[1.83.0]
Update vault to 2.0.0
Full Changelog
PKI External CA (Enterprise): A new plugin that provides the ability to acquire PKI certificates from Public CA providers through the ACME protocol
IBM PAO License Integration: Added IBM PAO license support, allowing usage of Vault Enterprise with an IBM PAO license key.
A new configuration stanza license_entitlement is required in the Vault config to use an IBM license. For more details, see
the License documentation.
KMIP Bring Your Own CA: Add new API to manage multiple CAs for client verification and make it possible to import external CAs.
LDAP Secrets Engine Enterprise Plugin: Add the new LDAP Secrets Engine Enterprise plugin. This enterprise version adds support for self-managed static roles and Rotation Manager support for automatic static role rotation. New plugin configurations can be set as "self managed", skipping the requirement for a bindpass field and allowing static roles to use their own password to rotate their credential. Automated static role credential rotation supports fine-grained scheduled rotations and retry policies through Vault Enterprise.
Login MFA TOTP Self-Enrollment (Enterprise): Simplify creation of login MFA TOTP credentials for users, allowing them to self-enroll MFA TOTP using a QR code (TOTP secret) generated during login. The new functionality is configurable on the TOTP login MFA method configuration screen and via the enable_self_enrollment parameter in the API.
Plugins (Enterprise): Allow overriding pinned version when creating and updating database engines
Plugins (Enterprise): Allow overriding pinned version when enabling and tuning auth and secrets backends
Template Integration for PublicPKICA: Vault Agent templates are now automatically re-rendered when a PKI external CA certificate is issued or renewed.
