From 30f470915f390dcdb85f44a94078ce506d041b37 Mon Sep 17 00:00:00 2001
From: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
Date: Tue, 17 Aug 2021 11:27:32 -0500
Subject: [PATCH] docs: draft update guide for identity token roles (#12337)

---
 website/content/docs/upgrading/upgrade-to-1.9.0.mdx | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/website/content/docs/upgrading/upgrade-to-1.9.0.mdx b/website/content/docs/upgrading/upgrade-to-1.9.0.mdx
index 313969650..b601082dc 100644
--- a/website/content/docs/upgrading/upgrade-to-1.9.0.mdx
+++ b/website/content/docs/upgrading/upgrade-to-1.9.0.mdx
@@ -14,3 +14,14 @@ official guidance until the release has been completed.
 This page contains the list of deprecations and important or breaking changes
 for Vault 1.9.0 compared to 1.8. Please read it carefully.
 
+## Identity Tokens
+
+The Identity secrets engine has changed the procedure for creating Identity
+token roles. When creating a role, the key parameter is required and the key
+must exist. Previously, it was possible to create a role and assign it a named
+key that did not yet exist despite the documentation stating otherwise.
+
+All calls to [create or update a role](https://www.vaultproject.io/api/secret/identity/tokens#create-or-update-a-role)
+must be checked to ensure that roles are not being created or updated with
+non-existent keys.
+