HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
HashiCorp Cloud Platform
HashiCorp Cloud Platform Home

HCP Vault Dedicated changelog

The changelog provides an at-a-glance summary of key HCP Vault Dedicated updates.

2026-06-14

Vault 2.0 feature availability

We're bringing a number of Vault 2.0 capabilities to HCP Vault to help teams simplify identity management, reduce operational overhead, and improve security across cloud environments.

The following Vault 2.0 features are now available in HCP Vault:

Added

  • Envelope encryption - Use Transit for in-place encryption workflows where Vault protects data encryption keys and your applications encrypt and decrypt local data.
  • Visual policy generator - Create policies faster and reduce manual policy authoring by generating ACL policy snippets from the Vault GUI.
  • Public CA integration - Use Vault to interface to public CAs in order to issue certificates.
  • Local accounts secrets engine - Use Vault to automatically rotate Linux local account credentials.
  • Namespace onboarding workflow - Answer a few key questions in the Vault GUI to create new namespaces then continue in the GUI, CLI, or Terraform.
  • AWS KMS multi-region keys - Create and replicate managed keys across AWS regions so you can support multi-region encryption and disaster recovery workflows.
  • SPIFFE JWT-SVID support - Let authenticated workloads request JWT-SVIDs from Vault so they can participate in SPIFFE-based identity workflows.
  • SCIM identity provisioning - Automate identity lifecycle management by provisioning entities and groups in Vault from external identity platforms.
  • LDAP static role rotation enhancements - Manage LDAP static credentials with more flexibility by adding initial passwords, self-managed rotation, schedules, and retry controls. This now supports the LDAP v3 protocol, including OpenLDAP, Active Directory, and IBM Resource Access Control Facility (RACF).

Platform changelog

Edit this page on GitHub