Skip to content

Commit

Permalink
Add the Tokenization/Rotation persistence issue as a Known Issue (#19542
Browse files Browse the repository at this point in the history
) (#19558)
  • Loading branch information
sgmiller authored Mar 17, 2023
1 parent 89ca906 commit 835123a
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 0 deletions.
2 changes: 2 additions & 0 deletions website/content/docs/upgrading/upgrade-to-1.10.x.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,8 @@ to understand how the built-in resources are used in the system.

@include 'raft-panic-old-tls-key.mdx'

@include 'tokenization-rotation-persistence.mdx'

### Errors returned by perf standbys lagging behind active node with Consul storage

The introduction of [Server Side Consistent Tokens](/docs/faq/ssct) means that
Expand Down
2 changes: 2 additions & 0 deletions website/content/docs/upgrading/upgrade-to-1.11.x.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -26,3 +26,5 @@ API path by setting the [bool config option](/api-docs/secret/databases/elasticd
## Known Issues

@include 'raft-retry-join-failure.mdx'

@include 'tokenization-rotation-persistence.mdx'
14 changes: 14 additions & 0 deletions website/content/partials/tokenization-rotation-persistence.mdx
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
### Rotation configuration persistence issue could lose Transform Tokenization key versions

A rotation performed manually or via automatic time based rotation after
restarting or leader change of Vault, where configuration of rotation was
changed since the initial configuration of the tokenization transform can
result in the loss of intermediate key versions. Tokenized values from
these versions would not be decodeable. It is recommended that customers
who have enabled automatic rotation disable it, and other customers avoid
key rotation until the upcoming fix.

#### Affected Versions

This issue affects Vault Enterprise with ADP versions 1.10.x and higher. A
fix will be released in Vault 1.11.9, 1.12.5, and 1.13.1.

0 comments on commit 835123a

Please sign in to comment.