie <meggie@hashicorp.com> Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com> Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com> Co-authored-by: JM Faircloth <jmfaircloth@hashicorp.com>
2021-11-16 02:02:36 +00:00
---
layout: docs
page_title: Feature Deprecation FAQ
sidebar_title: FAQ
description: |-
An FAQ page to communicate frequently asked questions concering feature deprecations.
---
2022-03-24 18:30:41 +00:00
# Feature Deprecation FAQ
[Doc Assembly Branch] Vault 1.9 release (#12944) * new document for feature deprecation notice * fixed errors * Update website/content/docs/feature-deprecation-notice.mdx Co-authored-by: Meggie <meggie@hashicorp.com> * Update website/content/docs/feature-deprecation-notice.mdx Co-authored-by: Meggie <meggie@hashicorp.com> * Update website/content/docs/feature-deprecation-notice.mdx Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com> * Update website/content/docs/feature-deprecation-notice.mdx Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com> * Update feature-deprecation-notice.mdx * added new faq page * added content for faq * updated faq page based on aarti's feedback * added client count faq * fixed a broken link * added links * fixed spacing issue * added new release notes page * edited the client count faq * edited the feature deprecation faq * edited the featue deprecation notice and plans * edited the release notes * added new oidc provider doc * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * incorporated feedback * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * changed mnt_acc to mount_accessor * rewritting content * added doc link * fixed link error * fixed spacing error * incorporate additional feedback * more feedback * incorporated more feedback * fixed headings * fixed a heading * incorproate changes * incorporate feedback * modified RN based on feedback * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com> * updated final release notes * updated image * fixed link * added a new hyperlink to the etcd document * add and modify notes; update scope template * break identity docs into separate pages * fix nav for identity token * fix nav links; add links on overview * use real example IDs * fix typos * incorporated additional feedback Co-authored-by: Meggie <meggie@hashicorp.com> Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com> Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com> Co-authored-by: JM Faircloth <jmfaircloth@hashicorp.com>
2021-11-16 02:02:36 +00:00
This page provides frequently asked questions concerning decisions made about Vault feature deprecations. If you are looking for information about Vault licensing, refer to the [Licensing FAQ](/docs/enterprise/license/faq) page. Pleaser refer to the [Feature Deprecation Notice and Plans](/docs/deprecation) document for up-to-date information on Vault feature deprecations and notice.
- [Q: What is the impact on anyone using the legacy MFA feature?](#q-what-is-the-impact-on-anyone-using-the-legacy-mfa-feature)
- [Q: I'm currently using the Etcd storage backend feature. How does the deprecation impact me?](#q-i-m-currently-using-the-etcd-storage-backend-feature-how-does-the-deprecation-impact-me)
- [Q: What should I do if I use Mount Filters, AppID, or any of the standalone DB engines?](#q-what-should-i-do-if-i-use-mount-filters-appid-or-any-of-the-standalone-db-engines)
- [Q: What is the impact of removing support for X.509 certificates with signatures that use SHA-1?](#q-what-is-the-impact-of-removing-support-for-x-509-certificates-with-signatures-that-use-sha-1)
[Doc Assembly Branch] Vault 1.9 release (#12944) * new document for feature deprecation notice * fixed errors * Update website/content/docs/feature-deprecation-notice.mdx Co-authored-by: Meggie <meggie@hashicorp.com> * Update website/content/docs/feature-deprecation-notice.mdx Co-authored-by: Meggie <meggie@hashicorp.com> * Update website/content/docs/feature-deprecation-notice.mdx Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com> * Update website/content/docs/feature-deprecation-notice.mdx Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com> * Update feature-deprecation-notice.mdx * added new faq page * added content for faq * updated faq page based on aarti's feedback * added client count faq * fixed a broken link * added links * fixed spacing issue * added new release notes page * edited the client count faq * edited the feature deprecation faq * edited the featue deprecation notice and plans * edited the release notes * added new oidc provider doc * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * incorporated feedback * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * changed mnt_acc to mount_accessor * rewritting content * added doc link * fixed link error * fixed spacing error * incorporate additional feedback * more feedback * incorporated more feedback * fixed headings * fixed a heading * incorproate changes * incorporate feedback * modified RN based on feedback * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com> * updated final release notes * updated image * fixed link * added a new hyperlink to the etcd document * add and modify notes; update scope template * break identity docs into separate pages * fix nav for identity token * fix nav links; add links on overview * use real example IDs * fix typos * incorporated additional feedback Co-authored-by: Meggie <meggie@hashicorp.com> Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com> Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com> Co-authored-by: JM Faircloth <jmfaircloth@hashicorp.com>
2021-11-16 02:02:36 +00:00
### Q: What is the impact on anyone using the legacy MFA feature?
If you are an Enterprise Vault user, there is no impact. There are no changes to the Enterprise MFA offering.
If you are an OSS user and use the legacy MFA, this will impact you since we plan to deprecate the legacy MFA feature. However, while we will continue to provide support for MFA in Vault OSS in the upcoming Vault 1.10 release, our target is to remove the legacy MFA feature from the product in the following Vault 1.11 release. Therefore, you should plan to migrate to the new MFA feature when Vault OSS supports it.
### Q: I'm currently using the Etcd storage backend feature. How does the deprecation impact me?
The Etcd v2 has been deprecated with the release of Etcd v3.5 and will be decommissioned by Etcd v3.6. Etcd v2 API will be removed in Vault 1.10. The Etcd storage backend users should migrate Vault storage to an Etcd V3 cluster before upgrading to Vault 1.10. We recommend that you back up all storage migrations before upgrading.
