"Vault 1.21 adds native support for SPIFFE, allowing non-human identities like microservices and containers to authenticate to Vault using X509 or JWT-based SVIDs without static credentials."
"The expanded secret recovery model in Vault 1.21 allows operators to recover specific secrets from snapshots, significantly reducing the resource impact compared to restoring the entire cluster."
"With Vault 1.21, organizations can build zero-trust architectures more effectively, as Vault can now issue X509-SVIDs to workloads that authenticate through existing methods."
Vault 1.21 introduces native SPIFFE authentication for non-human workloads, allowing microservices and containers to authenticate using X509 or JWT-based SVIDs. This version enhances the secret recovery model, enabling targeted recovery of specific secrets without restoring the entire cluster. New features include KV v2 secret attribution, MFA TOTP self-enrollment, and a Vault Secrets Operator CSI driver for direct secret mounting in pods. These improvements support organizations in building zero-trust architectures across various environments.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]