v1.14.6/website/content/docs/upgrading/upgrade-to-1.7.x.mdx - hashicorp/vault - Git at Google

 ---
 layout: docs
 page_title: Upgrading to Vault 1.7.x - Guides
 description: |-
   This page contains the list of deprecations and important or breaking changes
   for Vault 1.7.x. Please read it carefully.
 ---

 # Overview

 This page contains the list of deprecations and important or breaking changes
 for Vault 1.7.x compared to 1.6. Please read it carefully.

 ## Go version

 Vault 1.7.8 and higher are built with Go 1.16. Please review the [Go Release
 Notes](https://golang.org/doc/go1.16) for full details. Vault 1.7.0-1.7.7 are
 built with Go 1.15.

 ## Barrier key Auto-Rotation

 If your Vault installation is at least a year old, the barrier key will be
 automatically rotated once, and then subsequently will be rotated per the
 settings in the new `sys/rotate/config` endpoint. This is a precaution to
 ensure the number of encryptions performed by the barrier key is fewer than that
 recommended by
 [NIST SP 800-38D](https://csrc.nist.gov/publications/detail/sp/800-38d/final).

 ## AWS auth endpoint changes and deprecations

 AWS Auth concepts and endpoints that use the "whitelist" and "blacklist" terms
 have been updated to more inclusive language (e.g. `/auth/aws/identity-whitelist` has been
 updated to`/auth/aws/identity-accesslist`). The old and new endpoints are aliases,
 sharing the same underlying data. The legacy endpoint names are considered **deprecated**
 and will be removed in a future release (not before Vault 1.9). The complete list of
 endpoint changes is available in the [AWS Auth API docs](/vault/api-docs/auth/aws#deprecations-effective-in-vault-1-7).

 @include 'alpine-314.mdx'

 @include 'entity-alias-mapping.mdx'

 ## Known issues

 Due to the known issue, Transform Secrets Engine users are recommended to upgrade to version 1.7.0.
 Due to the known issue, Lease Count Quota users with DR Secondaries are recommended to upgrade to version 1.7.4.

 ### Autopilot

 - Autopilot is not currently supported on DR Secondary clusters, or in
   Integrated Storage's HA-only mode.
 - If the IP address in the raft peer list is different from the configured
   cluster address, autopilot may be unable to determine the leader node. If
   affected, you should disabled autopilot by setting the
   `VAULT_RAFT_AUTOPILOT_DISABLE` environment variable to 1.

 @include 'transform-upgrade.mdx'

 @include 'lease-count-quota-upgrade.mdx'
	---
	layout: docs
	page_title: Upgrading to Vault 1.7.x - Guides
	description: \|-
	This page contains the list of deprecations and important or breaking changes
	for Vault 1.7.x. Please read it carefully.
	---

	# Overview

	This page contains the list of deprecations and important or breaking changes
	for Vault 1.7.x compared to 1.6. Please read it carefully.

	## Go version

	Vault 1.7.8 and higher are built with Go 1.16. Please review the [Go Release
	Notes](https://golang.org/doc/go1.16) for full details. Vault 1.7.0-1.7.7 are
	built with Go 1.15.

	## Barrier key Auto-Rotation

	If your Vault installation is at least a year old, the barrier key will be
	automatically rotated once, and then subsequently will be rotated per the
	settings in the new `sys/rotate/config` endpoint. This is a precaution to
	ensure the number of encryptions performed by the barrier key is fewer than that
	recommended by
	[NIST SP 800-38D](https://csrc.nist.gov/publications/detail/sp/800-38d/final).

	## AWS auth endpoint changes and deprecations

	AWS Auth concepts and endpoints that use the "whitelist" and "blacklist" terms
	have been updated to more inclusive language (e.g. `/auth/aws/identity-whitelist` has been
	updated to`/auth/aws/identity-accesslist`). The old and new endpoints are aliases,
	sharing the same underlying data. The legacy endpoint names are considered deprecated
	and will be removed in a future release (not before Vault 1.9). The complete list of
	endpoint changes is available in the [AWS Auth API docs](/vault/api-docs/auth/aws#deprecations-effective-in-vault-1-7).

	@include 'alpine-314.mdx'

	@include 'entity-alias-mapping.mdx'

	## Known issues

	Due to the known issue, Transform Secrets Engine users are recommended to upgrade to version 1.7.0.
	Due to the known issue, Lease Count Quota users with DR Secondaries are recommended to upgrade to version 1.7.4.

	### Autopilot

	- Autopilot is not currently supported on DR Secondary clusters, or in
	Integrated Storage's HA-only mode.
	- If the IP address in the raft peer list is different from the configured
	cluster address, autopilot may be unable to determine the leader node. If
	affected, you should disabled autopilot by setting the
	`VAULT_RAFT_AUTOPILOT_DISABLE` environment variable to 1.

	@include 'transform-upgrade.mdx'

	@include 'lease-count-quota-upgrade.mdx'