path: root/ansible_collections/community/hashi_vault/changelogs/changelog.yaml

ancestor: null
releases:
  0.1.0:
    changes:
      release_summary: 'Our first release matches the ``hashi_vault`` lookup functionality
        provided by ``community.general`` version ``1.3.0``.

        '
    fragments:
    - 0.1.0.yml
    release_date: '2020-12-02'
  0.2.0:
    changes:
      bugfixes:
      - hashi_vault - ``mount_point`` parameter did not work with ``aws_iam_login``
        auth method (https://github.com/ansible-collections/community.hashi_vault/issues/7)
      - hashi_vault - fallback logic for handling deprecated style of auth in hvac
        was not implemented correctly (https://github.com/ansible-collections/community.hashi_vault/pull/33).
      - hashi_vault - parameter ``mount_point`` does not work with JWT auth (https://github.com/ansible-collections/community.hashi_vault/issues/29).
      - hashi_vault - tokens without ``lookup-self`` ability can't be used because
        of validation (https://github.com/ansible-collections/community.hashi_vault/issues/18).
      deprecated_features:
      - hashi_vault - ``VAULT_ADDR`` environment variable for option ``url`` will
        have its precedence lowered in 1.0.0; use ``ANSIBLE_HASHI_VAULT_ADDR`` to
        intentionally override a config value (https://github.com/ansible-collections/community.hashi_vault/issues/8).
      - hashi_vault - ``VAULT_AUTH_METHOD`` environment variable for option ``auth_method``
        will be removed in 2.0.0, use ``ANSIBLE_HASHI_VAULT_AUTH_METHOD`` instead
        (https://github.com/ansible-collections/community.hashi_vault/issues/17).
      - hashi_vault - ``VAULT_ROLE_ID`` environment variable for option ``role_id``
        will be removed in 2.0.0, use ``ANSIBLE_HASHI_VAULT_ROLE_ID`` instead (https://github.com/ansible-collections/community.hashi_vault/issues/20).
      - hashi_vault - ``VAULT_SECRET_ID`` environment variable for option ``secret_id``
        will be removed in 2.0.0, use ``ANSIBLE_HASHI_VAULT_SECRET_ID`` instead (https://github.com/ansible-collections/community.hashi_vault/issues/20).
      - hashi_vault - ``VAULT_TOKEN_FILE`` environment variable for option ``token_file``
        will be removed in 2.0.0, use ``ANSIBLE_HASHI_VAULT_TOKEN_FILE`` instead (https://github.com/ansible-collections/community.hashi_vault/issues/15).
      - hashi_vault - ``VAULT_TOKEN_PATH`` environment variable for option ``token_path``
        will be removed in 2.0.0, use ``ANSIBLE_HASHI_VAULT_TOKEN_PATH`` instead (https://github.com/ansible-collections/community.hashi_vault/issues/15).
      minor_changes:
      - Add optional ``aws_iam_server_id`` parameter as the value for ``X-Vault-AWS-IAM-Server-ID``
        header (https://github.com/ansible-collections/community.hashi_vault/pull/27).
      - hashi_vault - ``ANSIBLE_HASHI_VAULT_ADDR`` environment variable added for
        option ``url`` (https://github.com/ansible-collections/community.hashi_vault/issues/8).
      - hashi_vault - ``ANSIBLE_HASHI_VAULT_AUTH_METHOD`` environment variable added
        for option ``auth_method`` (https://github.com/ansible-collections/community.hashi_vault/issues/17).
      - hashi_vault - ``ANSIBLE_HASHI_VAULT_ROLE_ID`` environment variable added for
        option ``role_id`` (https://github.com/ansible-collections/community.hashi_vault/issues/20).
      - hashi_vault - ``ANSIBLE_HASHI_VAULT_SECRET_ID`` environment variable added
        for option ``secret_id`` (https://github.com/ansible-collections/community.hashi_vault/issues/20).
      - hashi_vault - ``ANSIBLE_HASHI_VAULT_TOKEN_FILE`` environment variable added
        for option ``token_file`` (https://github.com/ansible-collections/community.hashi_vault/issues/15).
      - hashi_vault - ``ANSIBLE_HASHI_VAULT_TOKEN_PATH`` environment variable added
        for option ``token_path`` (https://github.com/ansible-collections/community.hashi_vault/issues/15).
      - hashi_vault - ``namespace`` parameter can be specified in INI or via env vars
        ``ANSIBLE_HASHI_VAULT_NAMESPACE`` (new) and ``VAULT_NAMESPACE`` (lower preference)  (https://github.com/ansible-collections/community.hashi_vault/issues/14).
      - hashi_vault - ``token`` parameter can now be specified via ``ANSIBLE_HASHI_VAULT_TOKEN``
        as well as via ``VAULT_TOKEN`` (the latter with lower preference) (https://github.com/ansible-collections/community.hashi_vault/issues/16).
      - hashi_vault - add ``token_validate`` option to control token validation (https://github.com/ansible-collections/community.hashi_vault/pull/24).
      - hashi_vault - uses new AppRole method in hvac 0.10.6 with fallback to deprecated
        method with warning (https://github.com/ansible-collections/community.hashi_vault/pull/33).
      release_summary: 'Several backwards-compatible bugfixes and enhancements in
        this release.

