22747 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
hc-github-team-secure-vault-core	1a56927a17	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-19 17:20:48 +00:00
Ryan Cragun	9267e17c1e	actions: fix runs-on quotes (#14882) ... Signed-off-by: Ryan Cragun <me@ryan.ec>	2026-05-19 11:17:50 -06:00
hc-github-team-secure-vault-core	8679763fe6	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-18 16:56:52 +00:00
Vault Automation	3dae110c82	[VAULT-44431] enos: merge changes for enterprise zap scenario into ce/main (#14849) ... Backport community files that changed as part the enterprise only zap scenarios. This mostly includes fixes to scenario execution, retries, and blackbox SDK tests that were broken. Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>	2026-05-18 10:54:15 -06:00
hc-github-team-secure-vault-core	bc3af1bf1d	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-18 16:08:14 +00:00
Vault Automation	a7c8fece0e	Backport [VAULT-45173] go: bump several dependencies to resolve GHSA-j88v-2chj-qfwx into release/2.x.x+ent into ce/release/2.x.x ... * [VAULT-45173] go: bump several dependencies to resolve GHSA-j88v-2chj-qfwx This PR has a set of fairly complex dependency bumps to resolve GHSA-j88v-2chj-qfwx. For the third time in about six weeks, we've had to deal with CVEs in old and unsupported versions of `jackc/pgx`. These changes are for us to rid ourselves of those transitive dependencies completely. First, we get rid `jackc/pgx/v4` by bumping `cloud.google.com/go/cloudsqlconn` to `v1.21.0`, which pulls in `v5`. Next, we have to get rid of `jackc/pgx v3`, which was brought in via chain of `hashicorp/go-discover` -> `joyent/triton-go` -> `jackc/pgx/v3`. First, we updated `go-discover` to pull in the v2 module of `triton-go` from the modern upstream ([0], [1]) and pin to it. Then we update our own manta support to pull in the v2 module. Finally, we replace the `TritonDataCenter/triton-go` module with a fork that removes an unnecessary dep on `pgx/v3`.[2] [0]: https://github.com/hashicorp/go-discover/pull/326 [1]: https://github.com/hashicorp/go-discover/pull/332 [2]: https://github.com/TritonDataCenter/triton-go/pull/207 Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>	2026-05-18 09:42:41 -06:00
hc-github-team-secure-vault-core	d6e2fff8b3	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-14 17:32:34 +00:00
Vault Automation	8e2f967a98	Backport [VAULT-41316] Consumption billing external CA cert units into release/2.x.x+ent into ce/release/2.x.x (#14805) ... * no-op commit * add external ca cert billing * add changelog * add another test --------- Co-authored-by: Jenny Deng <jenny.deng@hashicorp.com>	2026-05-14 17:19:05 +00:00
hc-github-team-secure-vault-core	05a3a76377	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-14 15:44:20 +00:00
kelly	75523ed702	Update kiota-http-go to v1.5.5 (#14747)	2026-05-14 09:43:08 -06:00
hc-github-team-secure-vault-core	eb40059836	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-14 12:30:01 +00:00
Vault Automation	3373648b31	Backport Prevent panics when events are lacking PluginInfo, as with lease events. into release/2.x.x+ent into ce/release/2.x.x (#14792)	2026-05-14 07:34:32 -04:00
hc-github-team-secure-vault-core	bba1b1772a	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-13 21:29:53 +00:00
Vault Automation	af9b72717c	Backport Detect errors when writing totp keys to storage into release/2.x.x+ent into ce/release/2.x.x (#14786) ... Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>	2026-05-13 21:18:14 +00:00
hc-github-team-secure-vault-core	888049ab2b	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-13 19:31:55 +00:00
Vault Automation	b62aa75129	Invalidates OCSP cache with a grace period. (#14723) (#14728) (#14730) ... * Resolves a bug where a cache is valid when we check the cache, but not valid by the time we check the OCSP responses of the entire chain. * Add changelog. * Updated error message. Co-authored-by: Kit Haines <khaines@mit.edu>	2026-05-13 18:49:06 +00:00
hc-github-team-secure-vault-core	641af5e594	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-13 16:43:58 +00:00
Vault Automation	088965929d	Backport Update vault-plugin-auth-jwt to v0.26.3 into release/2.x.x+ent (#14762) (#14775) ... * Update vault-plugin-auth-jwt to v0.26.3 (#14702) * Update vault-plugin-auth-jwt to v0.26.3 * Add changelog --------- * updated go mod --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> Co-authored-by: suraj-simha <suraj.s@hashicorp.com>	2026-05-13 22:01:33 +05:30
hc-github-team-secure-vault-core	7c0c82c300	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-13 15:52:24 +00:00
Vault Automation	772304129f	[VAULT-44669] Address LDAP hierarchical role bug (#14731) (#14739) (#14740) ... * [VAULT-44669] Address LDAP hierarchical role bug * add test coverage * add changelog Co-authored-by: Shannon Roberts (Beagin) <beagins@users.noreply.github.com>	2026-05-13 08:50:53 -07:00
