Multi-cloud automation outfit HashiCorp has used its annual HashiConf Digital conference to unveil betas galore, as well as pull the covers off a new open source project.
As the name implies, HCP Vault is all about secrets management and aimed at controlling access to sensitive data such as passwords, certificates and encryption keys. The service will also enable secure networking for workloads across EKS, EC2 and Lambda, "and many other AWS services," according to the company.
And there is the rub. HCP Vault (unlike its non-HCP sibling) only supports AWS at present (and only in us-west-2 at that), although the company plans to bring the managed service to other providers in the future. Vault fans will also be disappointed to learn that only one cluster size is supported during the private beta (although more configuration "will be available shortly.")
HashiCorp Cloud Platform unveiled – but in private beta for AWS onlyREAD MORE
While HCP Vault is in private beta, HashiCorp nudged its managed networking and service mesh product, HCP Consul, into public beta.
Also only supporting AWS at present (in HashiCorp-managed guise), HCP Consul ticks all the buzzword bingo boxes with a first-class Kubernetes integration (with Elastic Kubernetes Service – EKS – of course.) Its service mesh is aimed at getting systems to talk both within Kubernetes and to other, more traditional, runtime platforms (so long as they are on AWS for the time being.)
The move from private to public beta has seen the blessed addition of a simplified set-up (although the company cautions that the zero-configuration option is really only to "kick the tires") as well as improved identity management and access control.
For those sticking with the original Consul line, the company also rolled out a public beta of Consul 1.9 with a new topology tab in the UI for better visualisation, streaming to drop CPU and bandwidth usage, and allowing for the installation of Consul via Helm chart in OpenShift. Still to come to HCP Consul is WAN federation, which will span multiple cloud providers and availability zones to create a global service mesh.
A key feature of the HashiCorp Cloud Platform is the HashiCorp Virtual Network (HVN), which abstracts things over multiple cloud providers (around an isolated single-tenant network.) The company plans cross-cloud provider peering in the future.
Finally, HashiCorp unveiled the Boundary open source project, aimed at granting access to systems using the principle of least privilege. Currently at version 0.1, Boundary is designed to work for a given system rather than the network on which the system resides.
"Boundary," explained the team. "authenticates and authorizes each request, mapping users to services or hosts at the application layer."
The system requires a SQL database a Key Management Store (KMS) to do its stuff, with the database dealing with session and configuration and two keys from the KMS. One key is needed by Boundary's Controllers and Workers, while the other is required by Controllers and is for encrypting secret values in the database.
The Controllers serve the API and deal with session requests, while the Workers perform session handling within the Boundary world.
Boundary is an interesting concept, but has a little way to go before it becomes more widely useful: OIDC authentication and HashiCorp Vault integration are planned as well as target catalogs pulled from Consul, AWS, Azure and GCP. ?