open-vault/website/content/docs/upgrading/upgrade-to-1.5.0.mdx

94 lines
3.3 KiB
Plaintext

---
layout: docs
page_title: Upgrading to Vault 1.5.0 - Guides
description: |-
This page contains the list of deprecations and important or breaking changes
for Vault 1.5.0. Please read it carefully.
---
# Overview
This page contains the list of deprecations and important or breaking changes
for Vault 1.5.0 compared to 1.4.1. Please read it carefully.
## Google Cloud Storage `credentials_file` removed
The deprecated `credentials_file` config option has been removed. The `GOOGLE_APPLICATION_CREDENTIALS`
environment variable or default credentials may be used instead. See
[GCS Authentication](https://www.vaultproject.io/docs/configuration/storage/google-cloud-storage#gcs-authentication)
for details on supported options.
## Raft Configuration
A new Raft configuration value, `max_entry_size`, has been introduced. This value
limits the size in bytes for a Raft K/V entry. It applies to both put operations and
transactions. Any put or transaction operation exceeding this configuration value
will cause the respective operation to fail. The default value for this
configuration is 1MiB.
In addition, a new metric has been introduced, `vault.raft-storage.entry_size`,
that allows for operators to sample the entry size, view the average, and adjust
the configuration value as necessary. For additional details, please see
[Raft configuration](/docs/configuration/storage/raft).
## Enabling telemetry on 32-bit systems will cause Vault to crash.
A workaround for this issue is to disable collection of usage gauges in
the [telemetry](/docs/configuration/telemetry) stanza of the configuration.
```
telemetry {
...
usage_gauge_period = "none"
}
```
This will suppress the metrics `vault.identity.entity.count`,
`vault.identity.entity.alias.count`, `vault.token.count`, `vault.token.count.by_auth`,
`vault.token.count.by_policy`, `vault.token.count.by_ttl` and `vault.secret.kv.count`
that were introduced in version 1.5.0, but all other Vault telemetry will remain available.
## Zero-length keys in key-value stores will cause Vault to crash.
A key-value data store might have a zero-length key, created before the request handling was
modified to make this operation impossible. The metrics collection process crashes if it encounters
this while counting the number of KV secrets.
A workaround for this issue is to disable collection of usage gauges in
the [telemetry](/docs/configuration/telemetry) stanza of the configuration.
```
telemetry {
...
usage_gauge_period = "none"
}
```
This will disable all the metrics listed in the previous section. Or, set the environment value
`VAULT_DISABLE_KV_GAUGE`, which will disable only `vault.secret.kv.count`.
## Non-string values in seal config prevent startup
Any values in the [Seal configuration stanza](/docs/configuration/seal)
that are not quoted strings yield a parse error of the form:
```
error loading "/etc/vault.d/config_seal.hcl": error parsing 'seal': seal.pkcs11: unable to parse 'purpose' in kms type "pkcs11": value could not be parsed as string
```
The error is not actually with the `purpose` field, but rather with other config fields such as:
```
mechanism = 0x1082
```
The workaround is to quote the strings in question, as in:
```
mechanism = "0x1082"
```
@include 'okta-group-pagination.mdx'
@include 'aws-imds-timeout-upgrade.mdx'