From 2a8d79dbc06d6eeb87f9f04427372c4055fc995d Mon Sep 17 00:00:00 2001
From: Steven Clark <steven.clark@hashicorp.com>
Date: Thu, 25 Sep 2025 11:08:03 -0400
Subject: [PATCH 1/4] Add a new Vault known issue around rewrapping with
 multi-seal enabled on failovers

---
 .../important-changes/summary-tables/1_16.mdx       |  1 +
 .../important-changes/summary-tables/1_18.mdx       |  1 +
 .../important-changes/summary-tables/1_19.mdx       |  1 +
 .../important-changes/summary-tables/1_20.mdx       |  1 +
 .../partials/known-issues/multi-seal-rewrap.mdx     | 12 ++++++++++++
 .../partials/known-issues/multi-seal-rewrap.mdx     | 12 ++++++++++++
 .../content/docs/updates/important-changes.mdx      | 13 +++++++++++++
 .../content/docs/updates/important-changes.mdx      | 13 +++++++++++++
 8 files changed, 54 insertions(+)
 create mode 100644 content/vault/v1.16.x/content/partials/known-issues/multi-seal-rewrap.mdx
 create mode 100644 content/vault/v1.18.x/content/partials/known-issues/multi-seal-rewrap.mdx

diff --git a/content/vault/global/partials/important-changes/summary-tables/1_16.mdx b/content/vault/global/partials/important-changes/summary-tables/1_16.mdx
index 6999a40e30..60ba728396 100644
--- a/content/vault/global/partials/important-changes/summary-tables/1_16.mdx
+++ b/content/vault/global/partials/important-changes/summary-tables/1_16.mdx
@@ -50,3 +50,4 @@ Found   | Fixed   | Workaround | Edition    | Issue
 1.16.16 | 1.16.20 | Upgrade    | All        | [Unexpected LDAP static role rotations on upgrade](/vault/docs/v1.16.x/updates/important-changes#ldap-static-role-rotations-on-upgrade)
 1.16.17 | 1.16.21 | **Yes**    | Enterprise | [External Enterprise plugins cannot run on a standby node when it becomes active](/vault/docs/v1.16.x/updates/important-changes#external-ent-plugins)
 1.16.18 | 1.16.21 | Upgrade    | All        | [Azure authN fails to authenticate Uniform VMSS instances](/vault/docs/v1.16.x/updates/important-changes#azure-auth-fails-to-authenticate-uniform-vmss-instances)
+1.16.0  | No      | No         | Enterprise | [Full seal rewraps occur on DR/PR failover with multi-seal enabled](/vault/docs/v1.16.x/updates/important-changes#multi-seal-rewrap)
\ No newline at end of file
diff --git a/content/vault/global/partials/important-changes/summary-tables/1_18.mdx b/content/vault/global/partials/important-changes/summary-tables/1_18.mdx
index 71aa5c18c6..1e7db10164 100644
--- a/content/vault/global/partials/important-changes/summary-tables/1_18.mdx
+++ b/content/vault/global/partials/important-changes/summary-tables/1_18.mdx
@@ -34,3 +34,4 @@ Found  | Fixed   | Workaround | Edition    | Issue
 1.18.5 | 1.18.9  | Upgrade    | All        | [Unexpected LDAP static role rotations on upgrade](/vault/docs/v1.18.x/updates/important-changes#ldap-static-role-rotations-on-upgrade)
 1.18.6 | 1.18.10 | **Yes**    | Enterprise | [External Enterprise plugins cannot run on a standby node when it becomes active](/vault/docs/v1.18.x/updates/important-changes#external-ent-plugins)
 1.18.7 | 1.18.10 | **Yes**    | All        | [Azure authN fails to authenticate Uniform VMSS instances](/vault/docs/v1.18.x/updates/important-changes#azure-auth-fails-to-authenticate-uniform-vmss-instances)
+1.18.0 | No      | No         | Enterprise | [Full seal rewraps occur on DR/PR failover with multi-seal enabled](/vault/docs/v1.18.x/updates/important-changes#multi-seal-rewrap)
\ No newline at end of file
diff --git a/content/vault/global/partials/important-changes/summary-tables/1_19.mdx b/content/vault/global/partials/important-changes/summary-tables/1_19.mdx
index 976fd470b4..e6c1d3d25f 100644
--- a/content/vault/global/partials/important-changes/summary-tables/1_19.mdx
+++ b/content/vault/global/partials/important-changes/summary-tables/1_19.mdx
@@ -43,3 +43,4 @@ Found  | Fixed  | Workaround | Edition    | Issue
 1.18.4 | No     | **Yes**    | All        | [Failing credential refresh for Snowflake DB secrets engine key pair authentication](/vault/docs/v1.19.x/updates/important-changes#snowflake-keypair-refresh)