hc-github-team-secure-vault-core	d3148744b6	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-13 14:57:27 +00:00
Vault Automation	5f065418bd	Fix SCEP nonce assignment in audit data (#14751) (#14767) (#14770) ... * Add changelog message Co-authored-by: Luciano Arroyo <95649169+DeLuci@users.noreply.github.com>	2026-05-13 09:54:51 -05:00
hc-github-team-secure-vault-core	51eafa1503	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-12 21:27:33 +00:00
Vault Automation	6b0ec80afa	Remove invalid value from the supported list of ACME algorithms (#14737) (#14749) (#14756) ... * Remove Ed25519 from the allowed ACME account key types * Add changelog entry Co-authored-by: Luciano Arroyo <95649169+DeLuci@users.noreply.github.com>	2026-05-12 21:23:39 +00:00
hc-github-team-secure-vault-core	2c4853d23b	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-12 18:32:33 +00:00
Vault Automation	7f88c2440f	VAULT-41312: Add billing metrics for OS local account roles (#14467) (#14734) (#14736) ... * initial spike * debugging * seperate out os test * debugging * debugging * cleanup * add hwm metric for the os * add tests * add hwm test * remove go mod changes * create a helper os engine mock backend and reuse in tests * consisten naming * add census metrics tests * add perf test * add changelog * fix test * fmt * fix test * fix test * address feedback: fix changelog and add multi namespace testing * add os local accounts to deletion tests * rename changelog file * add test to test running total after deletion * remove a debug line Co-authored-by: Amir Aslamov <amir.aslamov@hashicorp.com>	2026-05-12 18:04:04 +00:00
hc-github-team-secure-vault-core	7e066d4a19	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-11 19:31:26 +00:00
Vault Automation	acc21ef01b	Resolve some code-alerts, and add particular tests. (#14689) (#14707) (#14722) ... Co-authored-by: Kit Haines <khaines@mit.edu>	2026-05-11 19:28:05 +00:00
hc-github-team-secure-vault-core	91e7c2becf	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-11 18:32:57 +00:00
Vault Automation	5eaf09460c	[UI][VAULT-44837] Update Credential units total to only show 4 decimal places (#14625) (#14712) (#14719) ... * Add tests for chart helper * Ensure the decimal places are 4 for credential units total * Add new chart-helpers method * Add jsdoc comment Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>	2026-05-11 10:58:17 -07:00
hc-github-team-secure-vault-core	73b218b11c	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-11 17:37:36 +00:00
Vault Automation	d8a2587e1e	UI: Add validations to visual policy editor (#14688) (#14697) (#14698) ... * add validations to policy flyout * add validations to policy form * remove passing formatted policy back from policy/builder * add changelog * change label to "path" Co-authored-by: claire b <68122737+hellobontempo@users.noreply.github.com>	2026-05-11 09:23:32 -07:00
hc-github-team-secure-vault-core	1b2d2057a0	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-11 16:05:51 +00:00
Vault Automation	1227d13438	add changelog entrees for all changes I made for 2.0.1 (#14609) (#14683) (#14687) ... * add changelog entrees for all changes * rename file to PR id * feedback * rename changelog file Co-authored-by: Amir Aslamov <amir.aslamov@hashicorp.com>	2026-05-11 11:08:33 -04:00
hc-github-team-secure-vault-core	2d1e312b9e	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-11 06:15:17 +00:00
Vault Automation	bbaee62fe5	Backport VAULT-44064 - Add rollback support to the snowflake key pair root credentials rotation into release/2.x.x+ent into ce/release/2.x.x (#14495) ... * VAULT-44064 - Add rollback support to the snowflake key pair root credentials rotation (#14046) (#14403) * Add rollback support to the snowflake key pair root rotation flow * Added changelog * Updated changelog * Updated changelog * Updated rollback logic * Updated rollback logic * Updated rollback logic * Updated rollback logic * Updated tests * Addressed PR comments * Updated tests * Addressing PR Review Comments --------- Co-authored-by: santoshhashicorp <santosh.yelamarthi@hashicorp.com> Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> * Conflicts resolved --------- Co-authored-by: santoshhashicorp <santosh.yelamarthi@hashicorp.com> Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>	2026-05-11 10:19:40 +05:30
hc-github-team-secure-vault-core	865b6da6d4	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-08 22:18:12 +00:00
Vault Automation	ed29253761	All float values returned by sys/billing/overview should be rounded to 4 decimal places (#14648) (#14681) (#14693) ... * rounding float64 values in billing overview by 4 decimal places * add changelog Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>	2026-05-08 22:09:50 +00:00
hc-github-team-secure-vault-core	862a1f01bc	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-08 19:29:06 +00:00
Vault Automation	9394020635	[VAULT-44693] Add changelog for start/end month params (#14532) (#14672) (#14674) ... * add changelog * rename changelog * add changelog back in Co-authored-by: Jenny Deng <jenny.deng@hashicorp.com>	2026-05-08 12:04:21 -07:00
