Skip to content

Bump the terraform-providers group across 2 directories with 1 update#1

Merged
mahauber merged 1 commit into
mainfrom
dependabot/terraform/modules/landing-zone/terraform-providers-4005ec76a4
Feb 27, 2026
Merged

Bump the terraform-providers group across 2 directories with 1 update#1
mahauber merged 1 commit into
mainfrom
dependabot/terraform/modules/landing-zone/terraform-providers-4005ec76a4

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Feb 27, 2026

Bumps the terraform-providers group with 1 update in the /modules/landing-zone directory: hashicorp/vault.
Bumps the terraform-providers group with 1 update in the /modules/management directory: hashicorp/vault.

Updates hashicorp/vault from 5.6.0 to 5.7.0

Release notes

Sourced from hashicorp/vault's releases.

v5.7.0

5.7.0 (February 5, 2026)

FEATURES:

  • New Ephemeral Resource: vault_approle_auth_backend_role_secret_id - Generate AppRole SecretIDs on-demand with automatic cleanup. Requires Terraform 1.10+.(#2745)
  • New Ephemeral Resource: Add Kubernetes service account token ephemeral resource vault_kubernetes_service_account_token: (#2712)

IMPROVEMENTS:

  • vault_kmip_secret_role: Add support for additional KMIP operation fields (operation_import, operation_query, operation_encrypt, operation_decrypt, operation_create_key_pair, operation_delete_attribute, operation_rng_retrieve, operation_mac, operation_signature_verify, operation_sign, operation_rng_seed, operation_modify_attribute, operation_mac_verify, operation_rekey_key_pair) to grant granular permissions for KMIP operations. (#2744)

  • vault_saml_auth_backend: Add support for validate_assertion_signature and validate_response_signature parameters to control SAML signature validation (Vault 1.19+)

  • vault_approle_auth_backend_login: Add write-only fields secret_id_wo and secret_id_wo_version to support ephemeral SecretID values without persisting them in state.(#2745)

  • vault_password_policy: Add field entropy_source field to specify an override to the default source of entropy (randomness) used to generate the passwords.(#2753)

  • vault_mfa_totp: Add support for max_validation_attempts field to configure the maximum number of consecutive failed validation attempts allowed. (#2751)

  • vault_mongodbatlas_secret_backend: Add support for write-only private key fields (private_key_wo, private_key_wo_version) to prevent sensitive credentials from being stored in Terraform state. (#2741)

  • vault_consul_secret_backend: Add support for write-only fields (token_wo, token_wo_version, client_key_wo, client_key_wo_version) to prevent sensitive credentials from being stored in Terraform state. (#2730)

  • vault_azure_auth_backend_config: Add support for write-only client secret fields (client_secret_wo, client_secret_wo_version) to prevent sensitive credentials from being stored in Terraform state. (#2726)

  • vault_azure_secret_backend: Add support for write-only client_secret_wo and client_secret_wo_version fields to configure the client secret without storing it in state. Requires Terraform 1.11+. (#2721)

  • vault_aws_secret_backend: Add write-only secret_key_wo and secret_key_wo_version fields to allow configuring the AWS secret key without storing it in Terraform state (#2713)

  • vault_gcp_auth_backend: Add write-only credential support via credentials_wo and credentials_wo_version fields (#2724)

  • vault_ldap_auth_backend: Add write-only field support for bindpass via bindpass_wo and bindpass_wo_version attributes (#2716)

  • vault_ldap_secret_backend: Add write-only field support for bindpass via bindpass_wo and bindpass_wo_version attributes (#2719)

  • vault_aws_auth_backend_client: Add write-only field support for secret_key (secret_key_wo and secret_key_wo_version) to prevent sensitive AWS credentials from being stored in Terraform state. (#2717)

  • vault_jwt_auth_backend: Add support for write-only oidc_client_secret_wo and oidc_client_secret_wo_version fields to prevent storing sensitive OIDC client secrets in Terraform state. (#2714)

  • vault_cert_auth_backend_role: Add support for ocsp_max_retries and ocsp_this_update_max_age fields for OCSP configuration. Requires Vault 1.16+. (#2749)

  • vault_kubernetes_auth_backend_config: Add support for write-only token_reviewer_jwt_wo field with token_reviewer_jwt_wo_version to prevent sensitive JWT token from being stored in Terraform state (#2715)

