From 4f357f8ae1c321468ec55c030c6ff621db147db6 Mon Sep 17 00:00:00 2001 From: Robert <17119716+robmonte@users.noreply.github.com> Date: Fri, 21 Jun 2024 13:05:12 -0500 Subject: [PATCH] Add chroot known-issue and sync activation-flag release note (#27558) * Add chroot known-issue and activation-flag release note * Fix reference link --- website/content/docs/release-notes/1.16.1.mdx | 1 + .../content/docs/upgrading/upgrade-to-1.16.x.mdx | 8 ++++++++ .../1_16_secrets-sync-chroot-activation.mdx | 15 +++++++++++++++ 3 files changed, 24 insertions(+) create mode 100644 website/content/partials/known-issues/1_16_secrets-sync-chroot-activation.mdx diff --git a/website/content/docs/release-notes/1.16.1.mdx b/website/content/docs/release-notes/1.16.1.mdx index ddf68c228d82..b3600afb0c32 100644 --- a/website/content/docs/release-notes/1.16.1.mdx +++ b/website/content/docs/release-notes/1.16.1.mdx @@ -19,6 +19,7 @@ description: |- | 1.16.0+ | [Default LCQ enabled when upgrading pre-1.9](/vault/docs/upgrading/upgrade-to-1.16.x#default-lcq-pre-1.9-upgrade) | | 1.16.0+ | [External plugin environment variables take precedence over server variables](/vault/docs/upgrading/upgrade-to-1.16.x#external-plugin-variables) | 1.16.0+ | [LDAP auth entity alias names no longer include upndomain](/vault/docs/upgrading/upgrade-to-1.16.x#ldap-auth-entity-alias-names-no-longer-include-upndomain) +| 1.16.0+ | [Secrets Sync now requires a one-time flag to operate](/vault/docs/upgrading/upgrade-to-1.16.x#secrets-sync-now-requires-setting-a-one-time-flag-before-use) | 1.16.0+ | [Azure secrets engine role creation failing](/vault/docs/upgrading/upgrade-to-1.16.x#azure-secrets-engine-role-creation-failing) | 1.16.1 - 1.16.3 | [New nodes added by autopilot upgrades provisioned with the wrong version](/vault/docs/upgrading/upgrade-to-1.15.x#new-nodes-added-by-autopilot-upgrades-provisioned-with-the-wrong-version) | 1.15.8+ | [Autopilot upgrade for Vault Enterprise fails](/vault/docs/upgrading/upgrade-to-1.15.x#autopilot) diff --git a/website/content/docs/upgrading/upgrade-to-1.16.x.mdx b/website/content/docs/upgrading/upgrade-to-1.16.x.mdx index b16368409c93..a4ba0d15c15a 100644 --- a/website/content/docs/upgrading/upgrade-to-1.16.x.mdx +++ b/website/content/docs/upgrading/upgrade-to-1.16.x.mdx @@ -81,6 +81,13 @@ userattr="userprincipalname" Refer to the [LDAP auth method (API)](/vault/api-docs/auth/ldap) page for more details on the configuration. +### Secrets Sync now requires setting a one-time flag before use + +To use the Secrets Sync feature, the feature must be activated with a new one-time +operation called an activation-flag. The feature is gated until a Vault operator +decides to trigger the flag. More information can be found in the +[secrets sync documentation](/vault/docs/sync#activating-the-feature). + ## Known issues and workarounds @include 'known-issues/1_16-jwt_auth_bound_audiences.mdx' @@ -101,3 +108,4 @@ more details on the configuration. @include 'known-issues/perf-standbys-revert-to-standby.mdx' +@include 'known-issues/1_16_secrets-sync-chroot-activation.mdx' diff --git a/website/content/partials/known-issues/1_16_secrets-sync-chroot-activation.mdx b/website/content/partials/known-issues/1_16_secrets-sync-chroot-activation.mdx new file mode 100644 index 000000000000..ab322a4c1c38 --- /dev/null +++ b/website/content/partials/known-issues/1_16_secrets-sync-chroot-activation.mdx @@ -0,0 +1,15 @@ +### Secrets Sync cannot be activated from chroot namespace + +#### Affected versions + +- 1.16.0+ + +#### Issue + +Secrets Sync cannot be activated from the chroot namespace. The Secrets Sync feature +now requires a new activation-flag to be enabled before it can be used. Writing to +any `sys/activation-flags/` path currently requires root namespace access. + +#### Workaround +Users can request a Vault operator to activate the feature from the root namespace +if they lack the necessary access.