4.7.0 (Mar 12, 2025)
FEATURES:
- Update
vault_pki_secret_backend_root_cert
andvault_pki_secret_backend_root_sign_intermediate
to support the new fields for the name constraints extension. Requires Vault 1.19+ (#2396). - Update
vault_pki_secret_backend_issuer
resource with the new issuer configuration fields to control certificate verification. Requires Vault Enterprise 1.19+ (#2400). - Add support for certificate revocation with
revoke_with_key
invault_pki_secret_backend_cert
(#2242) - Add support for signature_bits field to
vault_pki_secret_backend_role
,vault_pki_secret_backend_root_cert
,vault_pki_secret_backend_root_sign_intermediate
andvault_pki_secret_backend_intermediate_cert_request
([#2401])(#2401) - Add support for key_usage and serial_number to
vault_pki_secret_backend_intermediate_cert_request
([#2404])(#2404) - Add support for
skip_import_rotation
invault_database_secret_backend_static_role
. Requires Vault Enterprise 1.18.5+ (#2386). - Add support for
not_after
invault_pki_secret_backend_cert
,vault_pki_secret_backend_role
,vault_pki_secret_backend_root_cert
,vault_pki_secret_backend_root_sign_intermediate
, andvault_pki_secret_backend_sign
(#2385). - Update
vault_pki_secret_backend_config_acme
to support themax_ttl
field. #2411 - Add new data source
vault_ssh_secret_backend_sign
. (#2409) - Add support for
disabled_validations
invault_pki_secret_backend_config_cmpv2
#2412 - Add
credential_type
andcredential_config
todatabase_secret_backend_static_role
to support features like rsa keys for Snowflake DB engines with static roles #2384 - Add support for missing parameters to
vault_pki_secret_backend_root_sign_intermediate
:not_before_duration
,skid
anduse_pss
#2417 - Add support for
use_pss
,no_store_metadata
, andserial_number_source
tovault_pki_secret_backend_role
#2420 - Add support for Transit
sign
andverify
endpoints (#2418) - Add new data source
vault_pki_secret_backend_cert_metadata
and support forcert_metadata
invault_pki_secret_backend_cert
andvault_pki_secret_backend_sign
#2422 - Add support for
max_crl_entries
invault_pki_secret_backend_crl_config
#2423 - Add support for new Automated Root Rotation parameters in several plugins. Requires Vault Enterprise 1.19.0+.
- Add new resource
vault_pki_secret_backend_config_auto_tidy
to set PKI automatic tidy configuration #1934 - Add support for cross-account management of static roles in AWS Secrets: (#2413)
BUGS:
- Do not panic on Vault PKI roles without the cn_validations field: (#2398)
IMPROVEMENTS:
- Update pki_secret_backend_crl_config to be more resilent to unknown response fields (#2429)