  • vault_kubernetes_secret_backend: Add write-only fields service_account_jwt_wo and service_account_jwt_wo_version for managing service account JWT credentials without storing them in state.(#2720)

  • vault_nomad_secret_backend: Add support for write-only fields token_wo and client_key_wo with version counters to prevent sensitive credentials from being stored in Terraform state. (#2729)

  • Add support for fields: context,managed_key_name,managed_key_id in vault_transit_secret_backend_key resource. (#2743)

  • vault_rabbitmq_secret_backend: Add support for write-only password_wo and password_wo_version fields to configure the password without storing it in state. Requires Terraform 1.11+. (#2733)

  • vault_approle_auth_backend_role_secret_id: Add support for token_bound_cidrs parameter to specify blocks of IP addresses which can use the auth tokens generated by a SecretID. (#2718)

  • vault_secrets_sync_gcp_destination: Add support for replication field (replication_locations; Vault 1.18+), networking allowlist fields (allowed_ipv4_addresses, allowed_ipv6_addresses, allowed_ports, disable_strict_networking; Vault 1.19+), and encryption fields (global_kms_key, locational_kms_keys; Vault 1.19+) in vault_secrets_sync_gcp_destination resource. (#2699)

  • Add support for networking allowlist fields (allowed_ipv4_addresses, allowed_ipv6_addresses, allowed_ports, disable_strict_networking) in vault_secrets_sync_azure_destination resource. Requires Vault 1.19+. (#2702)

  • vault_database_secret_backend_connection: Add support for MongoDB write_concern parameter and TLS parameters (tls_ca, tls_certificate_key) (#2678)

  • Add support for username_template parameter in vault_database_secret_backend_connection and vault_database_secrets_mount resource for MongoDB Atlas(#2674)

  • Add support for username_template parameter in vault_database_secret_backend_connection and vault_database_secrets_mount resources for HANADB connections: (#2671)

  • Add support for networking allowlist fields (allowed_ipv4_addresses, allowed_ipv6_addresses, allowed_ports, disable_strict_networking) in vault_secrets_sync_vercel_destination resource. Requires Vault 1.19+. (#2681)

  • Add support for configuration parameters (allowed_ipv4_addresses,allowed_ipv6_addresses,allowed_ports,disable_strict_networking,secrets_location,environment_name) in vault_secrets_sync_gh_destination resource. Requires Vault 1.18+ for secrets_location,environment_name.Requires Vault 1.19+ for allowed_ipv4_addresses,allowed_ipv6_addresses,allowed_ports,disable_strict_networking.(#2697).

  • Add support for tls_server_name , local_datacenter, socket_keep_alive, consistency and username_template parameters for Cassandra in vault_database_secret_backend_connection resource. (#2677)

  • vault_secrets_sync_aws_destination: Add support for networking configuration parameters allowed_ipv4_addresses, allowed_ipv6_addresses, allowed_ports, and disable_strict_networking to control outbound connections from Vault to AWS Secrets Manager. Requires Vault 1.19.0+.(#2698)

  • Updated dependencies:

    • github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0 -> v2.1.1

  • Docs: fix heredoc example for LDAP dynamic role LDIFs ([#2728]hashicorp/terraform-provider-vault#2728)

  • Docs: Update example to use write-only attribute ([#2731]hashicorp/terraform-provider-vault#2731)

  • Add support for local_secret_ids which may only be set at role creation. On updates the provider will send the original creation value to Vault to avoid unintentionally attempting to modify this immutable setting.The provider now surfaces Vault's native immutability error when an update attempts to change local_secret_ids.(#2723)

BUGS:

... (truncated)

Changelog

Sourced from hashicorp/vault's changelog.

