This page contains the list of deprecations and important or breaking changes for Vault 1.8.0 compared to 1.7. Please read it carefully.

»License Enhancements

Licenses and EULA enhancements have been introduced in the Vault 1.8 release. These changes are important for Enterprise customers to review. They do not affect OSS users. Please see the License documentation for more details.


The following API endpoints have been deprecated and will be removed in a future release:

  • sys/license to manage licenses in storage; it is recommended to use License Autoloading instead.

  • /gcp/token/:roleset and /gcp/key/:roleset paths for generating secrets for rolesets in GCP Secrets. Use /gcp/roleset/:roleset/token and /gcp/roleset/:roleset/key instead.

»Go Version

Vault 1.8.0 is built with Go 1.16. Please review the Go Release Notes for full details. Of particular note:

  • Go 1.16 has added support for darwin/arm64. Vault binaries for this platform are now available supporting the Apple M1 CPU.

»Alpine 3.14

Docker images for Vault 1.6.6+, 1.7.4+, and 1.8.2+ are built with Alpine 3.14, due to a security issue in Alpine 3.13 (CVE-2021-36159). Some users on older versions of Docker may run into issues with these images. See the following for more details:

»Known Issues

  • Vault Enterprise binaries for arm64 architectures will crash immediately when using production-ready storage backends. This issue is addressed in Vault 1.8.1.
  • AWS Auth using the EC2 method fails with the error failed to verify the signature. This effects 1.8.0 and 1.8.1 and there is not a workaround. The issue was fixed in Vault 1.8.2.
  • Configuration files in RedHat packages for Vault were not properly flagged as config files for fpm, causing user-edited files on disk to be replaced with the defaults when a new package was installed. This issue affects RedHat packages for Vault 1.8.0 and the 1.8.1-0 package, and is fixed in 1.8.1-1 and up.