luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Update upgrade guide and changelog with AWS Auth deprecations (#11201)

This commit is contained in:
Jim Kalafut 2021-03-26 15:32:15 -07:00 committed by GitHub
parent c44f18e3e4
commit 11f43ef6a6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 24 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CHANGELOG.md
View File

@ -5,6 +5,12 @@
CHANGES:
* aws/auth: AWS Auth concepts and endpoints that use the "whitelist" and "blacklist" terms
have been updated to more inclusive language (e.g. `/auth/aws/identity-whitelist` has been
updated to`/auth/aws/identity-accesslist`). The old and new endpoints are aliases,
sharing the same underlying data. The legacy endpoint names are considered **deprecated**
and will be removed in a future release (not before Vault 1.9). The complete list of
endpoint changes is available in the [AWS Auth API docs](/api-docs/auth/aws#deprecations-effective-in-vault-1-7).
* go: Update Go version to 1.15.10 [[GH-11173](https://github.com/hashicorp/vault/pull/11173)]
FEATURES:
@ -127,6 +133,10 @@ the given key will be used to encrypt the snapshot using AWS KMS.
* ui: Fix expected response from feature-flags endpoint [[GH-10684](https://github.com/hashicorp/vault/pull/10684)]
* ui: Fix footer URL linking to the correct version changelog. [[GH-10491](https://github.com/hashicorp/vault/pull/10491)]
DEPRECATIONS:
* aws/auth: AWS Auth endpoints that use the "whitelist" and "blacklist" terms have been deprecated.
Refer to the CHANGES section for additional details.
## 1.6.3
### February 25, 2021

19
website/content/docs/upgrading/upgrade-to-1.7.0.mdx
View File

@ -14,13 +14,22 @@ for Vault 1.7.0 compared to 1.6. Please read it carefully.
## Barrier Key Auto-Rotation
If your Vault installation is at least a year old, the barrier key will be
automatically rotated once, and then subsequently will be rotated per the
settings in the new `sys/rotate/config` endpoint. This is a precaution to
ensure the number of encryptions performed by the barrier key is fewer than that
recommended by
If your Vault installation is at least a year old, the barrier key will be
automatically rotated once, and then subsequently will be rotated per the
settings in the new `sys/rotate/config` endpoint. This is a precaution to
ensure the number of encryptions performed by the barrier key is fewer than that
recommended by
[NIST SP 800-38D](https://csrc.nist.gov/publications/detail/sp/800-38d/final).
## AWS Auth Endpoint Changes and Deprecations
AWS Auth concepts and endpoints that use the "whitelist" and "blacklist" terms
have been updated to more inclusive language (e.g. `/auth/aws/identity-whitelist` has been
updated to`/auth/aws/identity-accesslist`). The old and new endpoints are aliases,
sharing the same underlying data. The legacy endpoint names are considered **deprecated**
and will be removed in a future release (not before Vault 1.9). The complete list of
endpoint changes is available in the [AWS Auth API docs](/api-docs/auth/aws#deprecations-effective-in-vault-1-7).
## Known Issues
Due to the known issue, Transform Secrets Engine users are recommended to upgrade to version 1.6.4 or 1.7.0.