5.7.0 (February 5, 2026)

FEATURES:

  • New Ephemeral Resource: vault_approle_auth_backend_role_secret_id - Generate AppRole SecretIDs on-demand with automatic cleanup. Requires Terraform 1.10+.(#2745)
  • New Ephemeral Resource: Add Kubernetes service account token ephemeral resource vault_kubernetes_service_account_token: (#2712)

IMPROVEMENTS:

  • vault_kmip_secret_role: Add support for additional KMIP operation fields (operation_import, operation_query, operation_encrypt, operation_decrypt, operation_create_key_pair, operation_delete_attribute, operation_rng_retrieve, operation_mac, operation_signature_verify, operation_sign, operation_rng_seed, operation_modify_attribute, operation_mac_verify, operation_rekey_key_pair) to grant granular permissions for KMIP operations. (#2744)

  • vault_saml_auth_backend: Add support for validate_assertion_signature and validate_response_signature parameters to control SAML signature validation (Vault 1.19+)

  • vault_approle_auth_backend_login: Add write-only fields secret_id_wo and secret_id_wo_version to support ephemeral SecretID values without persisting them in state.(#2745)

  • vault_password_policy: Add field entropy_source field to specify an override to the default source of entropy (randomness) used to generate the passwords.(#2753)

  • vault_mfa_totp: Add support for max_validation_attempts field to configure the maximum number of consecutive failed validation attempts allowed. (#2751)

  • vault_mongodbatlas_secret_backend: Add support for write-only private key fields (private_key_wo, private_key_wo_version) to prevent sensitive credentials from being stored in Terraform state. (#2741)

  • vault_consul_secret_backend: Add support for write-only fields (token_wo, token_wo_version, client_key_wo, client_key_wo_version) to prevent sensitive credentials from being stored in Terraform state. (#2730)

  • vault_azure_auth_backend_config: Add support for write-only client secret fields (client_secret_wo, client_secret_wo_version) to prevent sensitive credentials from being stored in Terraform state. (#2726)

  • vault_azure_secret_backend: Add support for write-only client_secret_wo and client_secret_wo_version fields to configure the client secret without storing it in state. Requires Terraform 1.11+. (#2721)

  • vault_aws_secret_backend: Add write-only secret_key_wo and secret_key_wo_version fields to allow configuring the AWS secret key without storing it in Terraform state (#2713)

  • vault_gcp_auth_backend: Add write-only credential support via credentials_wo and credentials_wo_version fields (#2724)

  • vault_ldap_auth_backend: Add write-only field support for bindpass via bindpass_wo and bindpass_wo_version attributes (#2716)

  • vault_ldap_secret_backend: Add write-only field support for bindpass via bindpass_wo and bindpass_wo_version attributes (#2719)

  • vault_aws_auth_backend_client: Add write-only field support for secret_key (secret_key_wo and secret_key_wo_version) to prevent sensitive AWS credentials from being stored in Terraform state. (#2717)

  • vault_jwt_auth_backend: Add support for write-only oidc_client_secret_wo and oidc_client_secret_wo_version fields to prevent storing sensitive OIDC client secrets in Terraform state. (#2714)

  • vault_cert_auth_backend_role: Add support for ocsp_max_retries and ocsp_this_update_max_age fields for OCSP configuration. Requires Vault 1.16+. (#2749)

  • vault_kubernetes_auth_backend_config: Add support for write-only token_reviewer_jwt_wo field with token_reviewer_jwt_wo_version to prevent sensitive JWT token from being stored in Terraform state (#2715)

  • vault_kubernetes_secret_backend: Add write-only fields service_account_jwt_wo and service_account_jwt_wo_version for managing service account JWT credentials without storing them in state.(#2720)

  • vault_nomad_secret_backend: Add support for write-only fields token_wo and client_key_wo with version counters to prevent sensitive credentials from being stored in Terraform state. (#2729)

  • Add support for fields: context,managed_key_name,managed_key_id in vault_transit_secret_backend_key resource. (#2743)

  • vault_rabbitmq_secret_backend: Add support for write-only password_wo and password_wo_version fields to configure the password without storing it in state. Requires Terraform 1.11+. (#2733)

  • vault_approle_auth_backend_role_secret_id: Add support for token_bound_cidrs parameter to specify blocks of IP addresses which can use the auth tokens generated by a SecretID. (#2718)

  • vault_secrets_sync_gcp_destination: Add support for replication field (replication_locations; Vault 1.18+), networking allowlist fields (allowed_ipv4_addresses, allowed_ipv6_addresses, allowed_ports, disable_strict_networking; Vault 1.19+), and encryption fields (global_kms_key, locational_kms_keys; Vault 1.19+) in vault_secrets_sync_gcp_destination resource. (#2699)

