10 years of Hashiconf: Products from HashiCorp and Red Hat move closer together

HashiCorp's in-house conference is always a melting pot of innovations from the world of Terraform, Vault, etc. This is no different in its tenth year. Co-founder and CTO Armon Dagdar began with in-house innovations, initially from the infrastructure sector. HCP (HashiCorp Cloud Platform) Terraform Stacks is now officially available and released for productive use. The same applies to the option of using your key management system to protect sensitive data. In HashiCorp parlance, this is called “HCP Terraform hold your key.” What's new is that you can now use HCP Terraform Search to search for and import resources, such as computers in AWS.

The associated search for these objects is carried out as declarative queries. The user can then trigger the import into Terraform within the results list. This is very useful if you want to bring objects into the HashiCorp world that the user has created manually or with other tools. Terraform Search is available as a public beta. The same applies to HCP Terraform Actions. This can be used to trigger virtually any action, such as restarting an application or deleting old log files. Terraform can also use the mechanisms of platforms such as Ansible or Kubernetes.

What the IBM takeover brings

The first fruits of IBM's takeover of HashiCorp can also be seen here. Firstly, there is the integration with Ansible. Terraform can now add the installed objects to the AAP (Ansible Automation Platform) inventory. It also sends an event to EDA (Event Driven Ansible), which then triggers the corresponding playbooks. Arman Dagda referred to this as the connection between IaC (Infrastructure as Code) and CaC (Configuration as Code). There is also new collaboration within the IBM family in other areas. Terraform can get the costs, including suggestions for improvement, for existing cloud objects from Apptios Cloudability. The official name for this function is Terraform Run Task Integration into Cloudability and is still in the beta phase.

Armon Dagdar also brought some news in the area of security. There is now a VSCode IDE plugin (Integrated Development Environment) for HCP Vault Radar. This is HashiCorp's solution for dealing with the proliferation and unwanted distribution of passwords and the like. The user installs the plugin within his IDE. If he now enters login information within his code, an alarm window appears. This not only names the misbehavior but also offers a remedy. The user can import the login data directly into HCP Vault and manage it there.

Similarly, Vault Radar can also help with the SaaS version of Jira if a user wants to write login data to a ticket. The IDE plugin is still in beta, but Jira scanning is already generally available and can be used productively.

First steps towards integration

There is also news from IBM in the area of security. Red Hat has certified the Vault Secret Store CSI (Container Storage Interface) for Openshift. A quasi-formal step and actually overdue. After all, HashiCorp and Red Hat belong to the same family—IBM. Openshift pods can now access certified data in Vault. According to Armon Dagdar, there is still a long way to go for full integration, but the first steps have been taken.

Another new security feature: HashiCorp has the Boundary product for interactive access. This can now automatically set the user password for RDP (Remote Desktop Protocol) connections. The user practically does not need to know the password. When the RDP connection is called up, Boundary injects it without the user even having to click anything.

(dahe)