Key differences between Vault charm version 1.8 and 1.15

Versions 1.8 (and below) and 1.15 (and beyond) are fundamentally different charms. Here is a list of additions, changes and removals made to the Vault charm 1.15, when compared with 1.8.

Additions

• Act as an intermediate CA (see How-to: use as an intermediate CA

• Auto unseal using a root unsealer Vault (see How-to: Configure for Auto unseal

• Integration with Canonical Observability Stack (see How-to: Integrate with COS (k8s) and How-to: Integrate with COS (machine))

• Backup and restore through Juju actions and integration with S3 storage (see How-to: Create a backup and How-to: Restore a backup)

• Vault UI

Changes

• TLS Certificates integration: The charm now implements the provider side of the TLS Certificates Integration V1 instead of V0 . This new version of the interface is more secure and only contains public information (CSR’s and Certificates).

• Storage backend: The Vault charm now supports the Raft backend and drops support for other backends. Raft provides High Availability by default (see Explanation: High Availability.

Removals

• Providing the snap channel explicitly: Snap revisions are frozen to the charm revision providing reliable deployments.

• Loadbalancer integration

Upgrading from 1.8 to 1.15

Upgrading from 1.8 to 1.15 is not supported, however you can backup your data on 1.8, and restore it on a new deployment of Vault 1.15.