  • Add support for networking allowlist fields (allowed_ipv4_addresses, allowed_ipv6_addresses, allowed_ports, disable_strict_networking) in vault_secrets_sync_azure_destination resource. Requires Vault 1.19+. (#2702)

  • vault_database_secret_backend_connection: Add support for MongoDB write_concern parameter and TLS parameters (tls_ca, tls_certificate_key) (#2678)

  • Add support for username_template parameter in vault_database_secret_backend_connection and vault_database_secrets_mount resource for MongoDB Atlas(#2674)

  • Add support for username_template parameter in vault_database_secret_backend_connection and vault_database_secrets_mount resources for HANADB connections: (#2671)

  • Add support for networking allowlist fields (allowed_ipv4_addresses, allowed_ipv6_addresses, allowed_ports, disable_strict_networking) in vault_secrets_sync_vercel_destination resource. Requires Vault 1.19+. (#2681)

  • Add support for configuration parameters (allowed_ipv4_addresses,allowed_ipv6_addresses,allowed_ports,disable_strict_networking,secrets_location,environment_name) in vault_secrets_sync_gh_destination resource. Requires Vault 1.18+ for secrets_location,environment_name.Requires Vault 1.19+ for allowed_ipv4_addresses,allowed_ipv6_addresses,allowed_ports,disable_strict_networking.(#2697).

  • Add support for tls_server_name , local_datacenter, socket_keep_alive, consistency and username_template parameters for Cassandra in vault_database_secret_backend_connection resource. (#2677)

  • vault_secrets_sync_aws_destination: Add support for networking configuration parameters allowed_ipv4_addresses, allowed_ipv6_addresses, allowed_ports, and disable_strict_networking to control outbound connections from Vault to AWS Secrets Manager. Requires Vault 1.19.0+.(#2698)

  • Updated dependencies:

    • github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0 -> v2.1.1

  • Docs: fix heredoc example for LDAP dynamic role LDIFs ([#2728]hashicorp/terraform-provider-vault#2728)

  • Docs: Update example to use write-only attribute ([#2731]hashicorp/terraform-provider-vault#2731)

  • vault_database_secret_backend_connection: Add support for top-level plugin_version and password_policy fields to allow configuration at the resource level in addition to engine-specific blocks. (#2748)

  • vault_database_secret_backend_connection: Add support for skip_static_role_import_rotation field to skip initial password rotation when creating static roles. This value is inherited by static roles that do not explicitly set skip_import_rotation. Requires Vault 1.19+ Enterprise. (#2748)

  • vault_database_secret_backend_static_role: The skip_import_rotation field now correctly reads Vault's computed value into state. When not set in config, it inherits from the connection's skip_static_role_import_rotation setting. Requires Vault 1.19+ Enterprise. (#2748)

  • vault_database_secret_mount: Added plugin_version,skip_static_role_import_rotation and password_policy fields to allow configuration at the resource level(#2748)

... (truncated)

Commits
  • 0a2bf05 Prepare for 5.7.0 release (#2764)
  • d6a7a08 secrets/kmip: Add new operation fields in KMIP Secret Engine Role. (#2744)
  • fb25e21 AppRole Auth Method for vault_approle_auth_backend_role resource, include loc...
  • 7fb79e8 Implementation in vault_password_policy to add entropy_source field. (#2753)
  • 3f580c3 Add support for validate_assertion_signature and validate_response_signature ...
  • b78a3cf Support for ocsp_max_retries and ocsp_this_update_max_age in vault_cert_auth_...
  • 6ca22ed added token_bound_cidrs in vault_approle_auth_backend_role_secret_id (#2718)
  • 9f993e9 Add ephemeral resource for approle_auth_backend_role_secret_id and add write ...
  • fb4abc3 Spurious diff issue code optimisation (#2752)
  • cd50206 add vault_kubernetes_service_account_token ephemeral resource (#2712)
  • Additional commits viewable in compare view

Updates hashicorp/vault from 5.6.0 to 5.7.0

Release notes

Sourced from hashicorp/vault's releases.

v5.7.0

5.7.0 (February 5, 2026)

FEATURES:

