This page contains the list of deprecations and important or breaking changes for Vault 1.5.0 compared to 1.4.1. Please read it carefully.

»Raft Configuration

A new Raft configuration value, max_entry_size, has been introduced. This value limits the size in bytes for a Raft K/V entry. It applies to both put operations and transactions. Any put or transaction operation exceeding this configuration value will cause the respective operation to fail. The default value for this configuration is 1MiB.

In addition, a new metric has been introduced, vault.raft-storage.entry_size, that allows for operators to sample the entry size, view the average, and adjust the configuration value as necessary. For additional details, please see Raft configuration.

»Enabling telemetry on 32-bit systems will cause Vault to crash.

A workaround for this issue is to disable collection of usage gauges in the telemetry stanza of the configuration.

telemetry {
  usage_gauge_period = "none"

This will suppress the metrics vault.identity.entity.count, vault.identity.entity.alias.count, vault.token.count, vault.token.count.by_auth, vault.token.count.by_policy, vault.token.count.by_ttl and vault.secret.kv.count that were introduced in version 1.5.0, but all other Vault telemetry will remain available.

»Non-string values in seal config prevent startup

Any values in the Seal configuration stanza that are not quoted strings yield a parse error of the form:

error loading "/etc/vault.d/config_seal.hcl": error parsing 'seal': seal.pkcs11: unable to parse 'purpose' in kms type "pkcs11": value could not be parsed as string

The error is not actually with the purpose field, but rather with other config fields such as:

 mechanism = 0x1082

The workaround is to quote the strings in question, as in:

 mechanism = "0x1082"

»Okta auth with > 200 groups

In 1.4.0 Vault started using the official Okta Go client library. Unlike the previous Okta library it used, the official library doesn't automatically handle pagination when there are more than 200 groups listed. If a user associated with more than 200 Okta groups logs in, only 200 of them will be seen by Vault. The fix is #9580 and will eventually appear in 1.4.x and 1.5.x point releases.