community.hashi_vault Release Notes

v6.2.1

Release Summary

A quick bugfix release before the next major version. Please take note of the upcoming deprecation of ansible-core and python versions.

Deprecated Features

Bugfixes

v6.2.0

Release Summary

This release contains a dozen+ new modules for working with Vault’s database secrets engine and some new vars entries for specifying public and private keys in cert auth.

Minor Changes

New Modules

  • vault_database_connection_configure - Configures the database engine

  • vault_database_connection_delete - Delete a Database Connection

  • vault_database_connection_read - Returns the configuration settings for a O(connection_name)

  • vault_database_connection_reset - Closes a O(connection_name) and its underlying plugin and restarts it with the configuration stored

  • vault_database_connections_list - Returns a list of available connections

  • vault_database_role_create - Creates or updates a (dynamic) role definition

  • vault_database_role_delete - Delete a role definition

  • vault_database_role_read - Queries a dynamic role definition

  • vault_database_roles_list - Returns a list of available (dynamic) roles

  • vault_database_rotate_root_credentials - Rotates the root credentials stored for the database connection. This user must have permissions to update its own password.

  • vault_database_static_role_create - Create or update a static role

  • vault_database_static_role_get_credentials - Returns the current credentials based on the named static role

  • vault_database_static_role_read - Queries a static role definition

  • vault_database_static_role_rotate_credentials - Trigger the credential rotation for a static role

  • vault_database_static_roles_list - Returns a list of available static roles

v6.1.0

Release Summary

This release addresses some breaking changes in core that were backported.

Major Changes

v6.0.0

Release Summary

This major version of the collection has no functional changes from the previous version, however the minimum versions of hvac and ansible-core have been raised. While the collection may still work with those earlier versions, future changes will not test against them.

Breaking Changes / Porting Guide

Removed Features (previously deprecated)

v5.0.1

Release Summary

This release fixes a bug in vault_write ahead of the collection’s next major release.

Bugfixes

v5.0.0

Release Summary

This version makes some relatively minor but technically breaking changes. Support for ansible-core versions 2.11 and 2.12 have been dropped, and there is now a minimum supported version of hvac which will be updated over time. A warning in the hashi_vault lookup on duplicate option specifications in the term string has been changed to a fatal error.

Breaking Changes / Porting Guide

v4.2.1

Release Summary

This patch version updates the documentation for the vault_kv2_write module. There are no functional changes.

v4.2.0

Release Summary

This release contains a new module for KVv2 writes, and a new warning for duplicated term string options in the hashi_vault lookup.

Deprecated Features

Bugfixes

New Modules

  • vault_kv2_write - Perform a write operation against a KVv2 secret in HashiCorp Vault

v4.1.0

Release Summary

This release brings new generic vault_list plugins from a new contributor! There are also some deprecation notices for the next major version, and some updates to documentation attributes.

Deprecated Features

New Plugins

Lookup

  • vault_list - Perform a list operation against HashiCorp Vault

New Modules

  • vault_list - Perform a list operation against HashiCorp Vault

v4.0.0

Release Summary

The next major version of the collection includes previously announced breaking changes to some default values, and improvements to module documentation with attributes that describe the use of action groups and check mode support.

Minor Changes

Breaking Changes / Porting Guide

v3.4.0

Release Summary

This release includes a new module, fixes (another) requests header issue, and updates some inaccurate documentation. This is the last planned release before v4.0.0.

Minor Changes

Bugfixes

New Modules

  • vault_kv2_delete - Delete one or more versions of a secret from HashiCorp Vault’s KV version 2 secret store

v3.3.1

Release Summary

No functional changes in this release, this provides updated filter documentation for the public docsite.

v3.3.0

Release Summary

With the release of hvac version 1.0.0, we needed to update vault_token_create’s support for orphan tokens. The collection’s changelog is now viewable in the Ansible documentation site.

Minor Changes

v3.2.0

Release Summary

This release brings support for the azure auth method, adds 412 to the default list of HTTP status codes to be retried, and fixes a bug that causes failures in token auth with requests>=2.28.0.

Minor Changes

Bugfixes

v3.1.0

Release Summary

A default value that was set incorrectly will be corrected in 4.0.0. A deprecation warning will be shown until then if the value is not specified explicitly. This version also includes some fixes and improvements to the licensing in the collection, which does not affect any functionality.

Deprecated Features

Bugfixes

v3.0.0

Release Summary

Version 3.0.0 of community.hashi_vault drops support for Ansible 2.9 and ansible-base 2.10. Several deprecated features have been removed. See the changelog for the full list.

Deprecated Features

Removed Features (previously deprecated)

v2.5.0

Release Summary

This release finally contains dedicated KV plugins and modules, and an exciting new lookup to help use plugin values in module calls. With that, we also have a guide in the collection docsite for migrating away from the hashi_vault lookup toward dedicated content. We are also announcing that the token_validate option will change its default value in version 4.0.0. This is the last planned release before 3.0.0. See the porting guide for breaking changes and removed features in the next version.