        Some environment variables are deprecated and have standardized replacements.'
    fragments:
    - 0.2.0.yml
    - 22-hashi_vault-aws_iam_login-mount_point.yml
    - 24-hashi_vault-token_validation.yml
    - 25-non-breaking-env-parameter-changes.yml
    - 27-add-hashi_vault-header_value-param.yml
    - 31-jwt-mount_point.yml
    - 33-approle-deprecation.yml
    - 35-env-var-deprecations.yml
    release_date: '2020-12-24'
  1.0.0:
    changes:
      breaking_changes:
      - hashi_vault - the ``VAULT_ADDR`` environment variable is now checked last
        for the ``url`` parameter. For details on which use cases are impacted, see
        (https://github.com/ansible-collections/community.hashi_vault/issues/8).
      release_summary: Our first major release contains a single breaking change that
        will affect only a small subset of users. No functionality is removed. See
        the details in the changelog to determine if you're affected and if so how
        to transition to remediate.
    fragments:
    - 1.0.0.yml
    - 41-lower-url-env-precedence.yml
    release_date: '2020-12-30'
  1.1.0:
    changes:
      minor_changes:
      - hashi_vault - add ``proxies`` option (https://github.com/ansible-collections/community.hashi_vault/pull/50).
      release_summary: This release contains a new ``proxies`` option for the ``hashi_vault``
        lookup.
    fragments:
    - 1.1.0.yml
    - 50-add-proxies-option.yml
    release_date: '2021-02-08'
  1.1.1:
    changes:
      bugfixes:
      - hashi_vault - restore use of ``VAULT_ADDR`` environment variable as a low
        preference env var (https://github.com/ansible-collections/community.hashi_vault/pull/61).
      release_summary: 'This bugfix release restores the use of the ``VAULT_ADDR``
        environment variable for setting the ``url`` option.

        See the PR linked from the changelog entry for details and workarounds if
        you cannot upgrade.'
    fragments:
    - 1.1.1.yml
    - 41-fix-vault-addr.yml
    release_date: '2021-02-24'
  1.1.2:
    changes:
      release_summary: This release contains the same functionality as 1.1.1. The
        only change is to mark some code as internal to the collection. If you are
        already using 1.1.1 as an end user you do not need to update.
    fragments:
    - 1.1.2.yml
    release_date: '2021-03-02'
  1.1.3:
    changes:
      bugfixes:
      - hashi_vault - userpass authentication did not work with hvac 0.9.6 or higher
        (https://github.com/ansible-collections/community.hashi_vault/pull/68).
      release_summary: This release fixes a bug with ``userpass`` authentication and
        ``hvac`` versions 0.9.6 and higher.
    fragments:
    - 1.1.3.yml
    - 68-fix-userpass-auth.yml
    release_date: '2021-03-19'
  1.2.0:
    changes:
      deprecated_features:
      - hashi_vault collection - support for Python 2 will be dropped in version ``2.0.0``
        of ``community.hashi_vault`` (https://github.com/ansible-collections/community.hashi_vault/issues/81).
      minor_changes:
      - hashi_vault lookup - add ``ANSIBLE_HASHI_VAULT_CA_CERT`` env var (with ``VAULT_CACERT``
        low-precedence fallback) for ``ca_cert`` option (https://github.com/ansible-collections/community.hashi_vault/pull/97).
      - hashi_vault lookup - add ``ANSIBLE_HASHI_VAULT_PASSWORD`` env var and ``ansible_hashi_vault_password``
        ansible var for ``password`` option (https://github.com/ansible-collections/community.hashi_vault/pull/96).
      - hashi_vault lookup - add ``ANSIBLE_HASHI_VAULT_USERNAME`` env var and ``ansible_hashi_vault_username``
        ansible var for ``username`` option (https://github.com/ansible-collections/community.hashi_vault/pull/96).
      - hashi_vault lookup - add ``ansible_hashi_vault_auth_method`` Ansible vars
        entry to the ``proxies`` option (https://github.com/ansible-collections/community.hashi_vault/pull/86).
      - hashi_vault lookup - add ``ansible_hashi_vault_ca_cert`` ansible var for ``ca_cert``
        option (https://github.com/ansible-collections/community.hashi_vault/pull/97).
      - hashi_vault lookup - add ``ansible_hashi_vault_namespace`` Ansible vars entry
        to the ``namespace`` option (https://github.com/ansible-collections/community.hashi_vault/pull/86).
      - hashi_vault lookup - add ``ansible_hashi_vault_proxies`` Ansible vars entry
        to the ``proxies`` option (https://github.com/ansible-collections/community.hashi_vault/pull/86).
      - hashi_vault lookup - add ``ansible_hashi_vault_role_id`` Ansible vars entry
        to the ``proxies`` option (https://github.com/ansible-collections/community.hashi_vault/pull/86).
      - hashi_vault lookup - add ``ansible_hashi_vault_secret_id`` Ansible vars entry
        to the ``proxies`` option (https://github.com/ansible-collections/community.hashi_vault/pull/86).
      - hashi_vault lookup - add ``ansible_hashi_vault_token_file`` Ansible vars entry
        to the ``token_file`` option (https://github.com/ansible-collections/community.hashi_vault/pull/95).
      - hashi_vault lookup - add ``ansible_hashi_vault_token_path`` Ansible vars entry
        to the ``token_path`` option (https://github.com/ansible-collections/community.hashi_vault/pull/95).
      - hashi_vault lookup - add ``ansible_hashi_vault_token_validate`` Ansible vars
        entry to the ``proxies`` option (https://github.com/ansible-collections/community.hashi_vault/pull/86).
      - hashi_vault lookup - add ``ansible_hashi_vault_token`` Ansible vars entry
        to the ``proxies`` option (https://github.com/ansible-collections/community.hashi_vault/pull/86).
      - hashi_vault lookup - add ``ansible_hashi_vault_url`` and ``ansible_hashi_vault_addr``
        Ansible vars entries to the ``url`` option (https://github.com/ansible-collections/community.hashi_vault/pull/86).
      - hashi_vault lookup - add ``ansible_hashi_vault_validate_certs`` Ansible vars
        entry to the ``validate_certs`` option (https://github.com/ansible-collections/community.hashi_vault/pull/95).
      - hashi_vault lookup - add ``ca_cert`` INI config file key ``ca_cert`` option
        (https://github.com/ansible-collections/community.hashi_vault/pull/97).
      - hashi_vault lookup - add ``none`` auth type which allows for passive auth
        via a Vault agent (https://github.com/ansible-collections/community.hashi_vault/pull/80).
      release_summary: 'This release brings several new ways of accessing options,
        like using Ansible vars, and addng new environment variables and INI config
        entries.