 1.19.0 | No     | No         | All        | [Writing configuration to local auth mount (ldap, aws, gcp, azure) ignores local flag](/vault/docs/v1.19.x/updates/important-changes#local-auth-known-issue)
 1.19.0 | No     | **Yes**    | Enterprise | [Missed events with multiple event clients](/vault/docs/v1.19.x/updates/important-changes#missed-events)
+1.19.0 | No     | No         | Enterprise | [Full seal rewraps occur on DR/PR failover with multi-seal enabled](/vault/docs/v1.19.x/updates/important-changes#multi-seal-rewrap)
\ No newline at end of file
diff --git a/content/vault/global/partials/important-changes/summary-tables/1_20.mdx b/content/vault/global/partials/important-changes/summary-tables/1_20.mdx
index 13373b74f5..b73bad403c 100644
--- a/content/vault/global/partials/important-changes/summary-tables/1_20.mdx
+++ b/content/vault/global/partials/important-changes/summary-tables/1_20.mdx
@@ -31,3 +31,4 @@ Found  | Fixed  | Workaround | Edition    | Issue
 1.20.0 | 1.20.1 | **Yes**    | All        | [Duplicate LDAP password rotations on standby node check-in](/vault/docs/v1.20.x/updates/important-changes#ldap-checkin)
 1.19.0 | No     | No         | All        | [Writing configuration to local auth mount (ldap, aws, gcp, azure) ignores local flag](/vault/docs/v1.20.x/updates/important-changes#local-auth-known-issue)
 1.19.0 | No     | **Yes**    | Enterprise | [Missed events with multiple event clients](/vault/docs/v1.20.x/updates/important-changes#missed-events)
+1.20.0 | No     | No         | Enterprise | [Full seal rewraps occur on DR/PR failover with multi-seal enabled](/vault/docs/v1.20.x/updates/important-changes#multi-seal-rewrap)
\ No newline at end of file
diff --git a/content/vault/v1.16.x/content/partials/known-issues/multi-seal-rewrap.mdx b/content/vault/v1.16.x/content/partials/known-issues/multi-seal-rewrap.mdx
new file mode 100644
index 0000000000..f038b23b10
--- /dev/null
+++ b/content/vault/v1.16.x/content/partials/known-issues/multi-seal-rewrap.mdx
@@ -0,0 +1,12 @@
+### Full seal rewraps occur on DR/PR failover with multi-seal enabled ((#multi-seal-rewrap)) <EnterpriseAlert inline="true" />
+
+| Change      | Affected versions                              | Fixed version |
+|-------------|------------------------------------------------|---------------|
+| Known issue | 1.20.x+ent, 1.19.x+ent, 1.18.x+ent, 1.16.x+ent | None          |
+
+When failing over to a DR or performance cluster with `enable_multiseal = true`, a full rewrap occurs. This
+can lead to performance degradation until the rewrap operation completes.
+
+#### Recommendation
+
+No workaround is available at this time, short of disabling multi-seal support.
diff --git a/content/vault/v1.18.x/content/partials/known-issues/multi-seal-rewrap.mdx b/content/vault/v1.18.x/content/partials/known-issues/multi-seal-rewrap.mdx
new file mode 100644
index 0000000000..f038b23b10
--- /dev/null
+++ b/content/vault/v1.18.x/content/partials/known-issues/multi-seal-rewrap.mdx
@@ -0,0 +1,12 @@
+### Full seal rewraps occur on DR/PR failover with multi-seal enabled ((#multi-seal-rewrap)) <EnterpriseAlert inline="true" />
+
+| Change      | Affected versions                              | Fixed version |
+|-------------|------------------------------------------------|---------------|
+| Known issue | 1.20.x+ent, 1.19.x+ent, 1.18.x+ent, 1.16.x+ent | None          |
+
+When failing over to a DR or performance cluster with `enable_multiseal = true`, a full rewrap occurs. This
+can lead to performance degradation until the rewrap operation completes.
+
+#### Recommendation
+
+No workaround is available at this time, short of disabling multi-seal support.
diff --git a/content/vault/v1.19.x/content/docs/updates/important-changes.mdx b/content/vault/v1.19.x/content/docs/updates/important-changes.mdx
index 285431eb9e..8a1e032438 100644
--- a/content/vault/v1.19.x/content/docs/updates/important-changes.mdx
+++ b/content/vault/v1.19.x/content/docs/updates/important-changes.mdx
@@ -516,3 +516,16 @@ filters you have two options:
 