  • New Ephemeral Resource: vault_approle_auth_backend_role_secret_id - Generate AppRole SecretIDs on-demand with automatic cleanup. Requires Terraform 1.10+.(#2745)
  • New Ephemeral Resource: Add Kubernetes service account token ephemeral resource vault_kubernetes_service_account_token: (#2712)

IMPROVEMENTS:

  • vault_kmip_secret_role: Add support for additional KMIP operation fields (operation_import, operation_query, operation_encrypt, operation_decrypt, operation_create_key_pair, operation_delete_attribute, operation_rng_retrieve, operation_mac, operation_signature_verify, operation_sign, operation_rng_seed, operation_modify_attribute, operation_mac_verify, operation_rekey_key_pair) to grant granular permissions for KMIP operations. (#2744)

  • vault_saml_auth_backend: Add support for validate_assertion_signature and validate_response_signature parameters to control SAML signature validation (Vault 1.19+)

  • vault_approle_auth_backend_login: Add write-only fields secret_id_wo and secret_id_wo_version to support ephemeral SecretID values without persisting them in state.(#2745)

  • vault_password_policy: Add field entropy_source field to specify an override to the default source of entropy (randomness) used to generate the passwords.(#2753)

  • vault_mfa_totp: Add support for max_validation_attempts field to configure the maximum number of consecutive failed validation attempts allowed. (#2751)

  • vault_mongodbatlas_secret_backend: Add support for write-only private key fields (private_key_wo, private_key_wo_version) to prevent sensitive credentials from being stored in Terraform state. (#2741)

  • vault_consul_secret_backend: Add support for write-only fields (token_wo, token_wo_version, client_key_wo, client_key_wo_version) to prevent sensitive credentials from being stored in Terraform state. (#2730)

  • vault_azure_auth_backend_config: Add support for write-only client secret fields (client_secret_wo, client_secret_wo_version) to prevent sensitive credentials from being stored in Terraform state. (#2726)

  • vault_azure_secret_backend: Add support for write-only client_secret_wo and client_secret_wo_version fields to configure the client secret without storing it in state. Requires Terraform 1.11+. (#2721)

  • vault_aws_secret_backend: Add write-only secret_key_wo and secret_key_wo_version fields to allow configuring the AWS secret key without storing it in Terraform state (#2713)

  • vault_gcp_auth_backend: Add write-only credential support via credentials_wo and credentials_wo_version fields (#2724)

  • vault_ldap_auth_backend: Add write-only field support for bindpass via bindpass_wo and bindpass_wo_version attributes (#2716)

  • vault_ldap_secret_backend: Add write-only field support for bindpass via bindpass_wo and bindpass_wo_version attributes (#2719)

  • vault_aws_auth_backend_client: Add write-only field support for secret_key (secret_key_wo and secret_key_wo_version) to prevent sensitive AWS credentials from being stored in Terraform state. (#2717)

  • vault_jwt_auth_backend: Add support for write-only oidc_client_secret_wo and oidc_client_secret_wo_version fields to prevent storing sensitive OIDC client secrets in Terraform state. (#2714)

  • vault_cert_auth_backend_role: Add support for ocsp_max_retries and ocsp_this_update_max_age fields for OCSP configuration. Requires Vault 1.16+. (#2749)

  • vault_kubernetes_auth_backend_config: Add support for write-only token_reviewer_jwt_wo field with token_reviewer_jwt_wo_version to prevent sensitive JWT token from being stored in Terraform state (#2715)

  • vault_kubernetes_secret_backend: Add write-only fields service_account_jwt_wo and service_account_jwt_wo_version for managing service account JWT credentials without storing them in state.(#2720)

  • vault_nomad_secret_backend: Add support for write-only fields token_wo and client_key_wo with version counters to prevent sensitive credentials from being stored in Terraform state. (#2729)

  • Add support for fields: context,managed_key_name,managed_key_id in vault_transit_secret_backend_key resource. (#2743)

  • vault_rabbitmq_secret_backend: Add support for write-only password_wo and password_wo_version fields to configure the password without storing it in state. Requires Terraform 1.11+. (#2733)

  • vault_approle_auth_backend_role_secret_id: Add support for token_bound_cidrs parameter to specify blocks of IP addresses which can use the auth tokens generated by a SecretID. (#2718)

