mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-23 15:41:07 +02:00
Code Issues Projects Releases Wiki Activity
vault/website/content/docs/plugins/upgrade.mdx
Sarah Chavis 485ccbc5da
[DOCS] IA refresh (phase 2) (#30287)
2025-04-29 17:08:14 -07:00

57 lines
2.0 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: Upgrade Vault plugins
description: >-
Upgrade plugins running in Vault.
---
# Upgrade plugins
Upgrading a plugin in the catalog affects all uses of that plugin version. For
example, if you have 5 different `customkv` mounts using v1.0.0 and you upgrade
to v1.1.0, all the existing mounts will use the new binary if you overwrite it.
We recommend treating plugin versions in the catalog as immutable, like version
control tags, rather than overwriting them explicitly.
Always check the plugin release notes for unsupported transitions before
upgrading your plugins. Core systems within Vault manage the token and lease
lifecycle so plugins only renew or revoke tokens and leases when the core
systems requests it. As a result, existing tokens and leases are generally
unaffected by plugin upgrades.
## Before you start
- **To register and upgrade enterprise plugins, you must have Vault v1.16.16+,
1.17.12+, 1.18.5+, or 1.19.x+**.
- **You must have admin permissions for Vault**. Specifically, you must be able
to run `plugin register` and the appropriate `enable` command.
- **You must have [`plugin_directory`](/vault/docs/configuration#plugin_directory)
set in your Vault configuration file**.
- **You must have the new plugin binary or zip file saved to the location set in
`plugin_directory`**.
- **You must have [`api_addr`](/vault/docs/configuration#api_addr) set in your
Vault configuration file**.
## Step 1: Update the catalog entry
Register the new plugin binary or zip file with an updated version number under
the same plugin type and name as the existing plugin version.
@include 'plugins/register.mdx'
## Step 2: Reload the plugin
Until you reload the plugin, Vault continues running the old plugin version on
the mount path. When you trigger a reload, Vault kills the active plugin process
and start a new plugin process with the pinned version of that plugin.
@include 'plugins/pin-and-reload.mdx'
## Step 3: Verify the plugin status
@include 'plugins/verify-status.mdx'
Reference in New Issue View Git Blame Copy Permalink