Skip to content
  • v0.10.0
  • 62ba8f0
  • Compare
    Choose a tag to compare
    Search for a tag
  • v0.10.0
  • 62ba8f0
  • Compare
    Choose a tag to compare
    Search for a tag

@release-drafter release-drafter released this Feb 27, 2020

🚀 Features

  • Add a correct endpoint for CRL retrieving . GH-547

📚 Documentation

  • Fixes close quotes in example usage of read_secret_version. GH-557
  • Fixes typo in docs: much -> must. GH-555

🧰 Miscellaneous

  • Don't send optional parameters unless explicitly specified. GH-533

Note: GH-533 includes fundamental behavior involving sending parameters
to API requests to Vault. Many hvac method parameters that would have been sent with default arguments no
longer are included in requests to Vault. Notably, the following behavioral changes should be expected (copied from the
related PR comments):


  • CHANGED: create_role parameter policies now accepts CSV string or list of strings


  • CHANGED: create_role documentation updated to something meaningful 🙃


  • configure parameter google_certs_endpoint is deprecated
  • create_role parameter project_id is deprecated by bound_projects (list)


  • configure is missing a lot of parameters


  • CHANGED: configure parameters user_dn and group_dn made optional
    • Retained argument position to prevent being a breaking change
  • CHANGED: hvac/constants/ file removed as it is no longer used


  • This entire endpoint is deprecated so I didn't bother updating it


  • CHANGED: configure parameter base_url default value now differs from API documentation
  • register_user, read_user, and delete_user duplicate URL parameter username in JSON payload
    • I left this one as-is as it doesn't appear to hurt anything
  • Ditto for delete_group, but register_group and list_group correctly omit it


  • CHANGED: sign_data and verify_signed_data optional parameter marshaling_algorithm added


  • configure is missing a lot of parameters
  • BUG: register_user attempted to convert username string into a CSV list (?!) for POST data
    • Didn't hurt anything as username is extracted from URL path in Vault server
  • BUG: register_user parameter policies never actually passed as parameter

System Backend:

  • Auth
    • enable_auth_method parameter plugin_name is deprecated
    • CHANGED: enable_audit_device optional parameter local was added
  • Init
    • initialize provides default for required API parameters secret_shares and secret_threshold
  • Key
    • start_root_token_generation parameter otp is deprecated


  • There seems to be some discrepancy on how "extra arguments" are accepted:
    • Some methods use only **kwargs (e.g. hvac/api/system_backend/
    • Some use *args and **kwargs (e.g. hvac/api/secrets_engines/
    • hvac/api/secrets_engines/ uses extra_params={}
  • Most argument names match API parameter names, but some don't
    • Example: hvac/api/auth_methods/ configure uses user_dn instead of userdn
    • Example: hvac/api/system_backend/ configure uses method_type instead of type
  • Many methods duplicate URL parameters into JSON payload as well
    • This isn't necessary and fortunately Vault ignores the extra parameters
  • ttl, max_ttl, policies, period, num_uses and a few other fields are deprecated as of Vault version 1.2.0

Thanks to @findmyname666, @llamasoft, @moisesguimaraes, @philherbert and Adrian Eib for their lovely contributions.

Assets 2
You can’t perform that action at this time.