Skip to content

Update hashicorp/vault requirement from ~> 4.0 to ~> 5.9 in /tofu#216

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/terraform/tofu/hashicorp/vault-tw-5.9
Open

Update hashicorp/vault requirement from ~> 4.0 to ~> 5.9 in /tofu#216
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/terraform/tofu/hashicorp/vault-tw-5.9

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 28, 2026

Updates the requirements on hashicorp/vault to permit the latest version.

Release notes

Sourced from hashicorp/vault's releases.

v5.9.0

5.9.0 (April 22, 2026)

BREAKING CHANGES:

  • Renamed all Vault 2.0 pki-external-ca resources from version 5.8.0 to a common prefix of vault_pki_external_ca_. (#2838)

FEATURES:

  • New Resources: Add support for OS Secrets Engine with vault_os_secret_backend, vault_os_secret_backend_host, and vault_os_secret_backend_account resources for managing operating system credentials via SSH. Requires Vault 2.0.0+. (#2865)
  • New Resources: vault_rotation_policy for managing rotation policies. Requires Vault 2.0.0+. (#2844)
  • Add support for vault_quota_config resource. (#2837)
  • New Resources: Add support for Vault Key Management secrets engine with resources for managing KMS providers (AWS KMS, Azure Key Vault, GCP Cloud KMS), cryptographic keys, key distribution, replication, and rotation (Vault Enterprise). (#2802)
  • New Resources: vault_alicloud_secret_backend, vault_alicloud_secret_backend_role, and ephemeral resource vault_alicloud_access_credentials for managing AliCloud secrets engine. (#2858, #2874)
  • New Resource: vault_plugin_runtime for managing plugin runtimes in Vault's plugin runtimes catalog. Requires Vault 1.15 or later.(#2835)
  • Add support for CORS configuration: vault_sys_config_cors resource and data source for managing and reading Vault's CORS (Cross-Origin Resource Sharing) settings. (#2849)
  • New Ephemeral Resource: Add vault_generic_endpoint ephemeral resource with response field extraction from data, auth, wrap_info, and lease metadata.(#2830)

IMPROVEMENTS:

  • vault_cf_auth_backend_config: Added cf_password_wo_version to trigger updates when only cf_password_wo changes.(#2878)
  • vault_pki_secret_backend_config_acme: Added new fields that control the PKI ACME challenge worker IP ranges that they can connect. ([#2839]hashicorp/terraform-provider-vault#2839)
  • Add support for metadata fields in azure_access_credentials and resource_azure_secret_backend_role resources. (#2734
  • Add support for Enterprise Plugins in vault_plugin resource. (#2707)
  • vault_ldap_secret_backend: Add self-managed support to ldap secrets engine. Requires Vault Enterprise 2.0+. (#2845)
  • azure_static_role: Add support for importing existing credentials via new Vault import endpoint. (#2756)
  • Updated dependencies:
    • cloud.google.com/go/auth v0.18.2 -> v0.20.0
    • cloud.google.com/go/cloudsqlconn v1.4.3 -> v1.20.2
    • cloud.google.com/go/iam v1.7.0 -> v1.9.0
    • filippo.io/edwards25519 v1.1.1 -> v1.2.0
    • github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0 -> v1.21.1
    • github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 -> v1.12.0
    • github.com/aws/aws-sdk-go-v2 v1.41.5 -> v1.41.6
    • github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21 -> v1.4.22
    • github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21 -> v2.7.22
    • github.com/aws/aws-sdk-go-v2/service/iam v1.53.7 -> v1.53.8
    • github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.7 -> v1.13.8
    • github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.21 -> v1.13.22
    • github.com/aws/aws-sdk-go-v2/service/sts v1.41.10 -> v1.42.0
    • github.com/aws/smithy-go v1.24.3 -> v1.25.0
    • github.com/docker/docker v28.3.3+incompatible -> v28.5.2+incompatible
    • github.com/docker/go-connections v0.5.0 -> v0.7.0
    • github.com/fatih/color v1.18.0 -> v1.19.0
    • github.com/go-jose/go-jose/v3 v3.0.4 -> v3.0.5
    • github.com/go-jose/go-jose/v4 v4.1.3 -> v4.1.4
    • github.com/googleapis/gax-go/v2 v2.20.0 -> v2.21.0
    • github.com/hashicorp/consul/api v1.33.7 -> v1.34.1
    • github.com/hashicorp/go-secure-stdlib/plugincontainer v0.4.2 -> v0.5.0
    • github.com/hashicorp/terraform-plugin-mux v0.23.0 -> v0.23.1

... (truncated)

Changelog

Sourced from hashicorp/vault's changelog.