        A special ``none`` auth type is also added, for working with certain Vault
        Agent configurations.

        This release also announces the deprecation of Python 2 support in version
        ``2.0.0`` of the collection.'
    fragments:
    - 1.2.0.yml
    - 80-add-none-auth-type.yml
    - 81-deprecating-python2.yml
    - 86-add-vars-options.yml
    - 95-more-vars-options.yml
    - 96-userpass-vars-env.yml
    - 97-ca_cert-env-and-vars.yml
    release_date: '2021-06-19'
  1.3.0:
    changes:
      minor_changes:
      - hashi_vault lookup - add ``retries`` and ``retry_action`` to enable built-in
        retry on failure (https://github.com/ansible-collections/community.hashi_vault/pull/71).
      - hashi_vault lookup - add ``timeout`` option to control connection timeouts
        (https://github.com/ansible-collections/community.hashi_vault/pull/100).
      release_summary: This release adds two connection-based options for controlling
        timeouts and retrying failed Vault requests.
    fragments:
    - 1.3.0.yml
    - 100-add-timeout-option.yml
    - 71-add-retries.yml
    release_date: '2021-06-28'
  1.3.1:
    changes:
      release_summary: This release fixes an error in the documentation. No functionality
        is changed so it's not necessary to upgrade from ``1.3.0``.
    fragments:
    - 1.3.1.yml
    release_date: '2021-06-30'
  1.3.2:
    changes:
      deprecated_features:
      - hashi_vault collection - support for Python 3.5 will be dropped in version
        ``2.0.0`` of ``community.hashi_vault`` (https://github.com/ansible-collections/community.hashi_vault/issues/81).
      minor_changes:
      - hashi_vault collection - add ``execution-environment.yml`` and a python requirements
        file to better support ``ansible-builder`` (https://github.com/ansible-collections/community.hashi_vault/pull/105).
      release_summary: 'This release adds requirements detection support for Ansible
        Execution Environments. It also updates and adds new guides in our `collection
        docsite <https://docs.ansible.com/ansible/devel/collections/community/hashi_vault>`_.

