Vault
Important changes
Last updated: 2026-04-02
Always review important or breaking changes and remediation recommendations before upgrading Vault.
Breaking changes
Precedence change for Azure authentication
| Change | Affected version | Vault edition |
|---|---|---|
| Breaking | 2.0.0+ | All |
Azure auth now gives values set in auth/azure/config
precedence over AZURE_* environment variables.
Recommendation
Review any deployments where you rely on environment variables to confirm whether they currently override stored configuration and update the plugin configuration to your preferred behavior.
New behavior
LDAP static role rotation migrates to the rotation manager Enterprise
Enterprise
| Change | Affected version | Vault edition |
|---|---|---|
| New behavior | 2.0.0+ | Enterprise |
For existing LDAP static roles, Vault Enterprise migrates the assocaited credential rotation period from the LDAP plugin to the central rotation manager during plugin initialization. During migration, rotation timing may shift slightly. You can track migration status in the LDAP static role migration API.
After migration completes, Vault no longer retries static role credential rotation every 10 seconds indefinitely. Vault uses exponential backoff and stops retrying after it reaches the retry limit configured on the role.
Configuration for IBM Passport Advantage Online license keys Enterprise
Enterprise
| Change | Affected version | Vault edition |
|---|---|---|
| New behavior | 2.0.0+ | Enterprise |
Vault Enterprise customers who use a license key issued by IBM Passport
Advantage Online must add a license_entitlement configuration to their Vault
nodes. Refer to IBM Passport Advantage Online license
keys for more
information.
Known issues
None.