Bump hashicorp/vault from 5.3.0 to 5.5.0 in /example/vault/environments/local #266

dependabot · 2025-12-01T13:54:33Z

Bumps hashicorp/vault from 5.3.0 to 5.5.0.

Release notes

Sourced from hashicorp/vault's releases.

v5.5.0

5.5.0 (Nov 20, 2025)

BEHAVIOR CHANGES: With v5.5.0, the default value for deny_null_bind in the vault_ldap_auth_backend resource has changed from false to true to match with the Vault API defaults. Configurations that do not explicitly set deny_null_bind will now have it set to true upon upgrade, and customers should verify that this change aligns with their intended LDAP authentication behavior. Furthermore, Customers should also consider upgrading to Vault Community Edition 1.21.1 and Vault Enterprise 1.21.1, 1.20.6, 1.19.12, and 1.16.28, which no longer allows Vault to perform unauthenticated or null binds against the LDAP server.

BUGS:

vault_ldap_auth_backend: Fix incorrect deny_null_bind default. Set deny_null_bind to true if not provided in configuration (#2622)

FEATURES:

Add support for alias_metadata field in auth resources (#2547)

Add support for not_before_duration field in vault_pki_secret_backend_root_cert (#2664)

IMPROVEMENTS:

Updated dependencies:

golang.org/x/crypto v0.41.0 -> v0.45.0

golang.org/x/net v0.43.0 -> v0.47.0

golang.org/x/mod v0.26.0 -> v0.29.0

golang.org/x/sync v0.16.0 -> v0.18.0

golang.org/x/sys v0.35.0 -> v0.38.0

golang.org/x/text v0.28.0 -> v0.31.0

golang.org/x/tools v0.35.0 -> v0.38.0

v5.4.0

5.4.0 (Nov 3, 2025)

BEHAVIOR CHANGES: Please refer to the upgrade topics in the guide for details on all behavior changes.

FEATURES:

Add support for Azure Static Secrets: (#2635)

Add support for write-only token argument in vault_terraform_cloud_secret_backend resource (#2603)

New parameters for vault_terraform_cloud_secret_role to support multi-team tokens, by @drewmullen (#2498)

Add support for tune in vault_saml_auth_backend resource (#2566)

Add support for tune in vault_ldap_auth_backend and vault_okta_auth_backend resources (#2602)

Add support for allowed_sts_header_values parameter in vault_aws_auth_backend_client resource to specify additional headers allowed in STS requests

New parameters for vault_gcp_secret_backend to support ttl and max_ttl, by @vijayavelsekar (#2627)

Add support for request_timeout, dereference_aliases,enable_samaccountname_login and anonymous_group_search parameters in vault_ldap_auth_backend resource.(#2634)

Add support for max_retries parameter in vault_aws_secret_backend resource. (#2623)

Add support for iam_alias, iam_metadata, gce_alias and gce_metadata fields in vault_gcp_auth_backend resource (#2636)

Add support for role_id field in vault_gcp_auth_backend_role resource (#2636)

Add retry configuration fields (max_retries, retry_delay, max_retry_delay) to vault_azure_auth_backend_config resource for Azure API request resilience (#2629)

Add new resources vault_spiffe_auth_backend_config and vault_spiffe_auth_backend_role (#2620)

... (truncated)

Changelog

Sourced from hashicorp/vault's changelog.

5.5.0 (Nov 19, 2025)

BEHAVIOR CHANGES: With v5.5.0, the default value for deny_null_bind in the vault_ldap_auth_backend resource has changed from false to true to match with the Vault API defaults. Configurations that do not explicitly set deny_null_bind will now have it set to true upon upgrade, and customers should verify that this change aligns with their intended LDAP authentication behavior. Furthermore, Customers should also consider upgrading to Vault Community Edition 1.21.1 and Vault Enterprise 1.21.1, 1.20.6, 1.19.12, and 1.16.28, which no longer allows Vault to perform unauthenticated or null binds against the LDAP server.

