Long-term support for Vault
Long-term support (LTS) eases upgrade requirements for installations that cannot upgrade frequently, quickly, or easily.
Vault upgrades are challenging, especially for sensitive or critical workflows, extensive integrations, and large-scale deployments. Strict upgrade policies also require significant planning, testing, and employee hours to execute successfully.
Customers who need assurances that their current installation will receive critical bug fixes and security patches with minimal service disruptions should consider moving to a Vault Enterprise version with long-term support.
Long-term support offers extended maintenance through minor releases for select, major Vault Enterprise versions.
The standard support period and end of life policy covers "N−2" versions, which means, at any given time, HashiCorp maintains the current version ("N") and the two previous versions ("N−2").
Vault versions typically update 3 times per calendar year (CY), which means that standard maintenance for a given Vault version lasts approximately 1 year. After the first year, LTS Vault versions move from standard maintenance to extended maintenance for three additional major version releases (approximately one additional year) with patches for bugs that may cause outages and critical vulnerabilities and exposures (CVEs).
| Maintenance updates | Standard maintenance | Extended maintenance |
|---|---|---|
| Performance improvements | YES | NO |
| Bug fixes | YES | OUTAGE-RISK ONLY |
| Security patches | YES | HIGH-RISK ONLY |
| CVE patches | YES | YES |
You do not need to download a separate binary or set a flag for long-term support. As long as you select an LTS Vault Enterprise version (e.g., 1.16, 1.19) when you install or upgrade your Vault instance, LTS is included.
As of Vault Enterprise 1.16, the first release of a calendar year includes long-term support.
LTS versions overlap by one year with the previous LTS version entering its extended maintenance window when the new LTS version begins its standard maintenance window.
Long-term support is intended for Enterprise customers who cannot upgrade frequently enough to stay within the standard maintenance timeline of one year. The goal is to establish a predictable upgrade path with a longer timeline rather than extending the lifetime for every Vault version.
Long-term support ensures your Vault Enterprise version continues to receive critical patches for an additional three major version releases (approximately one additional year). If you upgrade to a non-LTS version,you are moving your Vault instance to a version that lacks extended support. Non-LTS versions stop receiving updates once they leave the standard maintenance window.
If a newer version of Vault Enterprise includes features you want to take advantage of, you have two options:
- Wait for the next available LTS release to maintain long-term support.
- Upgrade immediately, then upgrade to an LTS release before the standard maintenance window expires.
You should follow your existing upgrade process for major version upgrades but allow additional time. Upgrading from version LTS to LTS+1 translates to jumping 3 major Vault Enterprise versions, which may require transitional upgrades to move through the intermediate Vault versions.