HashiCorp Developer AI Private beta now available Sign up today
Vault
Vault Home

You are viewing documentation for version v1.16.x. View latest version.

Long-term support for Vault

Enterprise

Appropriate Vault Enterprise  license required

Long-term support (LTS) eases upgrade requirements for installations that cannot upgrade frequently, quickly, or easily.

LTS summary

QuestionAnswer
Who should consider long-term support?Enterprise customers using Vault for sensitive or critical workflows.
What is long-term support?Extended maintenance for select, major Vault Enterprise versions. By default, HashiCorp maintains Vault Enterprise versions for one year, which includes feature updates and critical patches. LTS extends maintenance for an additional year with critical patches.
Where do I enable long-term support?You do not need to download a separate binary or set a flag for long-term support. As long as you select an LTS Vault Enterprise version when you install or upgrade your Vault instance, LTS is included.
When are LTS versions released?As of Vault Enterprise 1.16, the first major release of a calendar year includes long-term support.
Why is there a risk to updating to a non-LTS Vault Enterprise version?If you upgrade to a non-LTS Vault Enterprise version, your Vault instance will stop receiving critical updates when that version leaves the default maintenance window.
How do I update my LTS Vault Enterprise installation?Follow your existing Vault upgrade process, but allow extra time for the possibility of transitional upgrades across multiple Vault versions.

Who should consider long-term support?

Vault upgrades are challenging, especially for sensitive or critical workflows, extensive integrations, and large-scale deployments. Strict upgrade policies also require significant planning, testing, and employee hours to execute successfully.

Customers who need assurances that their current installation will receive critical bug fixes and security patches with minimal service disruptions should consider moving to a Vault Enterprise version with long-term support.

What is long-term support?

Long-term support offers extended maintenance through minor releases for select, major Vault Enterprise versions.

The standard support period and end of life policy covers "N−2" versions, which means, at any given time, HashiCorp maintains the current version ("N") and the two previous versions ("N−2").

Vault versions typically update 3 times per calendar year (CY), which means that standard maintenance for a given Vault version lasts approximately 1 year. After the first year, LTS Vault versions move from standard maintenance to extended maintenance for an additional year with with patches for bugs that may cause outages and critical vulnerabilities and exposures (CVEs).

Maintenance updatesStandard maintenanceExtended maintenance
Performance improvementsYESNO
Feature updates and improvementsYESNO
Bug fixesYESOUTAGE-RISK ONLY
Security patchesYESHIGH-RISK ONLY
CVE patchesYESYES

Where do I enable long-term support?

You do not need to download a separate binary or set a flag for long-term support. As long as you select an LTS Vault Enterprise version (e.g., 1.16, 1.19) when you install or upgrade your Vault instance, LTS is included.

When are LTS versions released?

As of Vault Enterprise 1.16, the first release of a calendar year includes long-term support.

LTS versions overlap by one year with the previous LTS version entering its extended maintenance window when the new LTS version begins its standard maintenance window.

Why is there a risk to updating to a non-LTS Vault Enterprise version?

Long-term support is intended for Enterprise customers who cannot upgrade frequently enough to stay within the standard maintenance timeline of one year. The goal is to establish a predictable upgrade path with a longer timeline rather than extending the lifetime for every Vault version.

Long-term support ensures your Vault Enterprise version continues to receive critical patches for an additional year. If you upgrade to a non-LTS version, you are moving your Vault instance to a version that lacks extended support. Non-LTS versions stop receiving updates once they leave the standard maintenance window.

Support and release timeline showing the expected upgrade path from LTS Vault version 1.16.x to LTS Vault version 1.19.x and the shorter maintenance windows for non-LTS versions 1.17.x, 1.18.x, 1.20.x, and 1.21.x Support and release timeline showing the expected upgrade path from LTS Vault version 1.16.x to LTS Vault version 1.19.x and the shorter maintenance windows for non-LTS versions 1.17.x, 1.18.x, 1.20.x, and 1.21.x

VersionExpected releaseStandard maintenance endsExtended maintenance ends
1.19CY25 Q1CY26 Q1 (1.22 release)CY27 Q1 (1.25 release)
1.18CY24 Q3CY25 Q3 (1.21 release)Not provided
1.17CY24 Q2CY25 Q2 (1.20 release)Not provided
1.16CY24 Q1CY25 Q1 (1.19 release)CY26 Q1 (1.22 release)

If a newer version of Vault Enterprise includes features you want to take advantage of, you have two options:

  1. Wait for the next available LTS release to maintain long-term support.
  2. Upgrade immediately, then upgrade to an LTS release before the standard maintenance window expires.

How do I upgrade my Vault Enterprise LTS installation?

You should follow your existing upgrade process for major version upgrades but allow additional time. Upgrading from version LTS to LTS+1 translates to jumping 3 major Vault Enterprise versions, which may require transitional upgrades to move through the intermediate Vault versions.