github hashicorp/terraform-provider-vault v5.4.0
on GitHub

20 hours ago

5.4.0 (Nov 3, 2025)

BEHAVIOR CHANGES: Please refer to the upgrade topics
in the guide for details on all behavior changes.

FEATURES:

  • Add support for Azure Static Secrets: (#2635)
  • Add support for write-only token argument in vault_terraform_cloud_secret_backend resource (#2603)
  • New parameters for vault_terraform_cloud_secret_role to support multi-team tokens, by @drewmullen (#2498)
  • Add support for tune in vault_saml_auth_backend resource (#2566)
  • Add support for tune in vault_ldap_auth_backend and vault_okta_auth_backend resources (#2602)
  • Add support for allowed_sts_header_values parameter in vault_aws_auth_backend_client resource to specify additional headers allowed in STS requests
  • New parameters for vault_gcp_secret_backend to support ttl and max_ttl, by @vijayavelsekar (#2627)
  • Add support for request_timeout, dereference_aliases,enable_samaccountname_login and anonymous_group_search parameters in vault_ldap_auth_backend resource.(#2634)
  • Add support for max_retries parameter in vault_aws_secret_backend resource. (#2623)
  • Add support for iam_alias, iam_metadata, gce_alias and gce_metadata fields in vault_gcp_auth_backend resource (#2636)
  • Add support for role_id field in vault_gcp_auth_backend_role resource (#2636)
  • Add retry configuration fields (max_retries, retry_delay, max_retry_delay) to vault_azure_auth_backend_config resource for Azure API request resilience (#2629)
  • Add new resources vault_spiffe_auth_backend_config and vault_spiffe_auth_backend_role (#2620)
  • Add support for mfa_serial_number parameter in vault_aws_secret_backend_role resource. (#2637)
  • Add support for persist_appparameters in vault_azure_secret_backend_role resource.
    (#2642)

BUGS:

  • Fix pki config resources to allow unsetting of fields (to empty fields) (#2558)
  • Fix tune auth mounts to allow unsetting of fields (setting fields to empty values) (#2605)
  • Fix vault_pki_secret_backend_crl_config resource to allow disabling flags previously set to true (#2615)
  • Fix the tune block issue where it always updates unless field values match Vault server defaults
    • vault_jwt_auth_backend resource (#2560)
    • vault_github_auth_backend and vault_auth_backend resources (#2565)
    • vault_saml_auth_backend resource (#2566)
    • vault_gcp_auth_backend and vault_oci_auth_backend resources (#2596)
Check out latest releases or
releases around hashicorp/terraform-provider-vault v5.4.0

Don't miss a new terraform-provider-vault release

NewReleases is sending notifications on new releases.

Get notifications