HashiCorp Releases HCP Vault to Combat ‘Secrets Management’ Fatigue
The release of the Hashicorp Cloud Platform (HCP) Vault, HashiCorp’s popular secrets security management tool as a cloud service, represents the company’s latest installment as part of its ambition to meet cloud native deployment and management requirements through a single platform. To this end, HashiCorp’s HCP platform now includes its Consul service mesh and Terraform, as well as Vault.
The Vault 1.7 GA release serves “as the base for all clusters,” HashiCorp director of product marketing Chris Kent told The New Stack.
HCP Vault was designed for cloud-based secrets management, the digital authentication credentials (passwords, keys, tokens, etc) required for accessing systems and applications. For the organization, managing who has access to what and when has always posed a challenge. And the explosion in demand for network access to accommodate remote workers since the beginning of the pandemic has made secrets management that much more resource-draining.
“Zero Trust” security is certainly a goal for many, if not most, organizations, but the secrets management involved to get there can lead to so-called “secrets fatigue.” Relying on manual processes to maintain secrets access can obviously tax the productivity of DevOps team members who must allocate time for secrets management instead of developing or managing applications.
As a solution, according to HashiCorp, HCP Vault should thus help to reduce the time and complexity of allocating secrets access for Amazon Web Services deployments (Kent said “stay tuned” when asked when HCP Vault would become available on Azure and Google Cloud). HCP Vault thus allows users to secure, store and control access to tokens, passwords, certificates and encryption keys within a single cloud-based platform, “thus reducing any secret sprawl that may have been present across various applications,” Kent said.
“Vault running on HCP is fully managed by HashiCorp and secures your infrastructure through a single interface to control access to all of your sensitive data and systems,” Kent said. “By providing push-button deployment, fully managed upgrades, backups and monitoring, organizations and developers can focus on adoption and integration instead of operational overhead. HCP Vault clusters fit into any workload and automatically scale with clusters that can be deployed in minutes.”
In addition to touting HCP Vault’s simplicity to set up — involving creating HashiCorp Virtual Network (HVN) and a Vault cluster and then connecting those to the organization’s existing AWS deploying, HCP Vault offers a flexible pricing model, the company maintains. HashiCorp says the HCP version of Vault will allow organizations to adopt a more flexible pricing model — as opposed to the traditional way of downloading, installing and managing Vault directly — while paying a set fee.
For pricing, HashiCorp communicated the following options for HCP Vault:
- Development cluster: The “best way” to get started testing HCP Vault in AWS environments, this option is a non-production, single-node deployment of Vault billed by the hour,” Justin Weissig, a HashiCorp marketing manager, wrote in a blog post.
- Standard cluster: For production workflows, recommended for provisioning a multi-node highly available cluster. “This will launch a three-node Vault deployment that is ready to handle production-grade workloads,” Weissig wrote.
- Standard cluster: an annual pricing plan for organizations that plan to run large production deployments on HCP Vault.
Both HCP Consul and HCP Vault are now available on AWS, following on a previous promise to make HCP available for Azure and GCP (without disclosing an exact timeline). HashiCorp also plans to eventually make all of its HashiCorp products available on HCP, including its recently announced Boundary, an open source project for identity-based access management.