        This release also announces the dropping of Python 3.5 support in version
        ``2.0.0`` of the collection, alongside the previous announcement dropping
        Python 2.x in ``2.0.0``.'
    fragments:
    - 1.3.2.yml
    - 105-support-ansible-builder.yml
    - 107-deprecating-python-35.yml
    release_date: '2021-07-20'
  1.4.0:
    changes:
      bugfixes:
      - aws_iam_login auth - the ``aws_security_token`` option was not used, causing
        assumed role credentials to fail (https://github.com/ansible-collections/community.hashi_vault/issues/160).
      - hashi_vault collection - a fallback import supporting the ``retries`` option
        for ``urllib3`` via ``requests.packages.urllib3`` was not correctly formed
        (https://github.com/ansible-collections/community.hashi_vault/issues/116).
      - hashi_vault collection - unhandled exception with ``token`` auth when ``token_file``
        exists but is a directory (https://github.com/ansible-collections/community.hashi_vault/issues/152).
      deprecated_features:
      - lookup hashi_vault - the ``[lookup_hashi_vault]`` section in the ``ansible.cfg``
        file is deprecated and will be removed in collection version ``3.0.0``. Instead,
        the section ``[hashi_vault_collection]`` can be used, which will apply to
        all plugins in the collection going forward (https://github.com/ansible-collections/community.hashi_vault/pull/144).
      minor_changes:
      - community.hashi_vault collection - add cert auth method (https://github.com/ansible-collections/community.hashi_vault/pull/159).
      release_summary: 'This release includes bugfixes, a new auth method (``cert``),
        and the first new content since the collection''s formation, the ``vault_read``
        module and lookup plugin.

        We''re also announcing the deprecation of the ``[lookup_hashi_vault]`` INI
        section (which will continue working up until its removal only for the ``hashi_vault``
        lookup), to be replaced by the ``[hashi_vault_collection]`` section that will
        apply to all plugins in the collection.'
    fragments:
    - 1.4.0.yml
    - 113-retry-fallback.yml
    - 144-deprecate-lookup-ini.yml
    - 154-token_file must be a file.yml
    - 159-add-cert-auth.yml
    - 161-aws-sts-token.yml
    modules:
    - description: Perform a read operation against HashiCorp Vault
      name: vault_read
      namespace: ''
    plugins:
      lookup:
      - description: Perform a read operation against HashiCorp Vault
        name: vault_read
        namespace: null
    release_date: '2021-10-25'
  1.4.1:
    changes:
      bugfixes:
      - aws_iam_login auth method - fix incorrect use of ``boto3``/``botocore`` that
        prevented proper loading of AWS IAM role credentials (https://github.com/ansible-collections/community.hashi_vault/issues/167).
      release_summary: This release contains a bugfix for ``aws_iam_login`` authentication.
    fragments:
    - 1.4.1.yml
    - 168-aws_auth-boto-bug.yml
    release_date: '2021-10-28'
  1.5.0:
    changes:
      minor_changes:
      - add the ``community.hashi_vault.vault`` action group (https://github.com/ansible-collections/community.hashi_vault/pull/172).
      - auth methods - Add support for configuring the ``mount_point`` auth method
        option in plugins via the ``ANSIBLE_HASHI_VAULT_MOUNT_POINT`` environment
        variable, ``ansible_hashi_vault_mount_point`` ansible variable, or ``mount_point``
        INI section (https://github.com/ansible-collections/community.hashi_vault/pull/171).
      release_summary: 'This release includes a new action group for use with ``module_defaults``,
        and additional ways of specifying the ``mount_point`` option for plugins.

        This will be the last ``1.x`` release.'
    fragments:
    - 1.5.0.yml
    - 172-action_group.yml
    - pr-171-envvar-for-mount-point.yaml
    release_date: '2021-11-05'
  2.0.0:
    changes:
      breaking_changes:
      - connection options - there is no longer a default value for the ``url`` option
        (the Vault address), so a value must be supplied (https://github.com/ansible-collections/community.hashi_vault/issues/83).
      release_summary: 'Version 2.0.0 of the collection drops support for Python 2
        & Python 3.5, making Python 3.6 the minimum supported version.