  • vault_secrets_sync_gcp_destination: Add support for replication field (replication_locations; Vault 1.18+), networking allowlist fields (allowed_ipv4_addresses, allowed_ipv6_addresses, allowed_ports, disable_strict_networking; Vault 1.19+), and encryption fields (global_kms_key, locational_kms_keys; Vault 1.19+) in vault_secrets_sync_gcp_destination resource. (#2699)

  • Add support for networking allowlist fields (allowed_ipv4_addresses, allowed_ipv6_addresses, allowed_ports, disable_strict_networking) in vault_secrets_sync_azure_destination resource. Requires Vault 1.19+. (#2702)

  • vault_database_secret_backend_connection: Add support for MongoDB write_concern parameter and TLS parameters (tls_ca, tls_certificate_key) (#2678)

  • Add support for username_template parameter in vault_database_secret_backend_connection and vault_database_secrets_mount resource for MongoDB Atlas(#2674)

  • Add support for username_template parameter in vault_database_secret_backend_connection and vault_database_secrets_mount resources for HANADB connections: (#2671)

  • Add support for networking allowlist fields (allowed_ipv4_addresses, allowed_ipv6_addresses, allowed_ports, disable_strict_networking) in vault_secrets_sync_vercel_destination resource. Requires Vault 1.19+. (#2681)

  • Add support for configuration parameters (allowed_ipv4_addresses,allowed_ipv6_addresses,allowed_ports,disable_strict_networking,secrets_location,environment_name) in vault_secrets_sync_gh_destination resource. Requires Vault 1.18+ for secrets_location,environment_name.Requires Vault 1.19+ for allowed_ipv4_addresses,allowed_ipv6_addresses,allowed_ports,disable_strict_networking.(#2697).

  • Add support for tls_server_name , local_datacenter, socket_keep_alive, consistency and username_template parameters for Cassandra in vault_database_secret_backend_connection resource. (#2677)

  • vault_secrets_sync_aws_destination: Add support for networking configuration parameters allowed_ipv4_addresses, allowed_ipv6_addresses, allowed_ports, and disable_strict_networking to control outbound connections from Vault to AWS Secrets Manager. Requires Vault 1.19.0+.(#2698)

  • Updated dependencies:

    • github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0 -> v2.1.1

  • Docs: fix heredoc example for LDAP dynamic role LDIFs ([#2728]hashicorp/terraform-provider-vault#2728)

  • Docs: Update example to use write-only attribute ([#2731]hashicorp/terraform-provider-vault#2731)

  • Add support for local_secret_ids which may only be set at role creation. On updates the provider will send the original creation value to Vault to avoid unintentionally attempting to modify this immutable setting.The provider now surfaces Vault's native immutability error when an update attempts to change local_secret_ids.(#2723)

BUGS:

... (truncated)

Changelog

Sourced from hashicorp/vault's changelog.

5.7.0 (February 5, 2026)

FEATURES:

  • New Ephemeral Resource: vault_approle_auth_backend_role_secret_id - Generate AppRole SecretIDs on-demand with automatic cleanup. Requires Terraform 1.10+.(#2745)
  • New Ephemeral Resource: Add Kubernetes service account token ephemeral resource vault_kubernetes_service_account_token: (#2712)

IMPROVEMENTS:

  • vault_kmip_secret_role: Add support for additional KMIP operation fields (operation_import, operation_query, operation_encrypt, operation_decrypt, operation_create_key_pair, operation_delete_attribute, operation_rng_retrieve, operation_mac, operation_signature_verify, operation_sign, operation_rng_seed, operation_modify_attribute, operation_mac_verify, operation_rekey_key_pair) to grant granular permissions for KMIP operations. (#2744)

  • vault_saml_auth_backend: Add support for validate_assertion_signature and validate_response_signature parameters to control SAML signature validation (Vault 1.19+)

  • vault_approle_auth_backend_login: Add write-only fields secret_id_wo and secret_id_wo_version to support ephemeral SecretID values without persisting them in state.(#2745)

  • vault_password_policy: Add field entropy_source field to specify an override to the default source of entropy (randomness) used to generate the passwords.(#2753)

  • vault_mfa_totp: Add support for max_validation_attempts field to configure the maximum number of consecutive failed validation attempts allowed. (#2751)

