v3.13.0

FEATURES:

• Add new resource for AWS Auth Backend config identity: (#1724)
• Support default_user_template field on vault_ssh_secret_backend_role: (#1725)

IMPROVEMENTS:

• Secrets from the AD, AWS, Azure & Nomad Secrets Engines are sensitive: (#1726)
• Add enterprise check for new Raft Autopilot parameter: (#1721)

BUGS:

• Fix KVV2 datasource upon retrieval of soft deleted secrets: (#1760)
• Fix issue where removing optional fields in database secrets backend connection resource did not reset the fields to their default values: (#1737)
• Fix construction of metadata path in KV V2 resource: (#1722)

v3.12.0

IMPROVEMENTS:

• Add support for importing the PKI CRL config: (#1710)
• Ensure duplicate alias names are handled properly in LookupEntityAlias: (#1708)
• Add support for a Raft Autopilot State datasource: (#1705)
• Add support for adding metadata to a KV V2 Secret: (#1687)
• Set AWS credentials sensitive: (#1678)
• Set ForceNew on the path field of namespaces: (#1713)

BUGS:

• Fix removed MSGraph param in Azure Secrets: (#1682)
• Fix KV V2 data source when specifying a version: (#1677)
• Ensure that vault_kv_secret_backend_v2 mount is correctly imported: (#1701)

v3.11.0

IMPROVEMENTS:

• Add Basic Constraints attribute to vault_pki_secret_backend_intermediate_cert_request: (#1661)
• Add Redis database secrets engine support: (#1659)
• Add support for setting deletion_allowed on a transformation: (#1650)

BUGS:

• Fix panic while importing MFA Duo resource: (#1669)
• Fix GCP auth with service account credentials: (#1648)

v3.10.0

IMPROVEMENTS:

• Add support for externally managed Group Member IDs to Vault Identity Group: (#1630)
• Support configuring vault version handling: (#1646)

BUGS:

• Ensure that namespaced github auth mounts are destroyed: (#1637)
• Ensure all AuthLogin instances are validated on call to Login(): (#1631)

v3.9.1

BUGS:

• Use the correct AWS login headers within auth_generic: (#1625)
• Fix resource recreation following out-of-band changes in Vault: (#1567)

v3.9.0

IMPROVEMENTS:

• Add first-class Azure login support: (#1617)
• Add first-class OIDC andJWT login support: (#1615)
• Add first-class OCI login support: (#1614)
• Add first-class Radius login support: (#1609)
• Add first-class Kerberos login support: (#1608)
• Add first-class GCP login support: (#1607)
• Add first-class TLS certificates login support: (#1605)
• Add first-class auth login config support for AWS: (#1599) (#1618)
• Add support for login MFA resources: (#1620)
• Add Managed Keys support: (#1508)
• Add support to perform semantic version comparisons against Vault's server version: (#1426)
• Add Mount Migration support to all secrets/auth backends: (#1594)
• Use new semantic version checking for Consul secrets backend logic: (#1593)
• Docs: Fix vault_kv_secret_backend_v2 delete_version_after example: (#1602)
• Support creating Azure secret backend role by specifying the role_id: (#1573)
• Add Redis ElastiCache database secrets engine support: (#1596)
• vault_pki_secret_backend_cert: Report when renewal is pending: (#1597)
• Accept data source values in the token field for Consul secrets backend: (#1600)

BUGS:

• Fix erroneous persistent diff in the vault_token resource.: (#1622)
• Fix data_source_azure_access_credentials US Government Cloud: (#1590)
• Add kv-v2 write retry: (#1579)

v3.8.2

IMPROVEMENTS:

• Add bootstrap field to Consul backend resources: (#1571)
• Add data field to KV data sources: (#1577)

BUGS:

• fix: remove unnecessary nesting of secret data for KV-V1 secrets: (#1570)

NOTES:

• vault_kv_secret no longer stores secrets in Vault under a nested data object.
  In versions 3.8.1 and below, the kv resource inadvertently nested the value under data.
  To remedy this please update any consumers of this KV and run a terraform apply to properly set the value.

v3.8.1

IMPROVEMENTS:

• docs: Fix broken provider.namespace links: (#1562)
• docs: Add Azure example for r/raft_snapshot_agent_config: (#1534)
• docs: Document namespaced resource import: (#1561)
• docs: Add more visible note that d/aws_access_credentials cannot be renewed: (#1464)

BUGS:

• fix: Persist namespace to state on resource import: (#1563)
• fix: Update all transform resources with namespace support: (#1558)
• fix: Make password_policy conflict with the formatter field: (#1557)
• fix: Correct typo in r/pki_secret_backend_root_cert description: (#1511)

v3.8.0

FEATURES:

• Adds support for Kubernetes secrets engine:
  (#1515)
• PKI: Add support for CPS URL in custom policy identifiers:
  (#1495)

IMPROVEMENTS:

• Fix Import for OIDC Scope resource:
  (#1548)
• Update entity alias creation to use entity lookup api:
  (#1517)
  (#1552)
• Add support for Consul secrets engine enhancements:
  (#1518)
• auth/gcp: adds custom_endpoint parameter to backend config:
  (#1482)
• auth/jwt: adds user_claim_json_pointer and max_age to roles:
  (#1478)

BUGS:

• Support updating backend descriptions:
  (#1550)
  (#1543)
• Properly set the base64_pem in Vault for Couchbase:
  (#1545)
• Fix bug where some rabbitmq config changes trigger erroneous mount recreation:
  (#1542)
• Update *kv_secrets* resources to support namespaces:
  (#1529)
• Do not validate JSON on OIDC scope template:
  (#1547)

v3.7.0

FEATURES:

• Support setting namespace by resource
  (#1305)
  (#1479)
• Add dedicated KV (v1/v2) secret engine resources, and data sources, supersedes vault_generic_secret
  (#1457)

IMPROVEMENTS:

• Update vault libs to v1.10.3
  (#1483)
• Drop debug log calls containing the full vault response
  (#1477)
• resource/token: Add metadata support
  (#1470)
• resource/vault_ldap_auth_backend: support LDAP username_as_alias attribute:
  (#1460)
• resource/vault_quota_rate_limit: Add support for interval and block_interval:
  (#1084)
• ci: Test against vault-enterprise 1.10.3-ent:
  (#1461)

BUGS:

• resource/auth_backend: validate path, disallowing leading/trailing /
  (#1471)
• resource/vault_jwt_auth_backend_role: fix bound_claims not being unset when empty
  (#1469)
• resource/cert_auth_backend: add the correct field name: allowed_organizational_units
  (#1496)