        Some deprecated features and settings have been removed as well.'
      removed_features:
      - drop support for Python 2 and Python 3.5 (https://github.com/ansible-collections/community.hashi_vault/issues/81).
      - 'support for the following deprecated environment variables has been removed:
        ``VAULT_AUTH_METHOD``, ``VAULT_TOKEN_PATH``, ``VAULT_TOKEN_FILE``, ``VAULT_ROLE_ID``,
        ``VAULT_SECRET_ID`` (https://github.com/ansible-collections/community.hashi_vault/pull/173).'
    fragments:
    - 173-deprecated-env-vars.yml
    - 176-url-is-required.yml
    - 177-drop-py2-3.5.yml
    - 2.0.0.yml
    release_date: '2021-11-06'
  2.1.0:
    changes:
      deprecated_features:
      - Support for Ansible 2.9 and ansible-base 2.10 is deprecated, and will be removed
        in the next major release (community.hashi_vault 3.0.0) next spring (https://github.com/ansible-community/community-topics/issues/50,
        https://github.com/ansible-collections/community.hashi_vault/issues/189).
      - aws_iam_login auth method - the ``aws_iam_login`` method has been renamed
        to ``aws_iam``. The old name will be removed in collection version ``3.0.0``.
        Until then both names will work, and a warning will be displayed when using
        the old name (https://github.com/ansible-collections/community.hashi_vault/pull/193).
      release_summary: The most important change in this release is renaming the ``aws_iam_login``
        auth method to ``aws_iam`` and deprecating the old name. This release also
        announces the deprecation of Ansible 2.9 and ansible-base 2.10 support in
        3.0.0.
      removed_features:
      - the "legacy" integration test setup has been removed; this does not affect
        end users and is only relevant to contributors (https://github.com/ansible-collections/community.hashi_vault/pull/191).
    fragments:
    - 190-deprecate-ansible-2.9-2.10.yml
    - 191-remove-legacy-integration.yml
    - 193-rename-aws-iam-auth.yml
    - 2.1.0.yml
    release_date: '2021-12-03'
  2.2.0:
    changes:
      minor_changes:
      - The Filter guide has been added to the collection's docsite.
      release_summary: This release contains a new lookup/module combo for logging
        in to Vault, and includes our first filter plugin.
    fragments:
    - 199-vault_login-vault_login_token.yml
    - 2.2.0.yml
    modules:
    - description: Perform a login operation against HashiCorp Vault
      name: vault_login
      namespace: ''
    plugins:
      filter:
      - description: Extracts the client token from a Vault login response
        name: vault_login_token
        namespace: null
      lookup:
      - description: Perform a login operation against HashiCorp Vault
        name: vault_login
        namespace: null
    release_date: '2022-01-05'
  2.3.0:
    changes:
      release_summary: This release contains new plugins and modules for creating
        tokens and for generating certificates with Vault's PKI secrets engine.
    fragments:
    - 2.3.0.yml
    modules:
    - description: Generates a new set of credentials (private key and certificate)
        using HashiCorp Vault PKI
      name: vault_pki_generate_certificate
      namespace: ''
    - description: Create a HashiCorp Vault token
      name: vault_token_create
      namespace: ''
    plugins:
      lookup:
      - description: Create a HashiCorp Vault token
        name: vault_token_create
        namespace: null
    release_date: '2022-02-15'
  2.4.0:
    changes:
      release_summary: Our first content for writing to Vault is now live.
    fragments:
    - 2.4.0.yml
    modules:
    - description: Perform a write operation against HashiCorp Vault
      name: vault_write
      namespace: ''
    plugins:
      lookup:
      - description: Perform a write operation against HashiCorp Vault
        name: vault_write
        namespace: null
    release_date: '2022-03-31'
  2.5.0:
    changes:
      deprecated_features:
      - token_validate options - the shared auth option ``token_validate`` will change
        its default from ``True`` to ``False`` in community.hashi_vault version 4.0.0.
        The ``vault_login`` lookup and module will keep the default value of ``True``
        (https://github.com/ansible-collections/community.hashi_vault/issues/248).
      minor_changes:
      - vault_login module & lookup - no friendly error message was given when ``hvac``
        was missing (https://github.com/ansible-collections/community.hashi_vault/issues/257).
      - vault_pki_certificate - add ``vault_pki_certificate`` to the ``community.hashi_vault.vault``
        action group (https://github.com/ansible-collections/community.hashi_vault/issues/251).
      - vault_read module & lookup - no friendly error message was given when ``hvac``
        was missing (https://github.com/ansible-collections/community.hashi_vault/issues/257).
      - vault_token_create - add ``vault_token_create`` to the ``community.hashi_vault.vault``
        action group (https://github.com/ansible-collections/community.hashi_vault/issues/251).
      - vault_token_create module & lookup - no friendly error message was given when
        ``hvac`` was missing (https://github.com/ansible-collections/community.hashi_vault/issues/257).
      - vault_write - add ``vault_write`` to the ``community.hashi_vault.vault`` action
        group (https://github.com/ansible-collections/community.hashi_vault/issues/251).
      release_summary: 'This release finally contains dedicated KV plugins and modules,
        and an exciting new lookup to help use plugin values in module calls.

        With that, we also have a guide in the collection docsite for migrating away
        from the ``hashi_vault`` lookup toward dedicated content.

        We are also announcing that the ``token_validate`` option will change its
        default value in version 4.0.0.

        This is the last planned release before 3.0.0. See the porting guide for breaking
        changes and removed features in the next version.'
    fragments:
    - 2.5.0.yml
    - 246-action_group.yml
    - 258-token_validate-default.yml
    - 259-hvac-checks.yml
    modules:
    - description: Get a secret from HashiCorp Vault's KV version 1 secret store
      name: vault_kv1_get
      namespace: ''
    - description: Get a secret from HashiCorp Vault's KV version 2 secret store
      name: vault_kv2_get
      namespace: ''
    plugins:
      lookup:
      - description: Returns plugin settings (options)
        name: vault_ansible_settings
        namespace: null
      - description: Get a secret from HashiCorp Vault's KV version 1 secret store
        name: vault_kv1_get
        namespace: null
      - description: Get a secret from HashiCorp Vault's KV version 2 secret store
        name: vault_kv2_get
        namespace: null
    release_date: '2022-05-11'
  3.0.0:
    changes:
      deprecated_features:
      - token_validate options - the shared auth option ``token_validate`` will change
        its default from ``true`` to ``false`` in community.hashi_vault version 4.0.0.
        The ``vault_login`` lookup and module will keep the default value of ``true``
        (https://github.com/ansible-collections/community.hashi_vault/issues/248).
      release_summary: 'Version 3.0.0 of ``community.hashi_vault`` drops support for
        Ansible 2.9 and ansible-base 2.10.