  • vault_mongodbatlas_secret_backend: Add support for write-only private key fields (private_key_wo, private_key_wo_version) to prevent sensitive credentials from being stored in Terraform state. (#2741)

  • vault_consul_secret_backend: Add support for write-only fields (token_wo, token_wo_version, client_key_wo, client_key_wo_version) to prevent sensitive credentials from being stored in Terraform state. (#2730)

  • vault_azure_auth_backend_config: Add support for write-only client secret fields (client_secret_wo, client_secret_wo_version) to prevent sensitive credentials from being stored in Terraform state. (#2726)

  • vault_azure_secret_backend: Add support for write-only client_secret_wo and client_secret_wo_version fields to configure the client secret without storing it in state. Requires Terraform 1.11+. (#2721)

  • vault_aws_secret_backend: Add write-only secret_key_wo and secret_key_wo_version fields to allow configuring the AWS secret key without storing it in Terraform state (#2713)

  • vault_gcp_auth_backend: Add write-only credential support via credentials_wo and credentials_wo_version fields (#2724)

  • vault_ldap_auth_backend: Add write-only field support for bindpass via bindpass_wo and bindpass_wo_version attributes (#2716)

  • vault_ldap_secret_backend: Add write-only field support for bindpass via bindpass_wo and bindpass_wo_version attributes (#2719)

  • vault_aws_auth_backend_client: Add write-only field support for secret_key (secret_key_wo and secret_key_wo_version) to prevent sensitive AWS credentials from being stored in Terraform state. (#2717)

  • vault_jwt_auth_backend: Add support for write-only oidc_client_secret_wo and oidc_client_secret_wo_version fields to prevent storing sensitive OIDC client secrets in Terraform state. (#2714)

  • vault_cert_auth_backend_role: Add support for ocsp_max_retries and ocsp_this_update_max_age fields for OCSP configuration. Requires Vault 1.16+. (#2749)

  • vault_kubernetes_auth_backend_config: Add support for write-only token_reviewer_jwt_wo field with token_reviewer_jwt_wo_version to prevent sensitive JWT token from being stored in Terraform state (#2715)

  • vault_kubernetes_secret_backend: Add write-only fields service_account_jwt_wo and service_account_jwt_wo_version for managing service account JWT credentials without storing them in state.(#2720)

  • vault_nomad_secret_backend: Add support for write-only fields token_wo and client_key_wo with version counters to prevent sensitive credentials from being stored in Terraform state. (#2729)

  • Add support for fields: context,managed_key_name,managed_key_id in vault_transit_secret_backend_key resource. (#2743)

  • vault_rabbitmq_secret_backend: Add support for write-only password_wo and password_wo_version fields to configure the password without storing it in state. Requires Terraform 1.11+. (#2733)

  • vault_approle_auth_backend_role_secret_id: Add support for token_bound_cidrs parameter to specify blocks of IP addresses which can use the auth tokens generated by a SecretID. (#2718)

  • vault_secrets_sync_gcp_destination: Add support for replication field (replication_locations; Vault 1.18+), networking allowlist fields (allowed_ipv4_addresses, allowed_ipv6_addresses, allowed_ports, disable_strict_networking; Vault 1.19+), and encryption fields (global_kms_key, locational_kms_keys; Vault 1.19+) in vault_secrets_sync_gcp_destination resource. (#2699)

  • Add support for networking allowlist fields (allowed_ipv4_addresses, allowed_ipv6_addresses, allowed_ports, disable_strict_networking) in vault_secrets_sync_azure_destination resource. Requires Vault 1.19+. (#2702)

  • vault_database_secret_backend_connection: Add support for MongoDB write_concern parameter and TLS parameters (tls_ca, tls_certificate_key) (#2678)

  • Add support for username_template parameter in vault_database_secret_backend_connection and vault_database_secrets_mount resource for MongoDB Atlas(#2674)

  • Add support for username_template parameter in vault_database_secret_backend_connection and vault_database_secrets_mount resources for HANADB connections: (#2671)

  • Add support for networking allowlist fields (allowed_ipv4_addresses, allowed_ipv6_addresses, allowed_ports, disable_strict_networking) in vault_secrets_sync_vercel_destination resource. Requires Vault 1.19+. (#2681)

  • Add support for configuration parameters (allowed_ipv4_addresses,allowed_ipv6_addresses,allowed_ports,disable_strict_networking,secrets_location,environment_name) in vault_secrets_sync_gh_destination resource. Requires Vault 1.18+ for secrets_location,environment_name.Requires Vault 1.19+ for allowed_ipv4_addresses,allowed_ipv6_addresses,allowed_ports,disable_strict_networking.(#2697).