hc-github-team-secure-vault-core	3d3e2e1aaf	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-08 18:25:03 +00:00
Vault Automation	bbbcd8413d	Backport Manual backport of #14335, #14350, #14417, #14334, and #14540 into ce/release/2.x.x (#14644)	2026-05-08 13:50:36 -04:00
Vault Automation	be0e69f7c0	Manual back port of #14271, #14432, #14437, and #14538 (#14655) (#14664) ... * Allow nodes to join a cluster with a multi-seal configuration (#14271) * Move SealGenerationInfo validation logic to its own file. Refactor methog SealGenerationInfo.Validate into function ValidateSealGeneration. * Refactor SealGeneationInfo.Validate to func ValidateMultiSealGenerationInfo. * Allow nodes to join a cluster with a multi-seal configuration. Relax the multi-seal restriction when setting the Vault seal: allow an initial multi-seal configuration if there is no stored seal generation information. Validate multi-seal configuration at initialization time, but do not allow for an initial multi-seal configuration at this time. * Add unit tests. * Run make fmt. Add copyright header. * Add changelog entry. * Add godoc comments to unit tests. * Reorganize seal validation files for CE. (#14437) Add seal_generation_validation_ce.go and seal_util_ce.go. Rename seal_generation_validation.go to seal_generation_validation_ent.go. * fixed missed replace of newTransitCluster (#14432) * fixed missed replace of newTransitCluster * Temporarily disable check for seal generation increment. --------- * Fix verification of seal generation number. (#14538) During unseal, the in memory and stored seal generation information will be the same, so allow for seal generation number to be the same. * Fix back port drift on seal_ha_ent_test.go. --------- Co-authored-by: Victor Rodriguez Rizo <vrizo@hashicorp.com> Co-authored-by: Chris Paris <Christopher.Paris@ibm.com>	2026-05-08 13:41:53 -04:00
hc-github-team-secure-vault-core	315f9385fe	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-08 17:29:06 +00:00
Vault Automation	85c460f68b	go: bump to Go v1.26.3 on ce/release/2.x.x ... * go: bump to Go v1.26.3 * go: upgrade golang.org/x/net to resolve GO-2026-4918 Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>	2026-05-08 17:09:32 +00:00
hc-github-team-secure-vault-core	afff0e2fe3	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-08 16:27:17 +00:00
Vault Automation	ee12e78f8a	Backport fix: add timeout context around UpdateUser to prevent static role rotation hang into release/2.x.x+ent (#13976) (#14344) ... * fix: add timeout context around UpdateUser to prevent static role rotation hang (#13697) * fix: add timeout context around UpdateUser to prevent static role rotation hang * changelog: add entry for static role rotation timeout fix * fix: rename changelog file to match expected format * fix: update changelog format to release-note style * Bound database Initialize to prevent static rotation stalls * add missing go doc * pr comments: close changelog block, distinguish parent context cancellation from UpdateUser timeout * changelog: include Initialize timeout handling * async Close on init cancel/timeout, add test, and set PluginName in test config * add UpdateUser timeout test coverage for static role rotation * go doc comments fix * Apply suggestions from code review * welp copilot prompt was out of date and I shouldn't have accepted it. --------- * fix(database): remove async UpdateUser timeout and use synchronous context to avoid race conditions * fix(backport): restore async UpdateUser timeout behavior (2.x.x) --------- Co-authored-by: arslan23-push <arslan.muhammad@ibm.com> Co-authored-by: Angel Garbarino <argarbarino@gmail.com> Co-authored-by: Angel Garbarino <Monkeychip@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>	2026-05-08 09:43:37 -06:00
Vault Automation	d725ce2e20	fix(policies): mark policy name as required to enforce client side validation (#14589) (#14604) (#14608) ... Co-authored-by: Nina Bucholtz <nina.balachandranmary@gmail.com>	2026-05-08 15:32:28 +00:00
hc-github-team-secure-vault-core	cc226fea0c	Merge remote-tracking branch 'remotes/from/ce/release/2.x.x' into release/2.x.x	2026-05-08 15:29:14 +00:00
Vault Automation	45b19a42fe	Backport On-Time Autorotation Maintained in a Queue. into release/2.x.x+ent (#14506) (#14611) ... * On-Time Autorotation Maintained in a Queue. (#14463) * On-Time Autorotation Maintained in a Queue. * Add changelog. * Renamed changelog correctly. * Add a check to exit-out early if initialization of the backend has not run (probably only relevant in tests, but not a bad check). * GoTestDoc added for test. * Initialize backend in tests. * Add error checks, compilation check, and move initialize function. Switch to object with a zero-value. * Remove non-existant field from backport. * Don't change prior-version locking. --------- Co-authored-by: Kit Haines <khaines@mit.edu>	2026-05-08 11:01:17 -04:00