--- layout: docs page_title: "Vault release notes" description: >- Key updates for the latest major Vault release --- > [!IMPORTANT] > **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website. # Vault release notes - **Version**: 1.20.x - **GA date**: 2025-06-25 @include 'release-notes/intro.mdx' ## Executive summary Vault Enterprise 1.20.0 streamlines the user experience, and improves visibility and transparency around billing, auditing, and Vault usage. The latest version of Vault also introduces new capabilities related to cryptography, secret recovery, and provides enhanced ecosystem integrations for centralizing secrets. ### Highlights - Improves support for chargeback and showback with enhanced visibility into the underlying source of costs. - Simplifies and enhances the user experience by improving namespace navigation, providing a customizable login function, and releasing a new secret recovery function. - Enhances and expands secure integrations by reducing friction on plugin distribution and supporting key-value-compatible secret import from AWS, Azure, and GCP. - Adds SCEP protocol support in Vault PKI for certificate automation and reduces IT footprint by eliminating the need for alternate PKI solutions explictly for SCEP integration. - Verified Vault PKI SCEP integrations with Azure Intune and JAMF for certificate automation reduce operational burdens such as outages or security breachs due to certificate expiry. - Enhances resilience by providing reliability improvements, control over traffic flows, and the ability to ensure fairness of Vault consumption across users and applications. - Better auditability and visibility into audit logs, certificates, Vault feature usage, and opinionated suggestions for improving Vault usage, including benchmarking that supports migrating from Consul to integrated storage. ## Feature deprecations and EOL Deprecated in 1.20.x | Retired in 1.20.x -------------------- | --------------- [Duplicate HCL attributes](/vault/docs/updates/deprecation#duplicate-hcl-attributes) | None [Snowflake DB password authentication](/vault/docs/updates/deprecation#snowflake-db-password-authentication) | @include 'release-notes/deprecation-note.mdx' ## Important changes @include 'release-notes/change-summary/1_20.mdx' ## System administration and operational updates

Update	Type	License	Description
Product usage data updates	Enhanced	Enterprise	Vault collects and reports additional data points to Hashicorp for improved product usage tracking. Learn more: Anonymous product usage reporting
Production vs. non-production cluster assignment	GA	Enterprise	Designate individual clusters as production or non-production. Vault reports individual cluster status to Hashicorp. Learn more: Development cluster configuration
Default login methods	GA	Enterprise	Configure default and back up login methods for Vault GUI to reduce complexity and confusion. Learn more: Manage custom login settings
Client count dashboard updates	Enhanced	Enterprise	Provides improved visibility into client count attribution, increases accuracy by removing estimates, and sets the current billing period in Vault GUI based on the current Vault configuration. Learn more: Client usage overview
Client count current month accuracy	Enhanced	Enterprise	Removed partial month estimates from client count to improve client count accuracy for the current month. Learn more: Partial month client count endpoint
GUI Namespace picker updates	Enhanced	Enterprise	Search, filter, and navigate to namespaces in the GUI without having to reauthenticate while enjoying reduced performance load and enhanced accessibility. Learn more: Manage namespaces in the Vault GUI
HTTP status telemetry	GA	Enterprise	Use Vault telemetry to track running total count by HTTP status codes. Learn more: vault.core.response_status_code
Cluster wide client telemetry	GA	Enterprise	Capture Vault telemetry to track the total count of distinct clients in a cluster. The metric updates every 10 minutes to support live reporting and alerting. Learn more: vault.client.billing_period.activity
Identity-based rate limit quotas	GA	Enterprise	Apply rate limit quotas by entity ID instead of IP for more granular and flexible control over traffic flow and easier management of misbehaving applications and users. Learn more: Resource quotas overview
Collective rate limit quotas	GA	Enterprise	Apply collective rate limit quotas to all traffic globally or by targeting a namespace, path, or mount to enforce collective limits without having to account for individual IP addresses. Learn more: Resource quotas overview
Secret recovery	GA	Enterprise	Recover an accidentally changed or deleted secret without performing a full cluster snapshot restoration, degrading the cluster, or impacting other items in the cluster. Learn more: Item recovery from a snapshot
GUI for TOTP	GA	Community	Users with TOTP access can use the Vault GUI to view their accounts, add a new account, see their hidden-by-default TOTP codes, and view timers for when their TOTPs expire.
Utilization reporting	GA	Enterprise	Review and identify the features used in a given cluster to determine where you might want to leverage additional Vault functionality. Learn more: /sys/utilization-report reference
Secrets import	Beta	Enterprise	Migrate existing secrets to Vault to centralize secrets management and realize the value of Vault faster. Learn more: Secrets import overview
Event notifications data consistency	GA	Enterprise	Event notifications include metadata to prevent stale data reads from secondary nodes during periods of high Vault load. Learn more: Event notifications overview
Plugin downloads	Beta	Enterprise	Use new endpoints to simplify downloading official HashiCorp secret and auth plugins from releases.hashicorp.com. Learn more: Register external plugins
Ephemeral resources support	GA	Enterprise	Use the Vault provider for Terraform with ephemeral resources and write-only attributes in key-value and database secret engines. Learn more: Vault provider for Terraform

## Manage 3rd-party secrets @include 'release-notes/section-notes/3rd-party.mdx'

Update	Type	License	Description
Snowflake authentication support for key pairs	GA	Community	Implement enhanced authentication security with key pair authentication in the Snowflake database secrets engine. Learn more: Snowflake overview
Terraform support for dynamic team tokens	GA	Community	Implement dynamic team token generation in the Terraform Cloud secrets engine. Learn more: Terraform Cloud overview

## Manage certificates @include 'release-notes/section-notes/certs.mdx'

Update	Type	License	Description
PKI support for SCEP certificate enrollment	GA	Community	Automate certificate enrollment of end-user and network devices that support SCEP protocol. End-user device integration validations include Azure In-Tune and Jamf MDM platforms.