In As part of its European Conference Day Hashidays The company specializes in cloud and infrastructure tools HashiCorp announced new functions for its products and explained how it will organize its product portfolio more clearly in the future. Integration between products has also improved. For example Nomad And Consul: There, users repeatedly complained about gaps in which one product already had tasks that could not be handled in another. HashiCorp has now fixed this; Consul is now a natural runtime environment for Nomad. This also applies in the other direction: Consul tasks can be executed in a time-controlled manner using cron-like expressions.
Advertisement
New names for well-known products were also announced. What is new is that HashiCorp divides these into two broad categories. On the one hand, infrastructure terraform, wrapper, waypoint and nomads. Category two is called security and includes Arch, Limit and Consul.
under one roof
All products are together “HashiCorp (HCP) Cloud Platform”. The former “Terraform Cloud” is now called “hcp terraform” the same applies HCP Vagrant. Both belong to the “HCP Cloud Platform”. In general, the naming is now consistent with the prefix “HCP”. “HCP Cloud Platform” is now also available in a European version. HashiCorp thus fulfills the wish of many customers to keep their data in Europe if possible. The primary data center is in Dublin, Ireland. If it fails, services will continue in Frankfurt/Main. At the moment only “HCP Terraform” is available. The Vagrant equivalent is still to come.
Innovation in infrastructure
Most of the new features are in the infrastructure area. It starts with the “HCP Packer”. The tool now knows webhooks. This way, lifecycle management for images can be integrated and automated into the workflow in a simple and familiar way. In addition, metadata is more visible to the user. This makes it easier to determine which components and which version were used. One of the changes in Terraform is “AWS Cloud Control Provider” Highlighting. This is the result of a strategic partnership between HashiCorp and the Internet giant AWS. New AWS functions and services can now also be used immediately for Terraform via the Cloud Control API. There are also extensions to the “HCP Terraform Agent” and Explorer. The latter includes improved search filters and more accurate reports on managed resources. Agent extensions now allow the use of self-managed version control or policy systems. HCP Terraform users can now also implement their own configuration functions.
The infrastructure part ends with “HCP Waypoint Actions”. These now allow the integration of day-to-day operations and workflows via Github Actions, Jenkins, or other third-party services. In a personal conversation with Heise Online, Field CTO Sarah Polan described “HCP Waypoint Actions” as one of her favorite actions.
HashiCorp has developed an integration in collaboration with AWS.
Most of the announcements in the field of security come from the field of secrets management. Here Sarah Polan’s favorite function is the “HCP Vault Radar”. It allows passwords and other secrets to be found in the source code and even correlated with Vault. In the beta version, Confluence and Jira can also serve as data sources. Otherwise GitHub, Gitlab and Bitbucket are included. This is now an easy way to curb the unwanted publication of passwords and other secrets. These can now also be synchronized with other secret managers. This allows central management and control of secrets across multiple devices and platforms. A simple example is the integration of Vault with GitHub Actions. This means that all the advantages of password management with Hashicorp tools can also be used for workflows in this version control system if they are based on secrets. This also includes the integration of major cloud providers and their in-house systems for monitoring and controlling secrets.
The HCP Vault Radar tracks secrets so they are not accidentally published.
Swirling Mysteries
With Vault, HashiCorp wants to not only enable the use of dynamic, i.e. short-lived, passwords, but also make them the norm. An important milestone in this direction is regular rotation. Vault can now do this automatically for some applications – just for starters MongoDB And Twilio. The forced rotation period can be set by the administrator and can also be triggered early. There is typically an overlap period between the old and new passwords. This is intended to minimize operational failures in borderline cases.
Good news for the OpenShift world: Vault Secrets Operator now supports OpenShift as well. This is actually a must, since both HashiCorp and RedHat are subsidiaries of IBM and therefore part of the same family.
HCP now also supports the so-called “workload identity federation” for applications and services in the clouds of Amazon, Google and Microsoft. This means that passwords are completely gone there. The function allows you to map the Vault identity token to the login function of the corresponding IdP (identity provider). There is also an innovation for Boundary, a tool to give administrators access to services and servers. Specifically, it is about recording SSH sessions. Until now, you could only save these to AWS S3. Now this is also possible MinioSo that you can store the data completely outside the cloud, within your own four walls.
Overall, HashiCorp has completely reorganized its ecosystem and improved interactions. It starts with names, extends to various integration functions and ends with clean classification and categorization.
(Yam)
