Vault Upgrade Guides

This guide describes the procedure of performing a rolling upgrade of a HA vault cluster and providing the required doc for the upgrade of multiple vault replication clusters.

Use Case

To upgrade to the latest version of the Vault. The latest version of the Vault would be ideal since we know, the latest versions have a lot of bug fixes, security patches, and features, making the Prod more stable and manageable.

Procedure

First, we have to download the vault binaries. The latest Vault binaries, both Open Source and Enterprise, can be downloaded from https://releases.hashicorp.com/vault/. Enterprise binaries are labeled with ‘+ent’ in both the directory and binary file names. These directories contain binaries compiled for the most common platforms, with the exception of the Hardware Security Module version, which is distributed for linux/amd64 platforms only.

steps 2: Follow the upgrading  Vault guides which are HashiCorp recommendation 

• Upgrading Vault 

Steps 3:To stay up to date with features and changes made with each version:

vault/CHANGELOG.md 

Also,  If you upgrading an old version to the latest version for example upgrading from 1.3.0 to 1.7.3,

For such a big jump in versions, you'll also want to look at each of the version-specific upgrades between V1.3.0 to 1.7.3. There is guides worth of differences to note between v1.3.0 to 1.7.3 in the sidebar here:

• Upgrade to 1.3.2: https://www.vaultproject.io/docs/upgrading/upgrade-to-1.3.2
• Upgrade to 1.3.3: https://www.vaultproject.io/docs/upgrading/upgrade-to-1.3.3

                              to 

• Upgrade to 1.6.3: https://www.vaultproject.io/docs/upgrading/upgrade-to-1.6.3
• Upgrade to 1.70: https://www.vaultproject.io/docs/upgrading/upgrade-to-1.7.0

We will recommend taking a snapshot(backup) before upgrading.

Take a backup of your Vault cluster, the steps to which will depend on whether you're using Consul Storage Backend or Raft Integrated Storage.

Follow these steps : 

• Rolling Upgrade Procedure for upgrading a single HA cluster
• Replication Clusters Upgrade procedure

• Restart vault 

$ /opt/app/hashicorp/bin/vault server -config=/opt/app/hashicorp/config/vault.hcl &

 

• Unseal Vault 

$ vault operator unseal {{key string}}

 

 

• Apply new license key

$ vault write /sys/license text={license key}

 

 

 

* Validate the License

 

* Check via the command line: 

$ vault read /sys/license

• Check via UI

 

While you upgrading If your production is affected, you can file a new ticket at High or Urgent priority and someone who is on call will be paged to assist.

Resources

• Upgrading Vault
• Vault Upgrade Standard procedure