crypto: deprecate native Hashicorp Vault support (#11352)

This commit deprecates the native Hashicorp Vault support and removes the legacy Vault documentation. The native Hashicorp Vault documentation is marked as outdated and deprecated for over a year now. We give another 6 months before we start removing Hashicorp Vault support and show a deprecation warning when a MinIO server starts with a native Vault configuration.
2025-11-09 13:39:46 -05:00 · 2021-01-30 02:55:37 +01:00
parent 451d9057f3
commit 33554651e9
5 changed files with 26 additions and 312 deletions
--- a/cmd/config-current.go
+++ b/cmd/config-current.go
@@ -480,11 +480,13 @@ func lookupConfigs(s config.Config, setDriveCounts []int) {
 	if err != nil {
 		logger.LogIf(ctx, fmt.Errorf("Unable to setup KMS with current KMS config: %w", err))
 	}
+	globalAutoEncryption = kmsCfg.AutoEncryption // Enable auto-encryption if enabled

-	// Enable auto-encryption if enabled
-	globalAutoEncryption = kmsCfg.AutoEncryption
-	if globalAutoEncryption && !globalIsGateway {
-		logger.LogIf(ctx, fmt.Errorf("%s env is deprecated please migrate to using `mc encrypt` at bucket level", crypto.EnvKMSAutoEncryption))
+	if kmsCfg.Vault.Enabled {
+		const deprecationWarning = `Native Hashicorp Vault support is deprecated and will be removed on 2021-10-01. Please migrate to KES + Hashicorp Vault: https://github.com/minio/kes/wiki/Hashicorp-Vault-Keystore
+Note that native Hashicorp Vault and KES + Hashicorp Vault are not compatible.
+If you need help to migrate smoothly visit: https://min.io/pricing`
+		logger.LogIf(ctx, fmt.Errorf(deprecationWarning))
 	}

 	globalOpenIDConfig, err = openid.LookupConfig(s[config.IdentityOpenIDSubSys][config.Default],