HashiCorp Vault 1.8 Adds Diagnostic Command, Key Management Secrets Engine, and Expiration Manager


HashiCorp Vault 1.8 brings notable features and enhancements to the privacy and privacy product, including Vault Diagnose, Built-in Storage Autopilot, Key Management Secret Engine for AWS, Expiration Manager enhancements, and triggers control group.

Vault helps users manage secrets and protect sensitive data using the UI, CLI, or HTTP API.

In the community office hours from Vault, Stephen Wayne, software engineer at HashiCorp, highlighted the major improvements to the expiration manager and why this is important to Vault. The expiry manager is used to manage the lease lifecycle. All dynamic secrets in Vault must have a lease.

Chest 1.7 and earlier versions have obvious limitations, especially when it comes to revocation, such as leases must be revoked from the system they are associated with, one worker per revocation, irrevocable lease revocation retried on Vault startup, and many concurrent revocations consume the resources needed by other Vault components. Revocation is essential because it facilitates the rotation of keys as well as the locking of systems in the event of an intrusion.

With Chest 1.8, it has the ability to mark certain leases as irrevocable, offers fair sharing logic to facilitate lease revocations, and adds an HTTP API and CLI for operators to get information about irrevocable leases. Fortunately, Vault 1.8 achieves the expected results from an end-user perspective, such as more efficient use of resources, more lease status observability, and more deadlock on startup. Now, Vault has improved support for lease revocation.

Vault Diagnose was introduced in Vault 1.8 to allow faster troubleshooting and user-friendly diagnostics when Vault does not start or crashes. This means that the diagnostic command can be used safely regardless of the state Vault is in. Hridoy Roy, HashiCorp Software Engineer, walks through the Vault Diagnose command and explains why and how Vault Diagnose is in community office hours.

Since customers face the challenges of vault configurations such as misconfigured TLS and certification issues, HashiCorp designed Vault Diagnose to detect some of the common causes of vault bad behavior before they occur. Vault Diagnose uses OpenTelemetry scopes to store diagnostic information. It goes through the tree and warns, fails or passes every check with many human readable messages. Hridoy also showed a live demo to introduce basic use of diagnostic operator control with improperly configured storage or even when Vault is down.

The changelog and release notes list all changes in Vault 1.8. You can also consult the official announcement to find the features of the company.

Source link


Comments are closed.