This page contains the list of deprecations and important or breaking changes for Vault 0.10.4 compared to 0.10.3. Please read it carefully.
Revocations of dynamic secrets leases now asynchronous
Dynamic secret lease revocation are now queued/asynchronous rather
than synchronous. This allows Vault to take responsibility for revocation
even if the initial attempt fails. The previous synchronous behavior can be
attained via the
-sync CLI flag or
sync API parameter. When in
synchronous mode, if the operation results in failure it is up to the user
The CLI will no longer retry commands on 5xx errors. This was a source of confusion to users as to why Vault would "hang" before returning a 5xx error. The Go API client still defaults to two retries.
Identity Entity Alias metadata
You can no longer manually set metadata on entity aliases. All alias data (except the canonical entity ID it refers to) is intended to be managed by the plugin providing the alias information, so allowing it to be set manually didn't make sense.