Skip to content

Spring Vault 3.1 Release Notes

Jump to bottom Edit New page
Mark Paluch edited this page Oct 23, 2023 · 5 revisions

Upgrading from Spring Vault 3.0

Migrating from Spring Vault 3.0 to 3.1 should be a smooth experience as the changes introduced are source- and binary-compatible.

New and Noteworthy

Third-party Library Upgrades

Spring Vault 3.1 builds on and requires Spring Framework 6.1.

Other Spring projects upgraded in this release include:

  • Spring Data 2023.1.0-RC1

  • Spring Security 6.2.0-RC1

Numerous third-party dependencies have also been updated, some of the more noteworthy of which are the following:

  • Reactor 2023.0.0-RC1

  • AWS Java SDK 2.21.5

  • Apache HTTP Client 5.2.1

  • Apache HTTP Core 5.2.3

  • Jackson 2.15.3

  • Jetty Reactive HTTP Client 4.0

  • Kotlin 1.8.22

  • Kotlin Coroutines 1.7.3

  • Mockito 5.6.0

  • Netty 4.1.100.Final

AuthenticationEventMulticaster Interface

Secret backend leases are bound to the login token that has created the leases. When a login token expires, all associated leases are revoked regardless of their remaining TTL. To prevent a defunct application state because of revoked database or service credentials, we introduced AuthenticationEventMulticaster to multicast authentication events. SecretLeaseContainer consumes authentication events and can re-acquire leases for registered secrets once the login token expires. LifecycleAwareSessionManagerSupport and its subclasses have published authentication events already, now the interface allows for a decoupled design.

AbstractVaultConfiguration and AbstractReactiveVaultConfiguration have been updated with the new design to seamlessly propagate authentication events to SecretLeaseContainer.

Antora Documentation

We’ve migrated our documentation to Antora to provide an improved navigation experience along with a full text search. You can browse the new documentation site at https://docs.spring.io/spring-vault/reference/.

Reactive Key-Value Template

With this version, we introduced ReactiveVaultKeyValueOperations for the key-value backends supporting versioned and non-versioned secrets. This API mirrors VaultKeyValueOperations including support for ReactiveVaultKeyValueMetadataOperations.

Reactive Transit Template

With this version, we introduced ReactiveVaultTransitOperations for the transit backend. This API mirrors VaultKeyValueOperations.

JWT Authentication

You can now use JWT authentication through JwtAuthentication. The authentication mechanism uses a Supplier to obtain a JWT Token and can be used for imperative and reactive authentication. Make sure to avoid blocking API usage in the JWT Supplier when running the authentication on reactive infrastructure.

Miscellaneous

Apart from the changes listed above, there have also been lots of minor tweaks and improvements, including:

  • Support for Custom Metadata using Key-Value Backend v2.

  • Reactive Health Check API.

  • Support prehashed for the Transit engine.

  • Add transit rewrap batch method.

Add a custom footer

Pages

Release Notes

Development Process

Clone this wiki locally