        Several deprecated features have been removed. See the changelog for the full
        list.'
      removed_features:
      - aws_iam auth - the deprecated alias ``aws_iam_login`` for the ``aws_iam``
        value of the ``auth_method`` option has been removed (https://github.com/ansible-collections/community.hashi_vault/issues/194).
      - community.hashi_vault collection - support for Ansible 2.9 and ansible-base
        2.10 has been removed (https://github.com/ansible-collections/community.hashi_vault/issues/189).
      - hashi_vault lookup - the deprecated ``[lookup_hashi_vault]`` INI config section
        has been removed in favor of the collection-wide ``[hashi_vault_collection]``
        section (https://github.com/ansible-collections/community.hashi_vault/issues/179).
    fragments:
    - 179-remove-lookup_hashi_vault-ini.yml
    - 189-remove-ansible-2_9-2_10-support.yml
    - 194-remove-aws_iam_login.yml
    - 248-token_validate-change-default.yml
    - 3.0.0.yml
    release_date: '2022-05-21'
  3.1.0:
    changes:
      bugfixes:
      - Add SPDX license headers to individual files (https://github.com/ansible-collections/community.hashi_vault/pull/282).
      - Add missing ``BSD-2-Clause.txt`` file for BSD licensed content (https://github.com/ansible-collections/community.hashi_vault/issues/275).
      - Use the correct GPL license for plugin_utils (https://github.com/ansible-collections/community.hashi_vault/issues/276).
      deprecated_features:
      - vault_kv2_get lookup - the ``engine_mount_point option`` in the ``vault_kv2_get``
        lookup only will change its default from ``kv`` to ``secret`` in community.hashi_vault
        version 4.0.0 (https://github.com/ansible-collections/community.hashi_vault/issues/279).
      release_summary: 'A default value that was set incorrectly will be corrected
        in ``4.0.0``.

        A deprecation warning will be shown until then if the value is not specified
        explicitly.

        This version also includes some fixes and improvements to the licensing in
        the collection, which does not affect any functionality.'
    fragments:
    - 279-incorrect-kv2-lookup-default.yml
    - 3.1.0.yml
    - licensing.yml
    release_date: '2022-07-17'
  3.2.0:
    changes:
      bugfixes:
      - community.hashi_vault plugins - tokens will be cast to a string type before
        being sent to ``hvac`` to prevent errors in ``requests`` when values are ``AnsibleUnsafe``
        (https://github.com/ansible-collections/community.hashi_vault/issues/289).
      - modules - fix a "variable used before assignment" that cannot be reached but
        causes sanity test failures (https://github.com/ansible-collections/community.hashi_vault/issues/296).
      minor_changes:
      - community.hashi_vault collection - add support for ``azure`` auth method,
        for Azure service principal, managed identity, or plain JWT access token (https://github.com/ansible-collections/community.hashi_vault/issues/293).
      - community.hashi_vault retries - `HTTP status code 412 <https://www.vaultproject.io/api-docs#412>`__
        has been added to the default list of codes to be retried, for the new `Server
        Side Consistent Token feature <https://www.vaultproject.io/docs/faq/ssct#q-is-there-anything-else-i-need-to-consider-to-achieve-consistency-besides-upgrading-to-vault-1-10>`__
        in Vault Enterprise (https://github.com/ansible-collections/community.hashi_vault/issues/290).
      release_summary: This release brings support for the ``azure`` auth method,
        adds ``412`` to the default list of HTTP status codes to be retried, and fixes
        a bug that causes failures in token auth with ``requests>=2.28.0``.
    fragments:
    - 289-handle-unsafe-strings.yml
    - 290-retry-http-412.yml
    - 293-support-azure-auth-method.yml
    - 296-use-before-assignment.yml
    - 3.2.0.yml
    release_date: '2022-08-21'
  3.3.0:
    changes:
      minor_changes:
      - vault_token_create - creation or orphan tokens uses ``hvac``'s new v1 method
        for creating orphans, or falls back to the v0 method if needed (https://github.com/ansible-collections/community.hashi_vault/issues/301).
      release_summary: 'With the release of ``hvac`` version ``1.0.0``, we needed
        to update ``vault_token_create``''s support for orphan tokens.