SECURITY:

vault_ldap_auth_backend: Fix incorrect deny_null_bind default. Set deny_null_bind to true if not provided in configuration (#2622) (CVE-13357,HCSEC-2025-33)

FEATURES:

Add support for alias_metadata field in auth resources (#2547)

Add support for not_before_duration field in vault_pki_secret_backend_root_cert (#2664)

IMPROVEMENTS:

Updated dependencies:

golang.org/x/crypto v0.41.0 -> v0.45.0

golang.org/x/net v0.43.0 -> v0.47.0

golang.org/x/mod v0.26.0 -> v0.29.0

golang.org/x/sync v0.16.0 -> v0.18.0

golang.org/x/sys v0.35.0 -> v0.38.0

golang.org/x/text v0.28.0 -> v0.31.0

golang.org/x/tools v0.35.0 -> v0.38.0

5.4.0 (Nov 3, 2025)

BEHAVIOR CHANGES: Please refer to the upgrade topics in the guide for details on all behavior changes.

FEATURES:

Add support for Azure Static Secrets: (#2635)

Add support for write-only token argument in vault_terraform_cloud_secret_backend resource (#2603)

New parameters for vault_terraform_cloud_secret_role to support multi-team tokens, by @drewmullen (#2498)

Add support for tune in vault_saml_auth_backend resource (#2566)

Add support for tune in vault_ldap_auth_backend and vault_okta_auth_backend resources (#2602)

Add support for allowed_sts_header_values parameter in vault_aws_auth_backend_client resource to specify additional headers allowed in STS requests

New parameters for vault_gcp_secret_backend to support ttl and max_ttl, by @vijayavelsekar (#2627)

Add support for request_timeout, dereference_aliases,enable_samaccountname_login and anonymous_group_search parameters in vault_ldap_auth_backend resource.(#2634)

Add support for max_retries parameter in vault_aws_secret_backend resource. (#2623)

Add support for iam_alias, iam_metadata, gce_alias and gce_metadata fields in vault_gcp_auth_backend resource (#2636)

Add support for role_id field in vault_gcp_auth_backend_role resource (#2636)

Add retry configuration fields (max_retries, retry_delay, max_retry_delay) to vault_azure_auth_backend_config resource for Azure API request resilience (#2629)

Add new resources vault_spiffe_auth_backend_config and vault_spiffe_auth_backend_role (#2620)

Add support for mfa_serial_number parameter in vault_aws_secret_backend_role resource. (#2637)

Add support for persist_appparameters in vault_azure_secret_backend_role resource. (#2642)

... (truncated)

Commits

148e86b Prepare for v5.5.0 release (#2663)
9caa63c Support not_before_duration parameter on PKI root certs (#2664)
96ababb Add alias_metadata field (#2547)
882bc7f set deny_null_bind default to true (#2622)
55d0009 update slack channel in release workflow (#2647)
0908bc1 Resolve security scan vulnerability in github.com/go-viper/mapstructure/v2 ...
a78a7db Prepare for v5.4.0 release (#2645)
7f78d9b Add support for Azure Static Secrets (#2635)
4b0ea0e Upgrade go version and acceptance test matrix (#2640)
4fb815a Add ttl and max_ttl to gcp secret backend (#2627)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [hashicorp/vault](https://github.com/hashicorp/terraform-provider-vault) from 5.3.0 to 5.5.0. - [Release notes](https://github.com/hashicorp/terraform-provider-vault/releases) - [Changelog](https://github.com/hashicorp/terraform-provider-vault/blob/main/CHANGELOG.md) - [Commits](hashicorp/terraform-provider-vault@v5.3.0...v5.5.0) --- updated-dependencies: - dependency-name: hashicorp/vault dependency-version: 5.5.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file terraform Pull requests that update Terraform code labels Dec 1, 2025

dependabot bot requested a review from marcofranssen as a code owner December 1, 2025 13:54

dependabot bot added the dependencies Pull requests that update a dependency file label Dec 1, 2025

dependabot bot requested review from a team and gjkamstra as code owners December 1, 2025 13:54

dependabot bot added the terraform Pull requests that update Terraform code label Dec 1, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump hashicorp/vault from 5.3.0 to 5.5.0 in /example/vault/environments/local #266

Bump hashicorp/vault from 5.3.0 to 5.5.0 in /example/vault/environments/local #266

Uh oh!

dependabot bot commented on behalf of github Dec 1, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump hashicorp/vault from 5.3.0 to 5.5.0 in /example/vault/environments/local #266

Are you sure you want to change the base?

Bump hashicorp/vault from 5.3.0 to 5.5.0 in /example/vault/environments/local #266

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 1, 2025

v5.5.0

5.5.0 (Nov 20, 2025)

v5.4.0

5.4.0 (Nov 3, 2025)

5.5.0 (Nov 19, 2025)

5.4.0 (Nov 3, 2025)

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant