v2.3.0

🚀 Features

• Implement the /sys/wrapping/wrap endpoint (GH-1172)
• add support for Vault Raft auto-snapshot endpoints. (GH-1169)

🧰 Miscellaneous

• Dependencies/security updates (GH-1174)
• update artifact actions to v4 (GH-1173)

Thanks to @briantist, @clealb, @dependabot, @dependabot[bot] and @tot19 for their lovely contributions.

v2.2.0

📢 Deprecations / Announcements

• Add new exception types for HTTP status 405 and 412 (GH-1148)

🚀 Features

• LDAP secrets engine enhancements (GH-1163)
• LDAP secret engine support (#1032) (GH-1033)
• Add new exception types for HTTP status 405 and 412 (GH-1148)
• Add sts_region parameter to auth.aws.configure (GH-1136)
• Adding namespace_in_state to jwt (GH-1144)
• Add associated_data to encrypt/decrypt transit endpoints (GH-1108)
• aws auth - add support for iam_metadata and ec2_metadata params (GH-1125)

🧰 Miscellaneous

• Bump idna from 3.6 to 3.7 (GH-1160)
• Bump jwcrypto from 1.5.1 to 1.5.6 (GH-1158)
• Bump cryptography from 41.0.7 to 42.0.4 (GH-1157)
• add Vault 1.16.x to CI matrix (GH-1155)
• Make integration tests more reliable (GH-1153)
• Replace distutils.spawn with shutil.which (GH-1146)
• Bump jinja2 from 3.0.3 to 3.1.3 (GH-1131)
• refactor: move identity DEFAULT_MOUNT_POINT to constants (GH-1123)

Thanks to @JordanStopford, @briantist, @cognifloyd, @danholodak, @dependabot, @dependabot[bot], @ewanoomen, @loqs, @mweigel, @valleedelisle and @yan12125 for their lovely contributions.

v2.1.0

🚀 Features

• Add support for sys/policies endpoint (GH-1100)
• add quota support to system backend (GH-1092)
• Add support to PKI class to perform CRUD on issuers (GH-1102)

🐛 Bug Fixes

• Client.write_data - remove potentially dangerous default (GH-1120)

📚 Documentation

• 📝 Add HTTP/2+ use case into the advanced usage section (GH-1111)
• update the KV documentation (GH-1122)
• Add support for sys/policies endpoint (GH-1100)
• fix readthedocs (RTD) public docsite, modernize some of the docs build/testing (GH-1119)
• Add support to PKI class to perform CRUD on issuers (GH-1102)
• Update GCP secrets engine documentation (GH-1099)

🧰 Miscellaneous

• fix readthedocs (RTD) public docsite, modernize some of the docs build/testing (GH-1119)
• Revamp integration tests, run in parallel (GH-1105)
• Add Vault 1.15.x to integration tests (GH-1103)

Thanks to @Ousret, @briantist, @mweigel and @tot19 for their lovely contributions.

v2.0.0

This release makes a number of breaking changes. Most notably, dropping support for Python 3.6 & 3.7, dropping support for Vault versions 1.6.x through 1.10.x, and removing previously deprecated methods and code paths. Most of the other breaking changes are fairly minor or only affect specific use cases, but please review all changes carefully.

There are also several other deprecations and announcements to be aware of. We hope to have a more rapid release schedule going forward.

In accordance with our supported Python version policy we will continue to drop Python versions as they become end-of-life. These may not be announced in advance, but will be done in major versions.

💥 Breaking Changes

• Client.write method breaking changes 2.0.0 (GH-1089)
• Drop support for Vault 1.6-1.10 (GH-1074)
• Changing default values for sys.initialize parameters secret_shares and secret_threshold (GH-1063)
• Remove old deprecated client attributes (GH-1062)
• Remove MFA class (GH-1056)
• adapters: if session is user-supplied, do not overwrite session options with Client/Adapter options (GH-1021)
• Make pyhcl optional again (GH-1060)
• Drop Python 3.6 & 3.7, Add Python 3.11, bump some dependencies (GH-1048)

📢 Deprecations / Announcements

• Breaking changes coming to Adapters' use of custom sessions (GH-1040)
• Breaking changes coming to Client.write method (GH-1034)
• The default value of raise_on_deleted_version will change from True to False in v3.0.0 (GH-955)
• The certificate parameter for create_ca_certificate_role will stop accepting file paths in v3.0.0 (GH-914)
• Drop support for Vault 1.6-1.10 (GH-1074)
• Changing default values for sys.initialize parameters secret_shares and secret_threshold (GH-1063)
• Fix typo in safety_buffer argument in AWS auth (GH-1068)

🚀 Features

• Add support for Python 3.12 (GH-1073)
• Database Secrets Engine - add rotate_static_credentials method, docs updates, unit tests (GH-1069)
• Make plaintext and ciphertext optional for batch operations (GH-1049)

🐛 Bug Fixes

• Changing default values for sys.initialize parameters secret_shares and secret_threshold (GH-1063)
• adapters: if session is user-supplied, do not overwrite session options with Client/Adapter options (GH-1021)

📚 Documentation

• update docstring for sys step-down (GH-1086)
• Database Secrets Engine - add rotate_static_credentials method, docs updates, unit tests (GH-1069)
• Fix invalid build and test status (GH-1072)

🧰 Miscellaneous

• add .git-blame-ignore-revs (GH-1087)
• Fix typos, add typos linter to CI (GH-1057)
• drop python-jwt dev dependency (GH-1084)

Thanks to @Tylerlhess, @amiewei, @briantist, @cibinmathew and @dosisod for their lovely contributions.

v1.2.1

This release fixes an inaccuracy in a warning message but does not otherwise change functionality.

🐛 Bug Fixes

• Fix raise_on_deleted_version warning (GH-1045)

Thanks to @briantist and @iTrooz for their lovely contributions.

v1.2.0

This is the last expected release before v2.0.0.

📢 Deprecations / Announcements

• ldap auth method - add missing configure params by vault api names (GH-975)
• expand Vault CI matrix, announce deprecation of Vault dynamic SSH keys (GH-1023)
• Breaking changes coming to Client.write method (GH-1034)
• Support for Python 3.6 & 3.7 will be dropped in v2.0.0 (GH-877)
• Support for the Legacy MFA methods will be dropped from the MFA class in v2.0.0 (GH-1026)
• Breaking changes coming to Adapters' use of custom sessions (GH-1040)

🚀 Features

• Add alias_name_source for Kubernetes Auth create_role (GH-1039)
• add Client.write_data method (GH-1028)
• ldap auth method - add missing configure params by vault api names (GH-975)
• Re-add arguments to create_or_update_role() from old API (GH-842)
• Add new argument (conflicting_alias_ids_to_keep) to merge_entities method (GH-968)
• Add impersonated account support to GCP secrets engine (GH-1022)
• support "user_claim_json_pointer" in create_role() for JWT/OIDC auth method (GH-1006)
• Add static account support to GCP secrets engine (GH-956)
• adding batch_input to transit.sign_data #988 (GH-990)
• Add a method to read static roles in the database engine (GH-1009)
• feat: add support for disable_local_ca_jwt in the Kubernetes auth method (GH-997)

🐛 Bug Fixes

• add Client.write_data method (GH-1028)
• Fix premature read on stream requests in the sys.take_raft_snapshot method (GH-771)
• fix(__getattr__): non-existent attribute lookup (GH-982)

📚 Documentation

• docs(secrets-engines): Add database secrets engine docs (GH-1036)
• docs: make OIDC Authorization URL Request example work again. (GH-1010)

🧰 Miscellaneous

• add tests and docs to sdist, improve build testing (GH-1015)
• Bump certifi from 2022.9.14 to 2022.12.7 (GH-1013)

Thanks to @M0NsTeRRR, @amiewei, @briantist, @ceesios, @crimsonvulture, @deidax, @dekimsey, @dependabot, @dependabot[bot], @fad3t, @ferenc-hechler, @intgr, @m4dh4t, @michael-diggin, @mimato, @mweigel and @robbat2 for their lovely contributions.

v1.1.1

🐛 Bug Fixes

• fix wrapped response for auth.token.create (GH-966)

Thanks to @briantist for their lovely contributions.

v1.1.0

📢 Deprecations / Announcements

• v3.0.0 - The certificate parameter for create_ca_certificate_role will stop accepting file paths (GH-914)
• Please note that hvac intends to drop support for EoL Python versions (GH-877)
• v3.0.0 - The default value of raise_on_deleted_version will change from True to False (GH-955)
• Allow for reading deleted secret versions (kv2) without an exception (GH-907)

🚀 Features

• Allow for reading deleted secret versions (kv2) without an exception (GH-907)
• AWS secret engine - fix generate_credentials for STS endpoint (GH-934)
• Add support for custom metadata in kv2 engine (GH-805)
• Add new field auto_rotate_period on transit key management (GH-903)

🐛 Bug Fixes

• Allow for reading deleted secret versions (kv2) without an exception (GH-907)
• fix vault client certificates loaded from envirnoment variables (GH-943)
• approle - fix metadata for generated secret IDs, re-add wrap_ttl (GH-782)
• AWS secret engine - fix generate_credentials for STS endpoint (GH-934)
• Propagate client's adapter to API categories (GH-939)
• don't cache on py3.6 windows combo (GH-916)
• Cert: Fix role certificate parameter (GH-886)

📚 Documentation

• add documentation for retries (GH-948)
• docs - sphinx - fail on warnings (GH-949)
• Create userpass.rst (GH-775)
• doc: update reference to removed method (GH-942)
• Documentation updates for use with a private CA (GH-774)
• Update Azure guideline with proper client variable (GH-935)
• Update wrapping.rst - example for unauthenticated unwrap (GH-789)
• Fix typo in the AWS auth method docs (GH-911)
• Replace Azure docs occurence to Kubernetes (GH-904)

🧰 Miscellaneous

• Remove deprecated python syntax (GH-909)

Thanks to @BrandonHoffman, @Prividen, @WilkenSteiner, @aberenshtein, @adammike, @bendem, @briantist, @colin-pm, @dereckson, @dhuckins, @gmsantos, @jackcasey-visier, @localden, @nneul, @rhowe and @sebglon for their lovely contributions.

v1.0.2

• Update dependencies. GH-897

v1.0.1

🐛 Bug Fixes

• Add role_name parameter to auth.token.create_orphan. GH-891
• docs: Add RTD config. GH-894

📚 Documentation

• docs: Add RTD config. GH-894