Tools for the cloud: HashiCorp announces features for its cloud platform

The company HashiCorp, developer of partly open-source infrastructure tools such as Terraform, Vault and Nomad, hosted the HashiConf 2024 user conference in Boston. 1400 visitors accepted the invitation. During the keynote, there were numerous announcements of new functions, almost all of which had to do with the HashiCorp Cloud Platform (HCP). The company remained silent about the elephant in the room during the keynote. The only mention was made in a preliminary talk for members of the press: The planned takeover by IBM is still being prepared and the company is looking forward to synergy effects. Those responsible for the ongoing takeover process are not getting carried away with more detailed statements, mainly because the US Securities and Exchange Commission (SEC) is keeping a close eye on what information is published and when.

However, the announcements that co-founder Armon Dadgar had in store for the keynote reveal a clear strategy in light of the takeover announced in April: HashiCorp is strengthening its cloud platform and thus the product that scales best. If the company soon has access to IBM's large customer database, it will be easier to offer such a business model without having to hire masses of experts. Customers who host HashiCorp software such as Vault themselves and only purchase consulting services from HashiCorp are therefore less of a focus at the moment. At the very end of the food chain are all those who only use open source software such as Terraform. In the preliminary discussion, HashiCorp CEO Dave McJannet emphasized that the focus on HCP is also in line with customer interest. Anecdotally, he reported that even regulated companies such as banks are now interested in transferring their secret management to HCP Vault, for example.

News in the area of infrastructure

The announcements relating to HCP concern the two major business areas of "Infrastructure Lifecycle Management" (ILM) and "Security Lifecycle Management" (SLM). The biggest innovation in the ILM area, which includes the Terraform infrastructure management system, is the public beta phase of Terraform Stacks and the integration of stacks into HCP. Terraform Stacks were already presented at the end of 2023, initially only tested in a closed beta and solve the problem that the description of similar environments (classically, for example, testing, staging and production) meant a lot of duplicated and therefore redundant and difficult-to-manage Terraform code. Stacks solve this by combining components into deployments. Anyone can now try out stacks, and another new feature is that such stacks can be managed in the HCP and thus in a graphical user interface. If you are an HCP customer and manage Terraform there, you can control up to 500 resources in the public test phase.

HashiCorp is also sending a "Module lifecycle management" for Terraform into the test phase. This allows platform teams to inform their developers that a Terraform module has reached the end of its career and ask them to update it. This function can also be tested immediately. HashiCorp is obviously aware that a relevant proportion of users have knitted their own scripts for automation around Terraform and are therefore not paying customers. This is now being addressed with a migration assistant, which also includes a Terraform provider that generates Terraform code itself and thus supports the migration of automations to HCP or Terraform Enterprise.

There are two new features for the HCP Waypoint developer portal, which allows platform teams to provide ready-made templates for new applications to developers in the organization. HCP Waypoint is ready to leave the test phase behind. New in the beta are templates and add-ons for Waypoint, as well as Waypoint Actions. With these, the tool learns not only to provide infrastructure once, but also to perform recurring tasks via the platform after the initial setup. As an example, Dadgar showed on stage how developers can use it to control a maintenance mode.

News in the area of security

HashiCorp has also completed new functions in the area of SLM. The company saved the detailed presentation for the keynote on the second day and initially only announced the news in writing. The integration of Vault Radar into HCP was announced at the beginning of the year and tested in a closed beta. Now HCP Vault Radar is ready for public testing: the software searches for secrets (such as passwords, tokens and private keys) in Git and Confluence and thus warns of leaks at an early stage. In addition, an agent can detect such secrets in the pre-commit phase on the way to GitHub and cancel the commit immediately. In the public beta, you can monitor up to 50 repositories.

The auto-rotation of secrets in HCP Vault has been released from the test phase. Secret management can automatically regenerate access data for Amazon AWS, Google Cloud, MongoDB and Twilio after a specified time and pass on the new secret to the applications that work with it.

HashiCorp has its own product for granting people (i.e. developers and admins) access to resources: Boundary allows you to grant people access without giving them permanent access data. New in the beta phase are transparent SSH sessions via Boundary, in which the user simply connects with their SSH client.

HashiConf will take place until October 16. Much of the conference content will be livestreamed free of charge.

Transparency note: The organizer has covered the author's travel expenses to HashiConf in Boston. (jam)