We are thrilled to announce the release of OpenBao v2.1.0, a milestone update that lays the groundwork for enhanced safety, scalability, and functionality. This release brings significant advancements in storage capabilities, improves scalability for operators and developers, and introduces exciting new features to support community-driven innovation.
What’s New in OpenBao v2.1.0?
This release addresses long-standing challenges and introduces critical updates that ensure greater consistency, safety, and scalability. The highlights include:
- Remove Mount Table Limits: The mount tables for auth and secret have been separated into individual storage entries, eliminating the size constraints tied to max_entry_size. Operators can now handle potentially hundreds of thousands of mounts on a single, scaled-up server.
- Transactional Storage: Plugin developers now have access to APIs supporting safe storage modifications, enabling read-only and writable transactions. This paves the way for consistent, error-free operations and storage integrity.
- Enhanced Transit Features: The Transit engine now supports PKI CSR and certificate storage alongside key material. This allows secure key creation and certificate issuance workflows without the need for additional K/V mounts. Certificate rotation and chain management are also supported.
- PostgreSQL Support: PostgreSQL database support has been reintroduced as a storage backend, offering paginated list support for greater efficiency. While currently in preview, this feature showcases OpenBao’s commitment to flexibility and performance.
Read the full release notes here.
“Transactional storage is a significant advancement over HashiCorp’s Vault offering,” said Alex Scheel, TSC Chair. “It is fabulous to see the community working together on long-standing pain points and designs for much-desired features on top of these core improvements.”
What’s Next for OpenBao?
Looking ahead, the OpenBao community is actively working on a variety of exciting initiatives:
- Multi-Tenancy with Namespaces: A working group has been formed to bring multi-tenancy improvements, enhancing usability and security.
- SSH CA and PKI Enhancements: Ongoing projects include multi-issuer SSH CA support and the introduction of CEL-based PKI issuance policies.
- Future Features: Usability enhancements to the PKI engine, improvements to the K/V engine using transactional storage, and new ACL system features for recursive listing are already underway.
- Collaborations: The OpenBao team welcomes collaboration on private forks of HashiCorp Vault to ensure timely security updates and feature syncs.
As always, we invite the community to contribute to the project and help shape the future of OpenBao. Whether it’s testing new features, contributing code, or providing feedback, your involvement is invaluable.
Stay tuned for more updates and join us on our journey to redefine secrets and encryption management!
