github hashicorp/terraform-provider-vault v4.7.0

2 days ago

4.7.0 (Mar 12, 2025)

FEATURES:

  • Update vault_pki_secret_backend_root_cert and vault_pki_secret_backend_root_sign_intermediate to support the new fields for the name constraints extension. Requires Vault 1.19+ (#2396).
  • Update vault_pki_secret_backend_issuer resource with the new issuer configuration fields to control certificate verification. Requires Vault Enterprise 1.19+ (#2400).
  • Add support for certificate revocation with revoke_with_key in vault_pki_secret_backend_cert (#2242)
  • Add support for signature_bits field to vault_pki_secret_backend_role, vault_pki_secret_backend_root_cert, vault_pki_secret_backend_root_sign_intermediate and vault_pki_secret_backend_intermediate_cert_request ([#2401])(#2401)
  • Add support for key_usage and serial_number to vault_pki_secret_backend_intermediate_cert_request ([#2404])(#2404)
  • Add support for skip_import_rotation in vault_database_secret_backend_static_role. Requires Vault Enterprise 1.18.5+ (#2386).
  • Add support for not_after in vault_pki_secret_backend_cert, vault_pki_secret_backend_role, vault_pki_secret_backend_root_cert, vault_pki_secret_backend_root_sign_intermediate, and vault_pki_secret_backend_sign (#2385).
  • Update vault_pki_secret_backend_config_acme to support the max_ttl field. #2411
  • Add new data source vault_ssh_secret_backend_sign. (#2409)
  • Add support for disabled_validations in vault_pki_secret_backend_config_cmpv2 #2412
  • Add credential_type and credential_config to database_secret_backend_static_role to support features like rsa keys for Snowflake DB engines with static roles #2384
  • Add support for missing parameters to vault_pki_secret_backend_root_sign_intermediate: not_before_duration, skid and use_pss #2417
  • Add support for use_pss, no_store_metadata, and serial_number_source to vault_pki_secret_backend_role #2420
  • Add support for Transit sign and verify endpoints (#2418)
  • Add new data source vault_pki_secret_backend_cert_metadata and support for cert_metadata in vault_pki_secret_backend_cert and vault_pki_secret_backend_sign #2422
  • Add support for max_crl_entries in vault_pki_secret_backend_crl_config #2423
  • Add support for new Automated Root Rotation parameters in several plugins. Requires Vault Enterprise 1.19.0+.
  • Add new resource vault_pki_secret_backend_config_auto_tidy to set PKI automatic tidy configuration #1934
  • Add support for cross-account management of static roles in AWS Secrets: (#2413)

BUGS:

  • Do not panic on Vault PKI roles without the cn_validations field: (#2398)

IMPROVEMENTS:

  • Update pki_secret_backend_crl_config to be more resilent to unknown response fields (#2429)

Don't miss a new terraform-provider-vault release

NewReleases is sending notifications on new releases.