parent
e335f92e75
commit
841507c314
|
@ -121,6 +121,7 @@ Plugins using sdk/useragent.String must instead use sdk/useragent.PluginString.
|
||||||
|
|
||||||
FEATURES:
|
FEATURES:
|
||||||
|
|
||||||
|
* **User lockout**: Ignore repeated bad credentials from the same user for a configured period of time. Enabled by default.
|
||||||
* **Azure Auth Managed Identities**: Allow any Azure resource that supports managed identities to authenticate with Vault [[GH-19077](https://github.com/hashicorp/vault/pull/19077)]
|
* **Azure Auth Managed Identities**: Allow any Azure resource that supports managed identities to authenticate with Vault [[GH-19077](https://github.com/hashicorp/vault/pull/19077)]
|
||||||
* **Azure Auth Rotate Root**: Add support for rotate root in Azure Auth engine [[GH-19077](https://github.com/hashicorp/vault/pull/19077)]
|
* **Azure Auth Rotate Root**: Add support for rotate root in Azure Auth engine [[GH-19077](https://github.com/hashicorp/vault/pull/19077)]
|
||||||
* **Event System (Alpha)**: Vault has a new opt-in experimental event system. Not yet suitable for production use. Events are currently only generated on writes to the KV secrets engine, but external plugins can also be updated to start generating events. [[GH-19194](https://github.com/hashicorp/vault/pull/19194)]
|
* **Event System (Alpha)**: Vault has a new opt-in experimental event system. Not yet suitable for production use. Events are currently only generated on writes to the KV secrets engine, but external plugins can also be updated to start generating events. [[GH-19194](https://github.com/hashicorp/vault/pull/19194)]
|
||||||
|
|
|
@ -15,7 +15,20 @@ for Vault 1.13.x compared to 1.12. Please read it carefully.
|
||||||
|
|
||||||
@include 'consul-dataplane-upgrade-note.mdx'
|
@include 'consul-dataplane-upgrade-note.mdx'
|
||||||
|
|
||||||
### Active Directory Secrets Engine Deprecation
|
### User lockout
|
||||||
|
|
||||||
|
As of version 1.13, Vault will stop trying to validate user credentials if the
|
||||||
|
user submits multiple invalid credentials in quick succession. During lockout,
|
||||||
|
Vault ignores requests from the barred user rather than responding with a
|
||||||
|
permission denied error.
|
||||||
|
|
||||||
|
User lockout is enabled by default with a lockout threshold of 5 attempt, a
|
||||||
|
lockout duration of 15 minutes, and a counter reset window of 15 minutes.
|
||||||
|
|
||||||
|
For more information, refer to the [User lockout](/vault/docs/concepts/user-lockout)
|
||||||
|
overview.
|
||||||
|
|
||||||
|
### Active directory secrets engine deprecation
|
||||||
|
|
||||||
The Active Directory (AD) secrets engine has been deprecated as of the Vault 1.13 release.
|
The Active Directory (AD) secrets engine has been deprecated as of the Vault 1.13 release.
|
||||||
We will continue to support the AD secrets engine in maintenance mode for six major Vault
|
We will continue to support the AD secrets engine in maintenance mode for six major Vault
|
||||||
|
|
Loading…
Reference in New Issue