LoginSign Up
← Back to all sparks
Vault logo

Vault

INFRA · APISDEVOPS
Velocity2.5

Secrets management tool by HashiCorp

www.vaultproject.io

Vault under IBM lands 2.0.0, with FIPS 140-3 and HSM enterprise builds inside two weeks.

vaultrelease-engineeringfips-140-3hsmenterpriseibm-era
Current state
Vault crossed 2.0.0 in late March under its post-HashiCorp / IBM stewardship — the artifact pages now carry IBM's International Program License Agreement language alongside the existing MPL 2.0 / BSL terms. Enterprise variants followed within days: 2.0.0 enterprise FIPS 140-3 and HSM-flavored builds published April 1 and April 8, plus an sdk/v0.25.1 backport addressing a Go CVE. The recent shipping is release-engineering-heavy, not feature-heavy.
Where it's heading
This is the cadence of a project completing a major-version rollout — community GA first, then RC and GA enterprise-flavor builds, then security-tracking SDK backports — rather than a roadmap pivot. The fact that FIPS 140-3 and HSM enterprise builds shipped in the same window as the 2.0 cycle is the signal worth holding onto: Vault's federal and regulated-industry posture is being kept intact under the new owner, and auth plugin version bumps suggest the wider ecosystem is staying in step.
Prediction
Expect 2.x feature-bearing minor releases over the next few months, with FIPS 140-3 and HSM enterprise variants tracked alongside the community builds. GA bumps for the auth plugins to match the 2.x line are likely. Worth watching for more visible IBM branding or any Cloud-side packaging shifts that signal repositioning under the new owner.

Recent moves

  1. 2mo ago

    Vault 2.0.0 Enterprise FIPS 140-3 build available

    Enterprise Vault 2.0.0 with FIPS 140-3 cryptographic compliance is now available as a downloadable build, alongside Linux amd64 and arm64 binaries. Meaningful for federal and regulated-industry customers who can't move to 2.x without a FIPS-validated build.

    View source ↗
  2. 2mo ago

    SDK 0.25.1 backports CVE-2026-34986 Go fix

    An SDK 0.25.1 backport pulls in the Go fix for CVE-2026-34986 / GHSA-78h2-9frx — a security-tracking patch rather than feature work, but the kind of thing dependent integrators need to pick up.

    View source ↗
  3. 2mo ago

    Vault 2.0.0 RC1 Enterprise HSM build

    Release-artifact listing for Vault 2.0.0-rc1 Enterprise HSM — the pre-GA build path for the HSM-integrated variant. No product-side change beyond the publish itself.

    View source ↗
  4. 2mo ago

    Vault 2.0.0 RC1 release-artifacts PR

    Auto-generated release-artifacts pull request for the v2.0.0-rc1 build cycle (#31878). Internal release-engineering plumbing visible in the changelog.

    View source ↗
  5. 2mo ago

    Vault 2.0.0 Enterprise HSM + FIPS 140-3 build

    Combined HSM + FIPS 140-3 GA enterprise build for Vault 2.0.0 — the variant that customers running hardware-backed key storage in regulated environments need before they upgrade. Ships with Linux amd64/arm64 binaries.

    View source ↗
  6. 2mo ago

    Vault 2.0.0 RC1 Enterprise HSM + FIPS 140-3 build

    Pre-GA RC1 build of the HSM + FIPS 140-3 enterprise variant. Pre-cursor to the April 1 GA equivalent — release-pipeline visibility, not a new product surface.

    View source ↗