94 lines
3.3 KiB
Plaintext
94 lines
3.3 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Upgrading to Vault 1.5.0 - Guides
|
|
description: |-
|
|
This page contains the list of deprecations and important or breaking changes
|
|
for Vault 1.5.0. Please read it carefully.
|
|
---
|
|
|
|
# Overview
|
|
|
|
This page contains the list of deprecations and important or breaking changes
|
|
for Vault 1.5.0 compared to 1.4.1. Please read it carefully.
|
|
|
|
## Google Cloud storage `credentials_file` removed
|
|
|
|
The deprecated `credentials_file` config option has been removed. The `GOOGLE_APPLICATION_CREDENTIALS`
|
|
environment variable or default credentials may be used instead. See
|
|
[GCS Authentication](/vault/docs/configuration/storage/google-cloud-storage#gcs-authentication)
|
|
for details on supported options.
|
|
|
|
## Raft configuration
|
|
|
|
A new Raft configuration value, `max_entry_size`, has been introduced. This value
|
|
limits the size in bytes for a Raft K/V entry. It applies to both put operations and
|
|
transactions. Any put or transaction operation exceeding this configuration value
|
|
will cause the respective operation to fail. The default value for this
|
|
configuration is 1MiB.
|
|
|
|
In addition, a new metric has been introduced, `vault.raft-storage.entry_size`,
|
|
that allows for operators to sample the entry size, view the average, and adjust
|
|
the configuration value as necessary. For additional details, please see
|
|
[Raft configuration](/vault/docs/configuration/storage/raft).
|
|
|
|
## Enabling telemetry on 32-bit systems will cause Vault to crash.
|
|
|
|
A workaround for this issue is to disable collection of usage gauges in
|
|
the [telemetry](/vault/docs/configuration/telemetry) stanza of the configuration.
|
|
|
|
```
|
|
telemetry {
|
|
...
|
|
usage_gauge_period = "none"
|
|
}
|
|
```
|
|
|
|
This will suppress the metrics `vault.identity.entity.count`,
|
|
`vault.identity.entity.alias.count`, `vault.token.count`, `vault.token.count.by_auth`,
|
|
`vault.token.count.by_policy`, `vault.token.count.by_ttl` and `vault.secret.kv.count`
|
|
that were introduced in version 1.5.0, but all other Vault telemetry will remain available.
|
|
|
|
## Zero-length keys in key-value stores will cause Vault to crash.
|
|
|
|
A key-value data store might have a zero-length key, created before the request handling was
|
|
modified to make this operation impossible. The metrics collection process crashes if it encounters
|
|
this while counting the number of KV secrets.
|
|
|
|
A workaround for this issue is to disable collection of usage gauges in
|
|
the [telemetry](/vault/docs/configuration/telemetry) stanza of the configuration.
|
|
|
|
```
|
|
telemetry {
|
|
...
|
|
usage_gauge_period = "none"
|
|
}
|
|
```
|
|
|
|
This will disable all the metrics listed in the previous section. Or, set the environment value
|
|
`VAULT_DISABLE_KV_GAUGE`, which will disable only `vault.secret.kv.count`.
|
|
|
|
## Non-string values in seal config prevent startup
|
|
|
|
Any values in the [Seal configuration stanza](/vault/docs/configuration/seal)
|
|
that are not quoted strings yield a parse error of the form:
|
|
|
|
```
|
|
error loading "/etc/vault.d/config_seal.hcl": error parsing 'seal': seal.pkcs11: unable to parse 'purpose' in kms type "pkcs11": value could not be parsed as string
|
|
```
|
|
|
|
The error is not actually with the `purpose` field, but rather with other config fields such as:
|
|
|
|
```
|
|
mechanism = 0x1082
|
|
```
|
|
|
|
The workaround is to quote the strings in question, as in:
|
|
|
|
```
|
|
mechanism = "0x1082"
|
|
```
|
|
|
|
@include 'okta-group-pagination.mdx'
|
|
|
|
@include 'aws-imds-timeout-upgrade.mdx'
|