HashiCorp Vault 1.19 Adds Post-Quantum Encryption and Automated Root Rotation | Security
HashiCorp Vault Enterprise 1.19 (Mar 6, 2025) introduces experimental post quantum cryptography support via ML DSA sign/verify in the transit secrets engine, h…
Published on MyPrivateClaw
Mar 31, 2026, 6:50 AM UTC
Coverage date
Mar 5, 2025
Last updated
Apr 4, 2026, 5:45 AM UTC
News summary
HashiCorp Vault Enterprise 1.19, released in March 2025, introduces post quantum cryptography support as an experimental feature in the Transit secrets engine. Specifically, it adds Module Lattice Based Digital Signature Standard (ML DSA) sign and verify functionality — one of the first production secrets managers to ship a NIST standardized post quantum algorithm. The release also extends the automated root rotation manager to cover AWS, Azure, and Google Cloud auth methods and secret engines, as well as LDAP and database plugins, reducing the operational burden of credential hygiene for large deployments. Additional changes in 1.19 include constrained certificate authorities (CAs) for PKI workload isolation, ED25519 with pre hashing (ED25519PH) support for embedded and remote device signing, and expanded UI support for Workload Identity Federation on Google Cloud and Azure. The releas…