Minor Changes

Deprecated Features

New Plugins

Lookup

  • vault_ansible_settings - Returns plugin settings (options)

  • vault_kv1_get - Get a secret from HashiCorp Vault’s KV version 1 secret store

  • vault_kv2_get - Get a secret from HashiCorp Vault’s KV version 2 secret store

New Modules

  • vault_kv1_get - Get a secret from HashiCorp Vault’s KV version 1 secret store

  • vault_kv2_get - Get a secret from HashiCorp Vault’s KV version 2 secret store

v2.4.0

Release Summary

Our first content for writing to Vault is now live.

New Plugins

Lookup

  • vault_write - Perform a write operation against HashiCorp Vault

New Modules

  • vault_write - Perform a write operation against HashiCorp Vault

v2.3.0

Release Summary

This release contains new plugins and modules for creating tokens and for generating certificates with Vault’s PKI secrets engine.

New Plugins

Lookup

  • vault_token_create - Create a HashiCorp Vault token

New Modules

  • vault_pki_generate_certificate - Generates a new set of credentials (private key and certificate) using HashiCorp Vault PKI

  • vault_token_create - Create a HashiCorp Vault token

v2.2.0

Release Summary

This release contains a new lookup/module combo for logging in to Vault, and includes our first filter plugin.

Minor Changes

  • The Filter guide has been added to the collection’s docsite.

New Plugins

Filter

  • vault_login_token - Extracts the client token from a Vault login response

Lookup

  • vault_login - Perform a login operation against HashiCorp Vault

New Modules

  • vault_login - Perform a login operation against HashiCorp Vault

v2.1.0

Release Summary

The most important change in this release is renaming the aws_iam_login auth method to aws_iam and deprecating the old name. This release also announces the deprecation of Ansible 2.9 and ansible-base 2.10 support in 3.0.0.

Deprecated Features

Removed Features (previously deprecated)

v2.0.0

Release Summary

Version 2.0.0 of the collection drops support for Python 2 & Python 3.5, making Python 3.6 the minimum supported version. Some deprecated features and settings have been removed as well.

Breaking Changes / Porting Guide

Removed Features (previously deprecated)

v1.5.0

Release Summary

This release includes a new action group for use with module_defaults, and additional ways of specifying the mount_point option for plugins. This will be the last 1.x release.

Minor Changes

v1.4.1

Release Summary

This release contains a bugfix for aws_iam_login authentication.

Bugfixes

v1.4.0

Release Summary

This release includes bugfixes, a new auth method (cert), and the first new content since the collection’s formation, the vault_read module and lookup plugin. We’re also announcing the deprecation of the [lookup_hashi_vault] INI section (which will continue working up until its removal only for the hashi_vault lookup), to be replaced by the [hashi_vault_collection] section that will apply to all plugins in the collection.

Minor Changes

Deprecated Features

Bugfixes

New Plugins

Lookup

  • vault_read - Perform a read operation against HashiCorp Vault

New Modules

  • vault_read - Perform a read operation against HashiCorp Vault

v1.3.2

Release Summary

This release adds requirements detection support for Ansible Execution Environments. It also updates and adds new guides in our collection docsite. This release also announces the dropping of Python 3.5 support in version 2.0.0 of the collection, alongside the previous announcement dropping Python 2.x in 2.0.0.

Minor Changes

Deprecated Features

v1.3.1

Release Summary

This release fixes an error in the documentation. No functionality is changed so it’s not necessary to upgrade from 1.3.0.

v1.3.0

Release Summary

This release adds two connection-based options for controlling timeouts and retrying failed Vault requests.

Minor Changes

v1.2.0

Release Summary

This release brings several new ways of accessing options, like using Ansible vars, and addng new environment variables and INI config entries. A special none auth type is also added, for working with certain Vault Agent configurations. This release also announces the deprecation of Python 2 support in version 2.0.0 of the collection.

Minor Changes

Deprecated Features

v1.1.3

Release Summary

This release fixes a bug with userpass authentication and hvac versions 0.9.6 and higher.

Bugfixes

v1.1.2

Release Summary

This release contains the same functionality as 1.1.1. The only change is to mark some code as internal to the collection. If you are already using 1.1.1 as an end user you do not need to update.

v1.1.1

Release Summary

This bugfix release restores the use of the VAULT_ADDR environment variable for setting the url option. See the PR linked from the changelog entry for details and workarounds if you cannot upgrade.

Bugfixes

v1.1.0

Release Summary

This release contains a new proxies option for the hashi_vault lookup.

Minor Changes

v1.0.0

Release Summary

Our first major release contains a single breaking change that will affect only a small subset of users. No functionality is removed. See the details in the changelog to determine if you’re affected and if so how to transition to remediate.

Breaking Changes / Porting Guide

v0.2.0

Release Summary

Several backwards-compatible bugfixes and enhancements in this release. Some environment variables are deprecated and have standardized replacements.

Minor Changes

Deprecated Features

Bugfixes

v0.1.0

Release Summary

Our first release matches the hashi_vault lookup functionality provided by community.general version 1.3.0.