        The collection''s changelog is now viewable in the Ansible documentation site.'
    fragments:
    - 3.3.0.yml
    - 301-orphan-token-handling.yml
    release_date: '2022-09-19'
  3.3.1:
    changes:
      release_summary: No functional changes in this release, this provides updated
        filter documentation for the public docsite.
    fragments:
    - 3.3.1.yml
    release_date: '2022-09-25'
  3.4.0:
    changes:
      bugfixes:
      - connection options - the ``namespace`` connection option will be forced into
        a string to ensure cmpatibility with recent ``requests`` versions (https://github.com/ansible-collections/community.hashi_vault/issues/309).
      minor_changes:
      - vault_pki_generate_certificate - the documentation has been updated to match
        the argspec for the default values of options ``alt_names``, ``ip_sans``,
        ``other_sans``, and ``uri_sans`` (https://github.com/ansible-collections/community.hashi_vault/pull/318).
      release_summary: 'This release includes a new module, fixes (another) ``requests``
        header issue, and updates some inaccurate documentation.

        This is the last planned release before v4.0.0.'
    fragments:
    - 3.4.0.yml
    - 309-stringify-namespace.yml
    - 318-pki-argspec-doc-mismatch.yml
    modules:
    - description: Delete one or more versions of a secret from HashiCorp Vault's
        KV version 2 secret store
      name: vault_kv2_delete
      namespace: ''
    release_date: '2022-11-03'
  4.0.0:
    changes:
      breaking_changes:
      - auth - the default value for ``token_validate`` has changed from ``true``
        to ``false``, as previously announced (https://github.com/ansible-collections/community.hashi_vault/issues/248).
      - vault_kv2_get lookup - as previously announced, the default value for ``engine_mount_point``
        in the ``vault_kv2_get`` lookup has changed from ``kv`` to ``secret`` (https://github.com/ansible-collections/community.hashi_vault/issues/279).
      minor_changes:
      - modules - all modules now document their action group and support for check
        mode in their attributes documentation (https://github.com/ansible-collections/community.hashi_vault/issues/197).
      release_summary: The next major version of the collection includes previously
        announced breaking changes to some default values, and improvements to module
        documentation with attributes that describe the use of action groups and check
        mode support.
    fragments:
    - 197-module-attributes.yml
    - 248-token_validate-default.yml
    - 279-vault_kv2_get-lookup-mount-default.yml
    - 4.0.0.yml
    release_date: '2022-11-05'
  4.1.0:
    changes:
      deprecated_features:
      - ansible-core - support for ``ansible-core`` versions ``2.11`` and ``2.12``
        will be dropped in collection version ``5.0.0``, making ``2.13`` the minimum
        supported version of ``ansible-core`` (https://github.com/ansible-collections/community.hashi_vault/issues/340).
      - hvac - the minimum version of ``hvac`` to be supported in collection version
        ``5.0.0`` will be at least ``1.0.2``; this minimum may be raised before ``5.0.0``
        is released, so please subscribe to the linked issue and look out for new
        notices in the changelog (https://github.com/ansible-collections/community.hashi_vault/issues/324).
      release_summary: 'This release brings new generic ``vault_list`` plugins from
        a new contributor!

