Skip to content

Spring Vault 2.4.0 M1 Release Notes

Jump to bottom Edit New page
Mark Paluch edited this page May 27, 2022 · 2 revisions

Upgrading from Spring Vault 2.3

Minimum Requirements Changes

None.

New and Noteworthy

Support for PEM-encoded certificates and private keys including Elliptic Curve ("EC")

A new parser for certificate data is now available to parse DER- and PEM-encoded certificates and keys. The encoding is detected from the certificate data. Elliptic Curve keys are now supported in addition to RSA keys and certificates without additional dependencies by using our own ASN.1 parser. Keys may be represented with their ASN.1 syntax or provided as PKCS#8 container (without encryption).

Support for Vault Repositories using versioned Key/Value secrets engines

Vault repositories can now store and retrieve their secrets within versioned Key/Value secrets engines (k/v version 2). The engine version is determined during runtime and the setup does not require any configuration.

Using versioned secrets allows participating in optimistic locking when defining a @Version property in the domain model.

See the updated reference documentation for details.

Support for Vault-based RevisionRepository using versioned Key/Value secrets engines

Vault repositories can now store and retrieve their secrets within versioned Key/Value secrets engines (k/v version 2). The engine version is determined during runtime and the setup does not require any configuration.

See the updated reference documentation for details.

Dependency Upgrades

Spring Vault 2.4 moves to new versions of several Spring projects:

  • Spring Data 2021.2.0

  • Spring Framework 5.3.20

Numerous third-party dependencies have also been updated, some of the more noteworthy of which are the following:

  • Jackson 2.13.3

  • Netty 4.1.77

  • Kotlin 1.6

  • Google Cloud IAMcredential 2.2.0

  • Google OAuth2 Auth Library 1.7.0

  • BouncyCastle 1.70

Miscellaneous

Apart from the changes listed above, there have also been lots of minor tweaks and improvements including:

  • Version bump of the Azure Instance Metadata API from 2017-08-01 to 2017-12-01

  • Upgrade to newer Google Cloud IAMcredential versions. The default artifact now uses GSON for JSON serialization. You can add the Google Jackson adapter to continue using Jackson.

  • Enabled AzureMsiAuthentication for reactive usage via AuthenticationSteps

  • Username-and-password authentication for userpass and ldap backends

  • Exposure of the CA chain through CertificateBundle

Deprecations in Spring Vault 2.4

  • Deprecation of the netty-based ClientHttpRequestFactory for removal in Spring Vault 3.0

Add a custom footer

Pages

Release Notes

Development Process

Clone this wiki locally