diff --git a/Dockerfile b/Dockerfile
index 81d34ee..8e4c3e3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,83 +1,83 @@
 FROM alpine:3.14
 
 # This is the release of Vault to pull in.
-ARG VAULT_VERSION=1.11.6
+ARG VAULT_VERSION=1.12.2
 
 # Create a vault user and group first so the IDs get set the same way,
 # even as the rest of this may change over time.
 RUN addgroup vault && \
     adduser -S -G vault vault
 
 # Set up certificates, our base tools, and Vault.
 RUN set -eux; \
     apk add --no-cache ca-certificates gnupg openssl libcap su-exec dumb-init tzdata && \
     apkArch="$(apk --print-arch)"; \
     case "$apkArch" in \
         armhf) ARCH='arm' ;; \
         aarch64) ARCH='arm64' ;; \
         x86_64) ARCH='amd64' ;; \
         x86) ARCH='386' ;; \
         *) echo >&2 "error: unsupported architecture: $apkArch"; exit 1 ;; \
     esac && \
     VAULT_GPGKEY=C874011F0AB405110D02105534365D9472D7468F; \
     found=''; \
     for server in \
         hkps://keys.openpgp.org \
         hkps://keyserver.ubuntu.com \
         hkps://pgp.mit.edu \
     ; do \
         echo "Fetching GPG key $VAULT_GPGKEY from $server"; \
         gpg --batch --keyserver "$server" --recv-keys "$VAULT_GPGKEY" && found=yes && break; \
     done; \
     test -z "$found" && echo >&2 "error: failed to fetch GPG key $VAULT_GPGKEY" && exit 1; \
     mkdir -p /tmp/build && \
     cd /tmp/build && \
     wget https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_${ARCH}.zip && \
     wget https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_SHA256SUMS && \
     wget https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_SHA256SUMS.sig && \
     gpg --batch --verify vault_${VAULT_VERSION}_SHA256SUMS.sig vault_${VAULT_VERSION}_SHA256SUMS && \
     grep vault_${VAULT_VERSION}_linux_${ARCH}.zip vault_${VAULT_VERSION}_SHA256SUMS | sha256sum -c && \
     unzip -d /tmp/build vault_${VAULT_VERSION}_linux_${ARCH}.zip && \
     cp /tmp/build/vault /bin/vault && \
     if [ -f /tmp/build/EULA.txt ]; then mkdir -p /usr/share/doc/vault; mv /tmp/build/EULA.txt /usr/share/doc/vault/EULA.txt; fi && \
     if [ -f /tmp/build/TermsOfEvaluation.txt ]; then mkdir -p /usr/share/doc/vault; mv /tmp/build/TermsOfEvaluation.txt /usr/share/doc/vault/TermsOfEvaluation.txt; fi && \
     cd /tmp && \
     rm -rf /tmp/build && \
     gpgconf --kill dirmngr && \
     gpgconf --kill gpg-agent && \
     apk del gnupg openssl && \
     rm -rf /root/.gnupg
 
 # /vault/logs is made available to use as a location to store audit logs, if
 # desired; /vault/file is made available to use as a location with the file
 # storage backend, if desired; the server will be started with /vault/config as
 # the configuration directory so you can add additional config files in that
 # location.
 RUN mkdir -p /vault/logs && \
     mkdir -p /vault/file && \
     mkdir -p /vault/config && \
     chown -R vault:vault /vault
 
 # Expose the logs directory as a volume since there's potentially long-running
 # state in there
 VOLUME /vault/logs
 
 # Expose the file directory as a volume since there's potentially long-running
 # state in there
 VOLUME /vault/file
 
 # 8200/tcp is the primary interface that applications use to interact with
 # Vault.
 EXPOSE 8200
 
 # The entry point script uses dumb-init as the top-level process to reap any
 # zombie processes created by Vault sub-processes.
 #
 # For production derivatives of this container, you shoud add the IPC_LOCK
 # capability so that Vault can mlock memory.
 COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
 ENTRYPOINT ["docker-entrypoint.sh"]
 
 # By default you'll get a single-node development server that stores everything
 # in RAM and bootstraps itself. Don't use this configuration for production.
 CMD ["server", "-dev"]
diff --git a/Makefile b/Makefile
index 4ee097a..a6fe73f 100644
--- a/Makefile
+++ b/Makefile
@@ -1,27 +1,27 @@
 export REGISTRY_NAME?=docker.io/hashicorp
-export VERSION=1.11.6
+export VERSION=1.12.2
 
 .PHONY: build ent-image oss-image xc-prod-image
 
 build: ent-image oss-image
 
 ent-image: export PROJECT_NAME=vault-enterprise
 ent-image: export TAG_SUFFIX=_ent
 ent-image: 
 	docker build --label version=$(VERSION) --build-arg VAULT_VERSION=$(VERSION)+ent --no-cache -t $(REGISTRY_NAME)/$(PROJECT_NAME):$(VERSION)$(TAG_SUFFIX) .
 	@../scripts/tag-images.sh
 
 oss-image: export PROJECT_NAME=vault
 oss-image:
 	docker build --label version=$(VERSION) --build-arg VAULT_VERSION=$(VERSION) --no-cache -t $(REGISTRY_NAME)/$(PROJECT_NAME):$(VERSION) .
 	@../scripts/tag-images.sh
 
 # This target is used in CI to cross compile vault and vault-ent for 4 different architectures
 # and publish (when XC_PUBLISH="--push") using docker buildx
 xc-prod-image:
 	docker buildx build --platform linux/amd64,linux/arm64,linux/386,linux/arm/v6 \
 	--build-arg VAULT_VERSION=$(VERSION)$(VAULT_VERSION_SUFFIX) \
 	--label version=$(VERSION) \
 	$(XC_PUBLISH) \
 	-t $(IMAGE_TAG) \
 	.