        There are also some deprecation notices for the next major version, and some
        updates to documentation attributes.'
    fragments:
    - 324-deprecate-hvac.yml
    - 325-fix attributes.yml
    - 340-deprecate-core-211-212.yml
    - 4.1.0.yml
    modules:
    - description: Perform a list operation against HashiCorp Vault
      name: vault_list
      namespace: ''
    plugins:
      lookup:
      - description: Perform a list operation against HashiCorp Vault
        name: vault_list
        namespace: null
    release_date: '2023-01-18'
  4.2.0:
    changes:
      bugfixes:
      - hashi_vault lookup - a term string with duplicate options would silently use
        the last value. The lookup now shows a warning on option duplication (https://github.com/ansible-collections/community.hashi_vault/issues/349).
      deprecated_features:
      - hashi_vault lookup - in ``v5.0.0`` duplicate term string options will raise
        an exception instead of showing a warning (https://github.com/ansible-collections/community.hashi_vault/issues/356).
      release_summary: This release contains a new module for KVv2 writes, and a new
        warning for duplicated term string options in the ``hashi_vault`` lookup.
    fragments:
    - 350-raise-error-on-option-duplication-in-term-string.yml
    - 4.2.0.yml
    modules:
    - description: Perform a write operation against a KVv2 secret in HashiCorp Vault
      name: vault_kv2_write
      namespace: ''
    release_date: '2023-03-26'
  4.2.1:
    changes:
      release_summary: This patch version updates the documentation for the ``vault_kv2_write``
        module. There are no functional changes.
    fragments:
    - 4.2.1.yml
    release_date: '2023-04-27'
  5.0.0:
    changes:
      breaking_changes:
      - Support for ``ansible-core`` 2.11 and 2.12 has been removed (https://github.com/ansible-collections/community.hashi_vault/issues/340).
      - The minimum version of ``hvac`` for ``community.hashi_vault`` is now ``1.1.0``
        (https://github.com/ansible-collections/community.hashi_vault/issues/324).
      - hashi_vault lookup - duplicate option entries in the term string now raises
        an exception instead of a warning (https://github.com/ansible-collections/community.hashi_vault/issues/356).
      release_summary: This version makes some relatively minor but technically breaking
        changes. Support for ``ansible-core`` versions ``2.11`` and ``2.12`` have
        been dropped, and there is now a minimum supported version of ``hvac`` which
        will be updated over time. A warning in the ``hashi_vault`` lookup on duplicate
        option specifications in the term string has been changed to a fatal error.
    fragments:
    - 324-minimum-hvac-version.yml
    - 340-drop-core-211-212.yml
    - 356-duplicate-term-options.yml
    - 5.0.0.yml
    release_date: '2023-05-11'
  5.0.1:
    changes:
      bugfixes:
      - vault_write - the ``vault_write`` lookup and module were not able to write
        data containing keys named ``path`` or ``wrap_ttl`` due to a bug in the ``hvac``
        library. These plugins have now been updated to take advantage of fixes in
        ``hvac>=1.2`` to address this (https://github.com/ansible-collections/community.hashi_vault/issues/389).
      release_summary: This release fixes a bug in ``vault_write`` ahead of the collection's
        next major release.
    fragments:
    - 381-localenv_docker.yml
    - 404-vault_write-spicy-keys.yml
    - 5.0.1.yml
    release_date: '2023-11-05'
  6.0.0:
    changes:
      breaking_changes:
      - The minimum required version of ``hvac`` is now ``1.2.1`` (https://docs.ansible.com/ansible/devel/collections/community/hashi_vault/docsite/user_guide.html#hvac-version-specifics).
      release_summary: This major version of the collection has no functional changes
        from the previous version, however the minimum versions of ``hvac`` and ``ansible-core``
        have been raised. While the collection may still work with those earlier versions,
        future changes will not test against them.
      removed_features:
      - The minimum supported version of ``ansible-core`` is now ``2.14``, support
        for ``2.13`` has been dropped (https://github.com/ansible-collections/community.hashi_vault/pull/403).
    fragments:
    - 403-core-vault-python.yml
    - 6.0.0.yml
    release_date: '2023-11-05'
  6.1.0:
    changes:
      major_changes:
      - requirements - the ``requests`` package which is required by ``hvac`` now
        has a more restrictive range for this collection in certain use cases due
        to breaking security changes in ``ansible-core`` that were backported (https://github.com/ansible-collections/community.hashi_vault/pull/416).
      release_summary: This release addresses some breaking changes in core that were
        backported.
    fragments:
    - 416-core-changes.yml
    - 6.1.0.yml
    release_date: '2024-01-02'
  6.2.0:
    changes:
      minor_changes:
      - cert auth - add option to set the ``cert_auth_public_key`` and ``cert_auth_private_key``
        parameters using the variables ``ansible_hashi_vault_cert_auth_public_key``
        and ``ansible_hashi_vault_cert_auth_private_key`` (https://github.com/ansible-collections/community.hashi_vault/issues/428).
      release_summary: This release contains a dozen+ new modules for working with
        Vault's database secrets engine and some new ``vars`` entries for specifying
        public and private keys in ``cert`` auth.
    fragments:
    - 429-add-cert-auth-variables.yml
    - 6.2.0.yml
    modules:
    - description: Configures the database engine
      name: vault_database_connection_configure
      namespace: ''
    - description: Delete a Database Connection
      name: vault_database_connection_delete
      namespace: ''
    - description: Returns the configuration settings for a O(connection_name)
      name: vault_database_connection_read
      namespace: ''
    - description: Closes a O(connection_name) and its underlying plugin and restarts
        it with the configuration stored
      name: vault_database_connection_reset
      namespace: ''
    - description: Returns a list of available connections
      name: vault_database_connections_list
      namespace: ''
    - description: Creates or updates a (dynamic) role definition
      name: vault_database_role_create
      namespace: ''
    - description: Delete a role definition
      name: vault_database_role_delete
      namespace: ''
    - description: Queries a dynamic role definition
      name: vault_database_role_read
      namespace: ''
    - description: Returns a list of available (dynamic) roles
      name: vault_database_roles_list
      namespace: ''
    - description: Rotates the root credentials stored for the database connection.
        This user must have permissions to update its own password.
      name: vault_database_rotate_root_credentials
      namespace: ''
    - description: Create or update a static role
      name: vault_database_static_role_create
      namespace: ''
    - description: Returns the current credentials based on the named static role
      name: vault_database_static_role_get_credentials
      namespace: ''
    - description: Queries a static role definition
      name: vault_database_static_role_read
      namespace: ''
    - description: Trigger the credential rotation for a static role
      name: vault_database_static_role_rotate_credentials
      namespace: ''
    - description: Returns a list of available static roles
      name: vault_database_static_roles_list
      namespace: ''
    release_date: '2024-03-19'