If you are an Enterprise user, we recommend that you consider migrating to HashiCorp supported storage backends: **Integrated Storage** or **Consul** (if your use case requires you to use this). Your HashiCorp sales or support representative can assist you with this decision.
### Q: What should I do if I use Mount Filters, AppID, or any of the standalone DB engines?
These features were deprecated in prior releases of Vault. We are targeting the removal of these features from the product in the Vault 1.12 release. Please plan to upgrade to these features before the release of Vault 1.12. Refer to the table below for a list of alternative features.
[Doc Assembly Branch] Vault 1.9 release (#12944) * new document for feature deprecation notice * fixed errors * Update website/content/docs/feature-deprecation-notice.mdx Co-authored-by: Meggie <meggie@hashicorp.com> * Update website/content/docs/feature-deprecation-notice.mdx Co-authored-by: Meggie <meggie@hashicorp.com> * Update website/content/docs/feature-deprecation-notice.mdx Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com> * Update website/content/docs/feature-deprecation-notice.mdx Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com> * Update feature-deprecation-notice.mdx * added new faq page * added content for faq * updated faq page based on aarti's feedback * added client count faq * fixed a broken link * added links * fixed spacing issue * added new release notes page * edited the client count faq * edited the feature deprecation faq * edited the featue deprecation notice and plans * edited the release notes * added new oidc provider doc * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * incorporated feedback * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * changed mnt_acc to mount_accessor * rewritting content * added doc link * fixed link error * fixed spacing error * incorporate additional feedback * more feedback * incorporated more feedback * fixed headings * fixed a heading * incorproate changes * incorporate feedback * modified RN based on feedback * Update website/content/docs/concepts/oidc-provider.mdx Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com> * updated final release notes * updated image * fixed link * added a new hyperlink to the etcd document * add and modify notes; update scope template * break identity docs into separate pages * fix nav for identity token * fix nav links; add links on overview * use real example IDs * fix typos * incorporated additional feedback Co-authored-by: Meggie <meggie@hashicorp.com> Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com> Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com> Co-authored-by: JM Faircloth <jmfaircloth@hashicorp.com>
2021-11-16 02:02:36 +00:00
2022-03-16 23:29:56 +00:00
| Deprecated Feature | Alternative Feature |
| --------------------- | ------------------------------------------------------------------------------------------------------------------- |
| Mount Filters | [Path Filters](https://www.vaultproject.io/api-docs/system/replication/replication-performance#create-paths-filter) |
| AppID | [AppRole auth method](/docs/auth/approle) |
| Standalone DB engines | [Combined DB engines](/docs/secrets/databases) |
**Note:** After upgrading to 1.12, any attempt to unseal a core with one of the following features enabled will result in a core shutdown. This may temporarily be overridden using the `VAULT_ALLOW_PENDING_REMOVAL_MOUNTS` environment variable when launching the Vault server. These features will be officially removed from Vault in version 1.13 and this environment variable will not work. In order to upgrade to 1.13, you will have to completely disable all removed features.
### Q: What is the impact of removing support for X.509 certificates with signatures that use SHA-1?
Starting with Vault 1.12.0, Vault will be built with Go 1.18.
The Go 1.18 standard library X.509 signature validation [rejects signatures](https://go.dev/doc/go1.18#sha1) that use a SHA-1 hash.
If this issue impacts your usage of Vault, you can temporarily work around it by deploying Vault with the environment variable `GODEBUG=x509sha1=1` set.
This workaround will fail in a future version of Go, however, the Go team has not said when they will remove this workaround.
If you want to check whether a certificate or CA contains a problematic signature, you can use the OpenSSL CLI:
```shell-session
$ openssl x509 -text -noout -in somecert.pem | grep sha1
Signature Algorithm: sha1WithRSAEncryption
Signature Algorithm: sha1WithRSAEncryption
```
Any signature algorithms that contain `sha1` will be potentially problematic.
Here are the use cases that may still use certificates with SHA-1:
#### Auth Methods
- [AWS Auth Method](/docs/auth/aws): [AWS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html) can use SHA-1-based PKCS7 signatures for DSA key pairs.
- [Cloud Foundry (CF) Auth Method ](/docs/auth/cf)
- [Kerberos Auth Method](/docs/auth/kerberos)
- [Kubernetes Auth Method](/docs/auth/kubernetes)
- [LDAP Auth Method](/docs/auth/ldap)
- [JWT/OIDC Auth Method](/docs/auth/jwt/)
- [TLS Certificates Auth Method](/docs/auth/cert)
#### Database Secrets Engines
- [Cassandra Database Secrets Engine](/docs/secrets/databases/cassandra)
- [Couchbase Database Secrets Engine](/docs/secrets/databases/couchbase)
- [Elasticsearch Database Secrets Engine](/docs/secrets/databases/elasticdb)
- [InfluxDB Database Secrets Engine](/docs/secrets/databases/influxdb)
- [MongoDB Database Secrets Engine](/docs/secrets/databases/mongodb)
- [MySQL/MariaDB Database Secrets Engine](/docs/secrets/databases/mysql-maria)
#### Secrets Engines
- [Active Directory Secrets Engine](/docs/secrets/ad)
- [Consul Secrets Engine](/docs/secrets/consul)
- [Kubernetes Secrets Engine](/docs/secrets/kubernetes)
- [Nomad Secrets Engine](/docs/secrets/nomad)
- [OpenLDAP Secrets Engine](/docs/secrets/openldap)
- [PKI Secrets Engine](/docs/secrets/pki/)