There are a few key reasons that you need to look at Vault by HashiCorp. If you’re in the business of IT on the Operations or the Development side of the aisle, you should already be looking at the entire HashiCorp ecosystem of tools. Vault is probably one that has my eye the most lately other than Terraform. Here is why I think it’s important:
- Secret management is difficult
- People are not good at secret management
- Did I mention that secret management was difficult?
There are deeper technical reasons around handling secrets with automated deployments and introducing full multi-environment CI/CD, but the reality for many of the folks who read my blog and who I speak to in the community is that we are really early in our traditional application management to next-generation application management evolution. What I mean is that we are doing some things to enable better flow of applications and better management of infrastructure with some lingering bad practices.
Let’s get to the good stuff about HashiCorp Vault that we are talking about today.
Announcing HashiCorp Vault Enterprise version 0.7!
This is a very big deal as far as release go for a few reasons:
- Secure multi-datacenter replication
- Expanded granularity with Access Control policies
- Enhanced UI to manage existing and new Vault capabilities
Many of the development and operations teams are struggling to find the right platform for secret management. Each public cloud provider has their own self-contained secret management tool. Many of the other platform providers such as Docker Datacenter also have their own version. The challenge with a solution that is vendor or platform specific is that you’re locked into the ecosystem.
Vault Enterprise as your All Around Secret Management
The reason that I’ve been digging into lots of the HashiCorp tools over the last few years is that they provide a really important abstraction from the underlying vendor platforms which are integrated through the open source providers. As I’ve moved up the stack from Vagrant for local builds and deployment to Terraform for IaaS and cloud provider builds, the secret management has leapt to the fore as an important next step.
Vault has both the traditional open source version and also the Vault Enterprise offering. Enterprise gives you support, and a few nifty additions that the regular Vault product don’t have. This update includes the very easy-to-use UI:
Under the replication area in the UI we can see where our replicas are enabled and the status of each of them. The replication can ben configured right in the UI by administrators which eases the process quite a bit:
Replication across environments ensures that you have the resiliency of a distributed environment, and that you can keep the secret backends close to where they are being consumed by your applications and infrastructure. This is a big win over standalone version which required opening up VPNs, or serving over HTTPS which was the way many have been doing it in the past. Or, worse, they were running multiple vaults in order to host one on each cloud or on-prem environment.
We have response wrapping very easily accessible in the UI:
As mentioned above, we also have the more granular policy management in Vault Enterprise 0.7 as you can see here:
If you want to get some more info on what HashiCorp is all about, I highly suggest that you have a listen to the recent podcasts I published over at the GC On-Demand site including the first with founder Mitchell Hashimoto, and the second with co-foudner Armon Dadgar. Both episodes will open up a lot of detail on what’s happening at HashiCorp, in the industry in general, and hopefully get you excited to kick the tires on some of these cool tools!
Congratulations to the HashiCorp team and community on the release of Vault Enterprise 0.7 today! You can read up on the full press release of the Vault Enterprise update here at the HashiCorp website.