Skip to content

chore(deps): update terraform vault to v5 #450

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update terraform vault to v5 #450

wants to merge 1 commit into from
+1 −1

Conversation

soerenschneider
Copy link
Owner

@soerenschneider soerenschneider commented Jul 7, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
vault (source) required_provider major 4.8.0 -> 5.3.0

Release Notes

hashicorp/terraform-provider-vault (vault)

v5.3.0

Compare Source

FEATURES:

  • Add support for password phrases via the credential_type field in the vault_ldap_secret_backend resource (#​2548)

IMPROVEMENTS:

  • build(deps): bump the gomod-backward-compatible group with 5 updates: GH-2583
  • Move to the standard CRT release workflow and tooling: GH-2582

BUGS:

  • Fix azure_secret_backend_role to prevent persistent diff for null value on max_ttl and explicit_max_ttl argument (#​2581)

v5.2.1

Compare Source

BUGS:

  • Fix a failure to initialize the provider due to incompatible dependencies (#​2575)
  • Fix auth_login_gcp field constraint on field credentials service_account
  • Fix auth_login_azure field constraint on field vmss_name tenant_id client_id scope
  • Fix auth_login_kerberos field constraint on fields username service realm krb5conf_path keytab_path disable_fast_negotiation remove_instance_name
  • Fix auth_login_userpass field constraint on field password_file
  • Fix auth_login field constraint on field use_root_namespace
  • Fix to allow Snowflake keypair auth with Vault 1.16+ (#​2575)

v5.2.0

Compare Source

FEATURES:

  • Add support for jwks_pairs in vault_jwt_auth_backend resource. Requires Vault 1.16+ (#​2523)
  • Add support for root_password_ttl in vault_azure_secret_backend resource. Requires Vault 1.15+ (#​2529)
  • Add support for managed key parameters in the SSH CA config endpoint (#​2480)
  • Add new resources vault_oci_auth_backend and vault_oci_auth_backend_role to manage OCI auth backend and roles. (#​1761)
  • Add support for log_level in vault_pki_secret_backend_config_scep resource. Requires Vault 1.20.1+ (#​2525)

IMPROVEMENTS:

  • Bump Go version to 1.24.6: (#​2550)
  • Ensure all resources that use custom mounts support all mount parameters. (#​2332)
  • Updated dependencies:
    • golang.org/x/oauth2 v0.24.0 -> v0.30.0
    • github.com/cloudflare/circl v1.3.7 -> v1.6.1
    • github.com/go-jose/go-jose/v3 v3.0.3 -> v3.0.4
    • github.com/go-jose/go-jose/v4 v4.0.4 -> v4.1.2
    • github.com/golang-jwt/jwt/v5 v5.2.2 -> v5.3.0
    • cloud.google.com/go/iam v1.2.2 -> v1.5.2
    • cloud.google.com/go/compute/metadata v0.6.0 -> v0.8.0
    • github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 -> v1.18.2
    • github.com/aws/aws-sdk-go v1.55.6 -> v1.55.8
    • github.com/go-sql-driver/mysql v1.8.1 -> v1.9.3
    • github.com/hashicorp/consul/api v1.27.0 -> v1.32.1
    • github.com/hashicorp/terraform-plugin-framework v1.14.1 -> 1.15.1
    • github.com/hashicorp/terraform-plugin-framework-validators v0.17.0 -> v0.18.0
    • hashicorp/ghaction-terraform-provider-release v4.0.1 -> v5.0.0

BUGS:

  • Fix panic when reading the vault_gcp_secret_backend resource. (#​2549)
  • Fix regression where VAULT_NAMESPACE was not being honored, causing child namespaces to be created in the root namespace instead (#​2540)

v5.1.0

Compare Source

FEATURES:

  • Add support for key_usage to vault_pki_secret_backend_root_sign_intermediate (#​2421)

  • Add private_key_wo and private_key_wo_version fields to Snowflake DB secrets engine config (#​2508)

  • Add support for group_by and secondary_rate on resource vault_quota_rate_limit. Requires Vault Enterprise 1.20.0+ (#​2476)

  • Add support for Transit CMAC endpoint (#​2488)

  • Add new resource vault_scep_auth_backend_role to manage roles in a SCEP auth backend. #​2479.

  • Add new datasource and resource vault_pki_secret_backend_config_scep for PKI SCEP configuration. #​2487.

v5.0.0

Compare Source

Important: 5.X multiplexes the Vault provider to use the Terraform Plugin Framework,
upgrades to Terraform 1.11.x, and adds support for Ephemeral Resources and Write-Only attributes.
Please refer to the
Terraform Vault Provider 5.0.0 Upgrade Guide for specific
details around the changes.

VERSION COMPATIBILITY:
5.X is officially supported and tested against Vault server versions >= 1.15.x.
5.X supports Terraform versions >= 1.11.x in order to support ephemeral resources and write-only attributes.

BREAKING CHANGES:
Please refer to the upgrade topics
in the guide for details on all breaking changes.

FEATURES:

  • Add new ephemeral resources/attributes (#​2457):
    • Add new ephemeral resource vault_kv_secret_v2
    • Add new ephemeral resource vault_database_secret
    • Add new write-only attribute data_json_wo (along with data_json_wo_version) to resource vault_kv_secret_v2
    • Add new write-only attribute credentials_wo, (along with credentials_wo_version) to resource vault_gcp_secret_backend
    • Add new write-only attribute password_wo, (along with password_wo_version to resource) vault_database_secret_backend_connection

BUGS:

  • fix vault_policy_document data source regression to allow empty capabilities (#​2466)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@soerenschneider soerenschneider self-assigned this Jul 7, 2025
@soerenschneider soerenschneider force-pushed the renovate/vault-5.x branch 8 times, most recently from a6f650c to 21ccb55 Compare July 14, 2025 04:23
@soerenschneider soerenschneider force-pushed the renovate/vault-5.x branch 10 times, most recently from 69adea6 to 98f00a7 Compare July 21, 2025 04:23
@soerenschneider soerenschneider force-pushed the renovate/vault-5.x branch 9 times, most recently from 0d0f144 to e68c52e Compare July 28, 2025 04:54
@soerenschneider soerenschneider force-pushed the renovate/vault-5.x branch 2 times, most recently from c8d10d5 to a3074dc Compare July 31, 2025 04:25
@soerenschneider soerenschneider force-pushed the renovate/vault-5.x branch 4 times, most recently from df00aa8 to c28cb61 Compare September 9, 2025 20:24
@soerenschneider soerenschneider force-pushed the renovate/vault-5.x branch 10 times, most recently from 4b4af93 to e2f316e Compare September 19, 2025 04:35
@soerenschneider soerenschneider force-pushed the renovate/vault-5.x branch 2 times, most recently from a3efc2c to 485ca76 Compare September 22, 2025 04:34
@soerenschneider soerenschneider changed the title chore(deps): update terraform vault to v5 Update Terraform vault to v5 Sep 22, 2025
@soerenschneider soerenschneider force-pushed the renovate/vault-5.x branch 7 times, most recently from 349632e to 2ecb1e4 Compare September 29, 2025 04:32
@soerenschneider soerenschneider changed the title Update Terraform vault to v5 chore(deps): update terraform vault to v5 Sep 29, 2025
@soerenschneider soerenschneider force-pushed the renovate/vault-5.x branch 3 times, most recently from 0601023 to 8648b5c Compare October 6, 2025 04:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@soerenschneider soerenschneider

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@soerenschneider @renovate-bot