5.9.0 (April 22, 2026)

BREAKING CHANGES:

  • Renamed all Vault 2.0 pki-external-ca resources from version 5.8.0 to a common prefix of vault_pki_external_ca_. (#2838)

FEATURES:

  • New Resources: Add support for OS Secrets Engine with vault_os_secret_backend, vault_os_secret_backend_host, and vault_os_secret_backend_account resources for managing operating system credentials via SSH. Requires Vault 2.0.0+. (#2865)
  • New Resources: vault_rotation_policy for managing rotation policies. Requires Vault 2.0.0+. (#2844)
  • Add support for vault_quota_config resource. (#2837)
  • New Resources: Add support for Vault Key Management secrets engine with resources for managing KMS providers (AWS KMS, Azure Key Vault, GCP Cloud KMS), cryptographic keys, key distribution, replication, and rotation (Vault Enterprise). (#2802)
  • New Resources: vault_alicloud_secret_backend, vault_alicloud_secret_backend_role, and ephemeral resource vault_alicloud_access_credentials for managing AliCloud secrets engine. (#2858, #2874)
  • New Resource: vault_plugin_runtime for managing plugin runtimes in Vault's plugin runtimes catalog. Requires Vault 1.15 or later.(#2835)
  • Add support for CORS configuration: vault_sys_config_cors resource and data source for managing and reading Vault's CORS (Cross-Origin Resource Sharing) settings. (#2849)
  • New Ephemeral Resource: Add vault_generic_endpoint ephemeral resource with response field extraction from data, auth, wrap_info, and lease metadata.(#2830)

IMPROVEMENTS:

  • vault_cf_auth_backend_config: Added cf_password_wo_version to trigger updates when only cf_password_wo changes.(#2878)
  • vault_pki_secret_backend_config_acme: Added new fields that control the PKI ACME challenge worker IP ranges that they can connect. ([#2839]hashicorp/terraform-provider-vault#2839)
  • Add support for metadata fields in azure_access_credentials and resource_azure_secret_backend_role resources. (#2734
  • Add support for Enterprise Plugins in vault_plugin resource. (#2707)
  • vault_ldap_secret_backend: Add self-managed support to ldap secrets engine. Requires Vault Enterprise 2.0+. (#2845)
  • azure_static_role: Add support for importing existing credentials via new Vault import endpoint. (#2756)
  • Updated dependencies:
    • cloud.google.com/go/auth v0.18.2 -> v0.20.0
    • cloud.google.com/go/cloudsqlconn v1.4.3 -> v1.20.2
    • cloud.google.com/go/iam v1.7.0 -> v1.9.0
    • filippo.io/edwards25519 v1.1.1 -> v1.2.0
    • github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0 -> v1.21.1
    • github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 -> v1.12.0
    • github.com/aws/aws-sdk-go-v2 v1.41.5 -> v1.41.6
    • github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21 -> v1.4.22
    • github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21 -> v2.7.22
    • github.com/aws/aws-sdk-go-v2/service/iam v1.53.7 -> v1.53.8
    • github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.7 -> v1.13.8
    • github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.21 -> v1.13.22
    • github.com/aws/aws-sdk-go-v2/service/sts v1.41.10 -> v1.42.0
    • github.com/aws/smithy-go v1.24.3 -> v1.25.0
    • github.com/docker/docker v28.3.3+incompatible -> v28.5.2+incompatible
    • github.com/docker/go-connections v0.5.0 -> v0.7.0
    • github.com/fatih/color v1.18.0 -> v1.19.0
    • github.com/go-jose/go-jose/v3 v3.0.4 -> v3.0.5
    • github.com/go-jose/go-jose/v4 v4.1.3 -> v4.1.4
    • github.com/googleapis/gax-go/v2 v2.20.0 -> v2.21.0
    • github.com/hashicorp/consul/api v1.33.7 -> v1.34.1
    • github.com/hashicorp/go-secure-stdlib/plugincontainer v0.4.2 -> v0.5.0
    • github.com/hashicorp/terraform-plugin-mux v0.23.0 -> v0.23.1
    • github.com/hashicorp/vault/sdk v0.25.0 -> v0.25.1

... (truncated)

Commits
  • 5e9fcd4 Prepare for v5.9.0 Release. (#2889)
  • 522d38b Add support of OS Secrets Engine (#2865)
  • 26b19b7 Add wo version field handling for Cloudfoundry (#2878)
  • 9ba38c7 Add vault_generic_endpoint ephemeral resource with auth and wrap_info support...
  • e922381 VAULT-37696: vault_plugin support for enterprise plugins (#2707)
  • 35fdffe Update Azure Static Secrets to use new import endpoint (#2756) (#2884)
  • e1561c6 Implement change detection for the write-only field in Alicloud Secret engine...
  • 3674cbe auth/aws: Skip manual AssumeRole for web identity auth_login_aws flows. (#2850)
  • 28ea471 Fix pki and pki-external-ca tests (#2880)
  • 0d03c78 add vault_rotation_policy resource (#2844)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Update hashicorp/vault requirement from ~> 4.0 to ~> 5.9 in /tofu
16c2a94 
Updates the requirements on [hashicorp/vault](https://github.com/hashicorp/terraform-provider-vault) to permit the latest version.
- [Release notes](https://github.com/hashicorp/terraform-provider-vault/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-vault/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-vault@v4.0.0...v5.9.0)

---
updated-dependencies:
- dependency-name: hashicorp/vault
  dependency-version: 5.9.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file terraform Pull requests that update terraform code labels Apr 28, 2026
@dependabot dependabot Bot mentioned this pull request Apr 28, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file terraform Pull requests that update terraform code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants