Skip to content
Security

HashiCorp Vault Releases

Track HashiCorp Vault releases, OSS vs Enterprise comparison, secrets engine evolution, authentication method support, and upgrade guidance.

Official Site Documentation

Total Versions

Supported

Latest

Version Timeline

All tracked releases with lifecycle status and EOL dates.

Loading version data…

Lifecycle Timeline

Visual overview of active support and maintenance windows.

1.13
1.14
1.15
1.16
1.17
1.18
2023 2024 2025 2026 2027 2028
Active
Maint
Active
Maint
Active
Maint
Active
Maint
Active
Maint
Active
Maint
Active / LTS
Maintenance
Today

Upgrade Paths

Migration guidance between major versions — breaking changes, effort estimates, and tips.

1.13/1.14 1.17+ Medium Difficulty
Est. 1-2 hours per minor version hop

Breaking Changes

  • BSL license change (1.14+)
  • Deprecated auth method configurations removed
  • Activity log format changes
  • Secrets engine mount configuration stricter
  • Raft autopilot behavior changes
  • Token format changes in some edge cases

Migration Notes

Upgrade one minor version at a time. Back up the storage backend before each hop. The biggest non-technical change is the BSL license starting in 1.14. If you are auto-deploying from GitHub, your automation may need to accept the new license. Read the upgrade notes for each version: Vault occasionally changes default behavior for security hardening.

1.16/1.17 1.18 Low Difficulty
Est. 30-60 minutes

Breaking Changes

  • New default audit log format options
  • Enhanced PKI secrets engine behavior
  • Updated Kubernetes auth method defaults

Migration Notes

Recent minor upgrades are smooth. Back up storage, upgrade standby nodes, step down active, upgrade active. Verify seal status and auth method connectivity after upgrade.

Version Risk Assessment

Evaluate risk factors before choosing a version for production.

Version EOL Risk CVE Risk Ecosystem Cloud Support Overall Recommended Action
HashiCorp Vault 1.13 and older Critical Critical Unsupported None Critical No patches for your secrets manager — upgrade NOW
HashiCorp Vault 1.14/1.15 Critical High Unsupported Degrading Critical Past EOL — known CVEs unpatched
HashiCorp Vault 1.16 Medium Low Maintenance Full Medium Security-only — plan upgrade
HashiCorp Vault 1.17 Low Low Active Full Low Supported — keep patched
HashiCorp Vault 1.18 None Low Active Full Low Latest — recommended

Vault manages secrets and credentials. Running unsupported versions is a critical security risk. HashiCorp patches the latest 3 minor versions. Assessed March 2026.

Vault Version Feature Comparison

Side-by-side feature differences across major versions.

Feature 1.14 1.15 1.16 1.17 1.18
License BSL 1.1 BSL 1.1 BSL 1.1 BSL 1.1 BSL 1.1
Secrets sync (Enterprise) No Beta Stable Enhanced Enhanced
PKI improvements ACME beta ACME stable Enhanced Enhanced Enhanced
Kubernetes auth Stable Stable Enhanced Enhanced Enhanced
Transit auto-key rotation Stable Stable Enhanced Enhanced Enhanced
Audit log streaming Basic Improved Improved Enhanced Enhanced
Raft performance Stable Improved Improved Enhanced Enhanced
Event system No Alpha Beta Stable Enhanced
Plugin versioning Beta Stable Stable Stable Stable

Embed Badges

Add live HashiCorp Vault status badges to your README, docs, or dashboard.

Health Status

Overall support health

HashiCorp Vault Health Status
![HashiCorp Vault Health Status](https://img.releaserun.com/badge/health/hashicorp-vault.svg)

EOL Countdown

Next end-of-life date

HashiCorp Vault EOL Countdown
![HashiCorp Vault EOL Countdown](https://img.releaserun.com/badge/eol/hashicorp-vault.svg)

Latest Version

Current stable release

HashiCorp Vault Latest Version
![HashiCorp Vault Latest Version](https://img.releaserun.com/badge/v/hashicorp-vault.svg)

CVE Status

Known vulnerabilities

HashiCorp Vault CVE Status
![HashiCorp Vault CVE Status](https://img.releaserun.com/badge/cve/hashicorp-vault.svg)

Frequently Asked Questions

Common questions about HashiCorp Vault releases and lifecycle.

What changed with Vault's BSL license?
In August 2023, HashiCorp relicensed Vault from MPL 2.0 to BSL 1.1 (Business Source License). The BSL allows usage for internal purposes but prohibits offering Vault as a competing managed service. Most self-hosted users are unaffected. The community forked Vault as OpenBao (under the Linux Foundation) for those who want a permissively licensed alternative. OpenBao tracks Vault's feature set but may diverge over time.
What is the difference between Vault OSS, Enterprise, and HCP Vault?
Vault OSS (now BSL) is the full secrets management platform. Enterprise adds performance replication, disaster recovery replication, namespaces, Sentinel policies, FIPS 140-2 compliance, and HSM auto-unseal. HCP Vault (HashiCorp Cloud Platform) is a fully managed SaaS version. For most teams, OSS is sufficient. Enterprise is for multi-datacenter/multi-cloud HA setups. HCP is for teams that do not want to operate Vault.
How does Vault versioning and support work?
Vault releases minor versions roughly every 4-6 months. Each minor version receives patches for approximately 12 months. HashiCorp maintains the latest 3 minor versions with bug and security fixes. Enterprise customers get extended support. The project follows semantic versioning: minor bumps add features, patch bumps fix bugs.
How do I upgrade Vault safely?
Vault upgrades must follow the documented upgrade path: check the upgrade guide for your version pair, back up the storage backend, read the changelog for breaking changes, then perform a rolling upgrade (standby nodes first, then the active node). Vault handles seal migration and internal data migration automatically. Never skip major version bumps. For HA clusters, upgrade standby nodes first.
What are the most commonly used secrets engines?
KV (key-value) v2 is used by almost everyone for static secrets. PKI for internal certificate authorities. Database for dynamic database credentials. AWS/Azure/GCP for dynamic cloud credentials. Transit for encryption as a service. SSH for signed SSH certificates. These 7 cover 95% of use cases. Vault has 25+ secrets engines total.
What is OpenBao?
OpenBao is a community fork of Vault maintained under the Linux Foundation, created in response to HashiCorp's BSL relicensing. It is MPL 2.0 licensed and aims to be API-compatible with Vault. It is still early (launched late 2023) and has a smaller community and plugin ecosystem than Vault. If licensing is a concern and you do not need Enterprise features, OpenBao is worth evaluating.

Related Tools

Dep EOL Scanner

Check your dependencies for end-of-life packages.

Stack Health Scorecard

Get an overall health grade for your tech stack.

Release Index

Browse all tracked platforms and their release timelines.
Browse All Version History