 1. Spread them out among the nodes of the Vault cluster.
 1. Only subscribe to events on the active node of the cluster.
+
+### Full seal rewraps occur on DR/PR failover with multi-seal enabled ((#multi-seal-rewrap)) <EnterpriseAlert inline="true" />
+
+| Change      | Affected versions                              | Fixed version |
+|-------------|------------------------------------------------|---------------|
+| Known issue | 1.20.x+ent, 1.19.x+ent, 1.18.x+ent, 1.16.x+ent | None          |
+
+When failing over to a DR or performance cluster with `enable_multiseal = true`, a full rewrap occurs. This
+can lead to performance degradation until the rewrap operation completes.
+
+#### Recommendation
+
+No workaround is available at this time, short of disabling multi-seal support.
\ No newline at end of file
diff --git a/content/vault/v1.20.x/content/docs/updates/important-changes.mdx b/content/vault/v1.20.x/content/docs/updates/important-changes.mdx
index d41171335a..bda1ff7824 100644
--- a/content/vault/v1.20.x/content/docs/updates/important-changes.mdx
+++ b/content/vault/v1.20.x/content/docs/updates/important-changes.mdx
@@ -400,3 +400,16 @@ filters you have two options:
 
 1. Spread them out among the nodes of the Vault cluster.
 1. Only subscribe to events on the active node of the cluster.
+
+### Full seal rewraps occur on DR/PR failover with multi-seal enabled ((#multi-seal-rewrap)) <EnterpriseAlert inline="true" />
+
+| Change      | Affected versions                              | Fixed version |
+|-------------|------------------------------------------------|---------------|
+| Known issue | 1.20.x+ent, 1.19.x+ent, 1.18.x+ent, 1.16.x+ent | None          |
+
+When failing over to a DR or performance cluster with `enable_multiseal = true`, a full rewrap occurs. This
+can lead to performance degradation until the rewrap operation completes.
+
+#### Recommendation
+
+No workaround is available at this time, short of disabling multi-seal support.
\ No newline at end of file

From 24e8332f1be638da169a5a121a431fca96081ec6 Mon Sep 17 00:00:00 2001
From: Steven Clark <steven.clark@hashicorp.com>
Date: Thu, 25 Sep 2025 13:13:23 -0400
Subject: [PATCH 2/4] Adjust 1.16.x and 1.18.x known issues to proper format

---
 .../known-issue}/multi-seal-rewrap.mdx               |  0
 .../important-changes/summary-tables/1_16.mdx        |  2 +-
 .../important-changes/summary-tables/1_18.mdx        |  2 +-
 .../content/docs/upgrading/upgrade-to-1.16.x.mdx     |  2 ++
 .../content/docs/upgrading/upgrade-to-1.16.x.mdx     |  4 +++-
 .../content/docs/upgrading/upgrade-to-1.18.x.mdx     |  2 ++
 .../partials/known-issues/multi-seal-rewrap.mdx      | 12 ------------
 7 files changed, 9 insertions(+), 15 deletions(-)
 rename content/vault/{v1.16.x/content/partials/known-issues => global/partials/important-changes/known-issue}/multi-seal-rewrap.mdx (100%)
 delete mode 100644 content/vault/v1.18.x/content/partials/known-issues/multi-seal-rewrap.mdx

diff --git a/content/vault/v1.16.x/content/partials/known-issues/multi-seal-rewrap.mdx b/content/vault/global/partials/important-changes/known-issue/multi-seal-rewrap.mdx
similarity index 100%
rename from content/vault/v1.16.x/content/partials/known-issues/multi-seal-rewrap.mdx
rename to content/vault/global/partials/important-changes/known-issue/multi-seal-rewrap.mdx
diff --git a/content/vault/global/partials/important-changes/summary-tables/1_16.mdx b/content/vault/global/partials/important-changes/summary-tables/1_16.mdx
index 60ba728396..c1a23b4969 100644
--- a/content/vault/global/partials/important-changes/summary-tables/1_16.mdx
+++ b/content/vault/global/partials/important-changes/summary-tables/1_16.mdx
@@ -50,4 +50,4 @@ Found   | Fixed   | Workaround | Edition    | Issue
 1.16.16 | 1.16.20 | Upgrade    | All        | [Unexpected LDAP static role rotations on upgrade](/vault/docs/v1.16.x/updates/important-changes#ldap-static-role-rotations-on-upgrade)
 1.16.17 | 1.16.21 | **Yes**    | Enterprise | [External Enterprise plugins cannot run on a standby node when it becomes active](/vault/docs/v1.16.x/updates/important-changes#external-ent-plugins)
 1.16.18 | 1.16.21 | Upgrade    | All        | [Azure authN fails to authenticate Uniform VMSS instances](/vault/docs/v1.16.x/updates/important-changes#azure-auth-fails-to-authenticate-uniform-vmss-instances)
-1.16.0  | No      | No         | Enterprise | [Full seal rewraps occur on DR/PR failover with multi-seal enabled](/vault/docs/v1.16.x/updates/important-changes#multi-seal-rewrap)
\ No newline at end of file
+1.16.0  | No      | No         | Enterprise | [Full seal rewraps occur on DR/PR failover with multi-seal enabled](/vault/docs/v1.16.x/upgrading/upgrade-to-1.16.x#multi-seal-rewrap)
\ No newline at end of file
diff --git a/content/vault/global/partials/important-changes/summary-tables/1_18.mdx b/content/vault/global/partials/important-changes/summary-tables/1_18.mdx
index 1e7db10164..c8abc40e1b 100644
--- a/content/vault/global/partials/important-changes/summary-tables/1_18.mdx
+++ b/content/vault/global/partials/important-changes/summary-tables/1_18.mdx
@@ -34,4 +34,4 @@ Found  | Fixed   | Workaround | Edition    | Issue
 1.18.5 | 1.18.9  | Upgrade    | All        | [Unexpected LDAP static role rotations on upgrade](/vault/docs/v1.18.x/updates/important-changes#ldap-static-role-rotations-on-upgrade)
 1.18.6 | 1.18.10 | **Yes**    | Enterprise | [External Enterprise plugins cannot run on a standby node when it becomes active](/vault/docs/v1.18.x/updates/important-changes#external-ent-plugins)
 1.18.7 | 1.18.10 | **Yes**    | All        | [Azure authN fails to authenticate Uniform VMSS instances](/vault/docs/v1.18.x/updates/important-changes#azure-auth-fails-to-authenticate-uniform-vmss-instances)
-1.18.0 | No      | No         | Enterprise | [Full seal rewraps occur on DR/PR failover with multi-seal enabled](/vault/docs/v1.18.x/updates/important-changes#multi-seal-rewrap)
\ No newline at end of file
+1.18.0  | No     | No         | Enterprise | [Full seal rewraps occur on DR/PR failover with multi-seal enabled](/vault/docs/v1.18.x/upgrading/upgrade-to-1.18.x#multi-seal-rewrap)
\ No newline at end of file
diff --git a/content/vault/v1.16.x/content/docs/upgrading/upgrade-to-1.16.x.mdx b/content/vault/v1.16.x/content/docs/upgrading/upgrade-to-1.16.x.mdx
index f3c7d8a2dd..5951f4281f 100644
--- a/content/vault/v1.16.x/content/docs/upgrading/upgrade-to-1.16.x.mdx
+++ b/content/vault/v1.16.x/content/docs/upgrading/upgrade-to-1.16.x.mdx
@@ -308,3 +308,5 @@ If you use `file` audit devices, you need to:
 @include 'known-issues/sync-activation-flags-cache-not-updated.mdx'
 
 @include 'known-issues/enterprise-plugins.mdx'
+
+@include '../../../global/partials/important-changes/known-issue/multi-seal-rewrap.mdx'
diff --git a/content/vault/v1.18.x/content/docs/upgrading/upgrade-to-1.16.x.mdx b/content/vault/v1.18.x/content/docs/upgrading/upgrade-to-1.16.x.mdx
index e5afe868a3..f9b081ddf0 100644
--- a/content/vault/v1.18.x/content/docs/upgrading/upgrade-to-1.16.x.mdx
+++ b/content/vault/v1.18.x/content/docs/upgrading/upgrade-to-1.16.x.mdx
@@ -301,4 +301,6 @@ more details, and information about opt-out.
 
 @include 'known-issues/sync-activation-flags-cache-not-updated.mdx'
 
-@include 'known-issues/enterprise-plugins.mdx'
\ No newline at end of file
+@include 'known-issues/enterprise-plugins.mdx'
+
+@include '../../../global/partials/important-changes/known-issue/multi-seal-rewrap.mdx'
diff --git a/content/vault/v1.18.x/content/docs/upgrading/upgrade-to-1.18.x.mdx b/content/vault/v1.18.x/content/docs/upgrading/upgrade-to-1.18.x.mdx
index bb5472314b..60f4008be7 100644
--- a/content/vault/v1.18.x/content/docs/upgrading/upgrade-to-1.18.x.mdx
+++ b/content/vault/v1.18.x/content/docs/upgrading/upgrade-to-1.18.x.mdx
@@ -246,3 +246,5 @@ If you use `file` audit devices, you need to:
 @include 'known-issues/azure-auth-fails-uniform-vmss.mdx'
 
 @include 'known-issues/enterprise-plugins.mdx'
+
+@include '../../../global/partials/important-changes/known-issue/multi-seal-rewrap.mdx'
diff --git a/content/vault/v1.18.x/content/partials/known-issues/multi-seal-rewrap.mdx b/content/vault/v1.18.x/content/partials/known-issues/multi-seal-rewrap.mdx
deleted file mode 100644
index f038b23b10..0000000000
--- a/content/vault/v1.18.x/content/partials/known-issues/multi-seal-rewrap.mdx
+++ /dev/null
@@ -1,12 +0,0 @@
-### Full seal rewraps occur on DR/PR failover with multi-seal enabled ((#multi-seal-rewrap)) <EnterpriseAlert inline="true" />
-
-| Change      | Affected versions                              | Fixed version |
-|-------------|------------------------------------------------|---------------|
-| Known issue | 1.20.x+ent, 1.19.x+ent, 1.18.x+ent, 1.16.x+ent | None          |
-
-When failing over to a DR or performance cluster with `enable_multiseal = true`, a full rewrap occurs. This
-can lead to performance degradation until the rewrap operation completes.
-
-#### Recommendation
-
-No workaround is available at this time, short of disabling multi-seal support.

From 035d247b778d887b65a62832292d357ec1653b43 Mon Sep 17 00:00:00 2001
From: Steven Clark <steven.clark@hashicorp.com>
Date: Thu, 25 Sep 2025 15:01:01 -0400
Subject: [PATCH 3/4] Apply suggestions from code review

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
---
 .../important-changes/known-issue/multi-seal-rewrap.mdx     | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/content/vault/global/partials/important-changes/known-issue/multi-seal-rewrap.mdx b/content/vault/global/partials/important-changes/known-issue/multi-seal-rewrap.mdx
index f038b23b10..b60c437bf7 100644
--- a/content/vault/global/partials/important-changes/known-issue/multi-seal-rewrap.mdx
+++ b/content/vault/global/partials/important-changes/known-issue/multi-seal-rewrap.mdx
@@ -4,9 +4,9 @@
 |-------------|------------------------------------------------|---------------|
 | Known issue | 1.20.x+ent, 1.19.x+ent, 1.18.x+ent, 1.16.x+ent | None          |
 
-When failing over to a DR or performance cluster with `enable_multiseal = true`, a full rewrap occurs. This
-can lead to performance degradation until the rewrap operation completes.
+A full rewrap happens when Vault fails over to a DR or performance cluster with `enable_multiseal = true`.
+The rewrap can lead to performance degradation until the rewrap operation completes.
 
 #### Recommendation
 
-No workaround is available at this time, short of disabling multi-seal support.
+The only workaround is to disable multi-seal support.

From 5252f4e73f217649f69dd7bc9c5d5d79af1d8f7f Mon Sep 17 00:00:00 2001
From: Steven Clark <steven.clark@hashicorp.com>
Date: Thu, 25 Sep 2025 15:13:24 -0400
Subject: [PATCH 4/4] Use partial instead of cloning the content

---
 .../content/docs/updates/important-changes.mdx      | 13 +------------
 .../content/docs/updates/important-changes.mdx      | 13 +------------
 2 files changed, 2 insertions(+), 24 deletions(-)

diff --git a/content/vault/v1.19.x/content/docs/updates/important-changes.mdx b/content/vault/v1.19.x/content/docs/updates/important-changes.mdx
index 8a1e032438..c610804ee7 100644
--- a/content/vault/v1.19.x/content/docs/updates/important-changes.mdx
+++ b/content/vault/v1.19.x/content/docs/updates/important-changes.mdx
@@ -517,15 +517,4 @@ filters you have two options:
 1. Spread them out among the nodes of the Vault cluster.
 1. Only subscribe to events on the active node of the cluster.
 
-### Full seal rewraps occur on DR/PR failover with multi-seal enabled ((#multi-seal-rewrap)) <EnterpriseAlert inline="true" />
-
-| Change      | Affected versions                              | Fixed version |
-|-------------|------------------------------------------------|---------------|
-| Known issue | 1.20.x+ent, 1.19.x+ent, 1.18.x+ent, 1.16.x+ent | None          |
-
-When failing over to a DR or performance cluster with `enable_multiseal = true`, a full rewrap occurs. This
-can lead to performance degradation until the rewrap operation completes.
-
-#### Recommendation
-
-No workaround is available at this time, short of disabling multi-seal support.
\ No newline at end of file
+@include '../../../global/partials/important-changes/known-issue/multi-seal-rewrap.mdx'
\ No newline at end of file
diff --git a/content/vault/v1.20.x/content/docs/updates/important-changes.mdx b/content/vault/v1.20.x/content/docs/updates/important-changes.mdx
index bda1ff7824..03a7442d40 100644
--- a/content/vault/v1.20.x/content/docs/updates/important-changes.mdx
+++ b/content/vault/v1.20.x/content/docs/updates/important-changes.mdx
@@ -401,15 +401,4 @@ filters you have two options:
 1. Spread them out among the nodes of the Vault cluster.
 1. Only subscribe to events on the active node of the cluster.
 
-### Full seal rewraps occur on DR/PR failover with multi-seal enabled ((#multi-seal-rewrap)) <EnterpriseAlert inline="true" />
-
-| Change      | Affected versions                              | Fixed version |
-|-------------|------------------------------------------------|---------------|
-| Known issue | 1.20.x+ent, 1.19.x+ent, 1.18.x+ent, 1.16.x+ent | None          |
-
-When failing over to a DR or performance cluster with `enable_multiseal = true`, a full rewrap occurs. This
-can lead to performance degradation until the rewrap operation completes.
-
-#### Recommendation
-
-No workaround is available at this time, short of disabling multi-seal support.
\ No newline at end of file
+@include '../../../global/partials/important-changes/known-issue/multi-seal-rewrap.mdx'
\ No newline at end of file