  • Add support for tls_server_name , local_datacenter, socket_keep_alive, consistency and username_template parameters for Cassandra in vault_database_secret_backend_connection resource. (#2677)

  • vault_secrets_sync_aws_destination: Add support for networking configuration parameters allowed_ipv4_addresses, allowed_ipv6_addresses, allowed_ports, and disable_strict_networking to control outbound connections from Vault to AWS Secrets Manager. Requires Vault 1.19.0+.(#2698)

  • Updated dependencies:

    • github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0 -> v2.1.1

  • Docs: fix heredoc example for LDAP dynamic role LDIFs ([#2728]hashicorp/terraform-provider-vault#2728)

  • Docs: Update example to use write-only attribute ([#2731]hashicorp/terraform-provider-vault#2731)

  • vault_database_secret_backend_connection: Add support for top-level plugin_version and password_policy fields to allow configuration at the resource level in addition to engine-specific blocks. (#2748)

  • vault_database_secret_backend_connection: Add support for skip_static_role_import_rotation field to skip initial password rotation when creating static roles. This value is inherited by static roles that do not explicitly set skip_import_rotation. Requires Vault 1.19+ Enterprise. (#2748)

  • vault_database_secret_backend_static_role: The skip_import_rotation field now correctly reads Vault's computed value into state. When not set in config, it inherits from the connection's skip_static_role_import_rotation setting. Requires Vault 1.19+ Enterprise. (#2748)

  • vault_database_secret_mount: Added plugin_version,skip_static_role_import_rotation and password_policy fields to allow configuration at the resource level(#2748)

... (truncated)

Commits
  • 0a2bf05 Prepare for 5.7.0 release (#2764)
  • d6a7a08 secrets/kmip: Add new operation fields in KMIP Secret Engine Role. (#2744)
  • fb25e21 AppRole Auth Method for vault_approle_auth_backend_role resource, include loc...
  • 7fb79e8 Implementation in vault_password_policy to add entropy_source field. (#2753)
  • 3f580c3 Add support for validate_assertion_signature and validate_response_signature ...
  • b78a3cf Support for ocsp_max_retries and ocsp_this_update_max_age in vault_cert_auth_...
  • 6ca22ed added token_bound_cidrs in vault_approle_auth_backend_role_secret_id (#2718)
  • 9f993e9 Add ephemeral resource for approle_auth_backend_role_secret_id and add write ...
  • fb4abc3 Spurious diff issue code optimisation (#2752)
  • cd50206 add vault_kubernetes_service_account_token ephemeral resource (#2712)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the terraform-providers group across 2 directories with 1 update
f2e564e 
Bumps the terraform-providers group with 1 update in the /modules/landing-zone directory: [hashicorp/vault](https://github.com/hashicorp/terraform-provider-vault).
Bumps the terraform-providers group with 1 update in the /modules/management directory: [hashicorp/vault](https://github.com/hashicorp/terraform-provider-vault).


Updates `hashicorp/vault` from 5.6.0 to 5.7.0
- [Release notes](https://github.com/hashicorp/terraform-provider-vault/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-vault/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-vault@v5.6.0...v5.7.0)

Updates `hashicorp/vault` from 5.6.0 to 5.7.0
- [Release notes](https://github.com/hashicorp/terraform-provider-vault/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-vault/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-vault@v5.6.0...v5.7.0)

---
updated-dependencies:
- dependency-name: hashicorp/vault
  dependency-version: 5.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: terraform-providers
- dependency-name: hashicorp/vault
  dependency-version: 5.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: terraform-providers
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file terraform Pull requests that update terraform code labels Feb 27, 2026
@mahauber mahauber merged commit 239b720 into main Feb 27, 2026
@mahauber mahauber deleted the dependabot/terraform/modules/landing-zone/terraform-providers-4005ec76a4 branch February 27, 2026 15:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file terraform Pull requests that update terraform code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mahauber