Skip to content

Spring Vault 3.0 Release Notes

Jump to bottom Edit New page
Mark Paluch edited this page Nov 25, 2022 · 7 revisions

Upgrading from Spring Vault 2.x

Since this is a major release of Spring Vault, upgrading existing applications can be a little more involved than usual. We’ve put together a dedicated migration guide to help you upgrade your existing Spring Vault 2.x applications.

New and Noteworthy

Java 17 Baseline and Java 19 Support

Spring Vault 3.0 requires Java 17 as a minimum version. If you are currently using Java 8 or Java 11, you’ll need to upgrade your JDK before you can develop Spring Vault 3.0 applications.

Third-party Library Upgrades

Spring Vault 3.0 builds on and requires Spring Framework 6. You might like to read about the new features available in Spring Framework 6.0.

Other Spring projects upgraded in this release include:

  • Spring Data 2022.0.0

  • Spring Security 6.0.0

Numerous third-party dependencies have also been updated, some of the more noteworthy of which are the following:

  • Reactor 2022.0.0

  • Apache HTTP Client 5.1

  • AWS SDK 2.18.24

  • Jackson 2.14.1

  • Jetty Reactive Client 3.0.7

  • Netty 4.1.85

  • Kotlin 1.7.21

  • Google Cloud IAMcredential 2.6.0

  • Google OAuth2 Auth Library 1.13.0

Support for PEM-encoded certificates and private keys, including Elliptic Curve ("EC")

A new parser for certificate data is now available to parse DER- and PEM-encoded certificates and keys. The encoding is detected from the certificate data. Elliptic Curve keys are now supported in addition to RSA keys and certificates without additional dependencies by using our own ASN.1 parser. Keys may be represented with their ASN.1 syntax or provided as PKCS#8 container (without encryption).

Support additional HTTP Clients

With the upgrade to Spring Framework, we upgraded the Apache HTTP Client support to version 5. With that, we also support the reactive usage of the asynchronous Apache HTTP 5 Client.

We also support the reactive JDK HTTP client for out-of-the-box support without the need of having the Jetty or Reactor Netty-based client on the class path. The reactive JDK HTTP client allows for SSL configuration so existing SSL configuration through Spring Vault’s SslConfiguration is being applied.

Support for Vault Repositories using versioned Key/Value secrets engines

Vault repositories can now store and retrieve their secrets within versioned Key/Value secrets engines (k/v version 2). The engine version is determined during runtime and the setup does not require any configuration.

Using versioned secrets allows participating in optimistic locking when defining a @Version property in the domain model.

See the updated reference documentation for details.

Support for Vault-based RevisionRepository using versioned Key/Value secrets engines

Vault repositories can now store and retrieve their secrets within versioned Key/Value secrets engines (k/v version 2). The engine version is determined during runtime and the setup does not require any configuration.

See the updated reference documentation for details.

Miscellaneous

Apart from the changes listed above, there have also been lots of minor tweaks and improvements including:

  • Version bump of the Azure Instance Metadata API from 2017-08-01 to 2017-12-01

  • Upgrade to newer Google Cloud IAMcredential versions. The default artifact now uses GSON for JSON serialization. You can add the Google Jackson adapter to continue using Jackson.

  • Enabled AzureMsiAuthentication for reactive usage via AuthenticationSteps

  • Username-and-password authentication for userpass and ldap backends

  • Exposure of the CA chain through CertificateBundle

  • Internal locks using synchronized have been migrated to ReentrantLock improving the experience on Project Loom runtime arrangements to avoid kernel thread pinning

  • Our documentation aligns now with the general Spring documentation style

Add a custom footer

Pages

Release Notes

Development Process

Clone this wiki locally