Cloud Services / Security / Tools

HashiCorp Adds Vault to Its Cloud Platform, Launches Access Security Project

14 Oct 2020 11:44am, by

Infrastructure software and services provider HashiCorp made its popular Vault secrets security management tool available on HashiCorp Cloud Platform (HCP). The company has also launched of Boundary, an open source project for identity-based access management.

The company did not communicate a timeline when or if Boundary would eventually become available as part of its HCP cloud offering. However, during a presentation, HashiCorp co-founder and Chief Technology Officer Armon Dadgar described HashiCorp’s goals to “be able to deliver all of the HashiCorp core products as a managed service so you get that push-button deployment.”

“Then, the onus of operations, patching, security, etc. is a HashiCorp core problem and not an end-user problem,” Dadgar said. “So really, the focus is on ‘how quickly can we get the value of the product — how much of the operational burden, can we get rid of. And you also get it across all of the major public cloud environments.”

Vault in the Cloud

With the HCP version of Vault-as-a-service, users will be able to adopt a more flexible pricing model, the company said, as opposed to the traditional way of downloading, installing and managing Vault directly while paying a set fee for the use of its proprietary features. While HashiCorp said the cloud platform version of Vault will be made available for multicloud deployments, thus far this option is limited to Amazon Web Services (AWS).

HashiCorp’s Consul was the first service available on HCP. Eventually, HCP will be available for Azure and GCP, as well as for AWS (an exact timeline was not disclosed).

Vault’s availability on a cloud platform “brings us closer to helping customers who are consuming Vault as is,” Chris Kent, director of product marketing at HashiCorp, told The New Stack. “It really allows for more rapid push-button deployments and improves multicloud deployment workflow, while not having to worry about the management themselves [for ultimately] faster cloud adoption, increased productivity and flexibility.”

Eventually, users should be able to also rely on HashiCorp’s Terraform, Vault, Consul and Nomad across multiple clouds with HCP, the company previously said.

New Boundary

HashiCorp Boundary open source project — available for download only as mentioned above — was designed to help to improve access to data while at the same time more tightly and efficiently restricting access. Instead of requiring operations team members to create and manage firewall rules for specific access, Boundary is designed to equip users with all the data and network access privileges they require during the on-boarding process. In a blog post, HashiCorp communicated that Boundary 0.1 does this by enabling authenticated and authorized TCP sessions to applications through role-based access controls (RBAC).

While still in the early development stage pending future commits and contributions, HashiCorp said it is developing OpenID Connect (OIDC) authentication and target catalogs from HashiCorp Consul, AWS, Azure and GCP for Boundary.

On a user level, Boundary will allow “practitioners and operators to basically access any system from anywhere based on identity,” Kent told the New Stack.

At the same time, Boundary features reflect HashiCorp’s “Zero Trust” approach with its access security capabilities. “You have to inherently think that you or someone on your network is going to be breached,” he said. “Part of our announcement is really around the idea that we look at security as moving into this multicloud reality as a different trust model,” he said.

Boundary complements what HashiCorp communicated as its “four pillars of multicloud security”:

  • machine authentication and authorization (via Vault).
  • machine-to-machine access (via Consul).
  • human authentication and authorization (via trusted identity providers).
  • human-to-machine access (via Boundary).

As mentioned above, the shift of HashiCorp’s tools to become available as services that can be consumed directly in a cloud environment help organizations “focus on the adoption side of it and actually getting value, rather than necessarily having to focus on deploy or operate capabilities of the tool,” Dadgar said.

“What we’ve heard from our users and from our customers is ‘we don’t necessarily want to have to do all of this work just to get the capabilities of the tool,’” Dadgar said. “How can we just focus on the adoption side of it and actually getting value, rather than necessarily having to focus on deploy or operate.”