Skip to content

Spring Vault 3.0.0 M1 Release Notes

Jump to bottom Edit New page
Mark Paluch edited this page May 27, 2022 · 3 revisions

Upgrading from Spring Vault 2.x

AWS SDK v2

Spring Vault uses now AWS SDK v2 for the AWS IAM authentication method, specifically the software.amazon.awssdk:auth artifact instead of com.amazonaws:aws-java-sdk-core. As part of this upgrade, you can now configure a RegionProvider to determine the signing region.

Deprecations from Spring Vault 2.x

  • Removal of Netty4ClientHttpRequestFactory support

  • Removal of the deprecated ClientHttpConnectorFactory types in the o.s.v.config package

  • Removal of deprecated API such as LoginToken.of(String, long) methods, methods accepting durations as int/long, and other utility methods

Removed LeaseEndpoints.SysLeases enum constant

If you use SysLeases in your configuration make sure to switch to Leases as direct replacement.

Minimum Requirements Changes

Spring Vault 3.0 makes the following changes to its minimum supported versions:

  • Java 17

  • Kotlin 1.6

  • Spring Framework 6

  • AWS SDK v2

New and Noteworthy

Support for PEM-encoded certificates and private keys including Elliptic Curve ("EC")

A new parser for certificate data is now available to parse DER- and PEM-encoded certificates and keys. The encoding is detected from the certificate data. Elliptic Curve keys are now supported in addition to RSA keys and certificates without additional dependencies by using our own ASN.1 parser. Keys may be represented with their ASN.1 syntax or provided as PKCS#8 container (without encryption).

Support for Vault Repositories using versioned Key/Value secrets engines

Vault repositories can now store and retrieve their secrets within versioned Key/Value secrets engines (k/v version 2). The engine version is determined during runtime and the setup does not require any configuration.

Using versioned secrets allows participating in optimistic locking when defining a @Version property in the domain model.

See the updated reference documentation for details.

Support for Vault-based RevisionRepository using versioned Key/Value secrets engines

Vault repositories can now store and retrieve their secrets within versioned Key/Value secrets engines (k/v version 2). The engine version is determined during runtime and the setup does not require any configuration.

See the updated reference documentation for details.

Dependency Upgrades

Spring Vault 3.0 moves to new versions of several Spring projects:

  • Spring Data 2022.0.0-M4

  • Spring Framework 6.0.0-M4

Numerous third-party dependencies have also been updated, some of the more noteworthy of which are the following:

  • Jackson 2.13.3

  • Netty 4.1.77

  • Kotlin 1.6

  • Google Cloud IAMcredential 2.2.0

  • Google OAuth2 Auth Library 1.7.0

  • BouncyCastle 1.70

Miscellaneous

Apart from the changes listed above, there have also been lots of minor tweaks and improvements including:

  • Version bump of the Azure Instance Metadata API from 2017-08-01 to 2017-12-01

  • Upgrade to newer Google Cloud IAMcredential versions. The default artifact now uses GSON for JSON serialization. You can add the Google Jackson adapter to continue using Jackson.

  • Enabled AzureMsiAuthentication for reactive usage via AuthenticationSteps

  • Username-and-password authentication for userpass and ldap backends

  • Exposure of the CA chain through CertificateBundle

  • Internal locks using synchronized have been migrated to ReentrantLock improving experience on Project Loom runtime arrangements to avoid kernel thread pinning

Deprecations in Spring Vault 3.0

Add a custom footer

Pages

Release Notes

Development Process

Clone this wiki locally