Mar 22 2018 Nicolas Corrarello
A brief history on how to secure your workflow for job deployments in Nomad
A lot of HashiCorp users and employees love our whole suite of products, but like with your grandmother, it’s almost impossible not to have one slight predilection over one of our creations (says the favorite grandchild). In my case, my predilection for HashiCorp Nomad is quite evident, to the point of being a running joke among the European team. I think not a single customer meeting goes by without someone saying "yeah, that’s Nomad, Nico’s favorite product…".
Mar 22 2018 Brian Burns
GMO Media Uses HashiCorp Terraform Enterprise to Automate Infrastructure Provisioning
GMO Media of Japan decided to use HashiCorp Terraform Enterprise to provision new services onto the public cloud, while also allowing them the possibility to provision the same workflows to one or more public clouds.
Mar 21 2018 Andy Manoske
Preparing for GDPR Compliance with HashiCorp Vault
Here at HashiCorp, we've been releasing features and constructing a roadmap for Vault that specifically assists in helping your organization comply with GDPR, or the General Data Protection Regulation standard that is set to go live in May 25, 2018. We're excited to share and explain how some of these Vault features can be used to comply with specific GDPR articles.
We specifically developed Vault to manage, store, and protect sensitive information in a way that reduces secret sprawl but also enables global organizations to operate at a very large scale. In a world where secrets are spread in a global manner, this use case is critical especially if you are spanning your infrastructure across multiple public and private clouds. In the context of GDPR, this use case becomes extremely critical, as it requires us to be more sensitive to where our data is moving or sitting at any given time physically and forces us to put our best effort to protect the data sovereignty of our sensitive information.
Mar 20 2018 Nandor Kracser
Secure Kubernetes Deployments with Vault and Banzai Cloud
At Banzai Cloud we are building an open source next generation platform as a service, Pipeline - built on Kubernetes. With Pipeline we provision large multi-tenant Kubernetes clusters on all major cloud providers and deploy different workloads to these clusters. We needed to find an industry standards based way for our users to publish and interact with protected endpoints and at the same time provide dynamic secret management for all the different applications we support, all these with native Kubernetes support. After several proof-of-concepts, we chose Hashicorp Vault. In this post we’d like to highlight how we use Vault and provide technical insight into the available options.
Mar 20 2018 Anubhav Mishra
We are excited to introduce HashiCast - a podcast about the world of cloud infrastructure. This podcast will highlight people, and technology from companies in the technology community, as well as insight and news from HashiCorp itself. We have a great lineup of guests for HashiCast, and we can’t wait to share them with you!
Mar 15 2018 Nicolas Corrarello
Continuously Integrating Policy Into Vault
Whenever adopting any new software products, there are always operational considerations. Particularly in the case of HashiCorp Vault, HashiCorp’s centralized secrets management solution, is a double edge sword, where the security is only as good as the governance around it
Mar 13 2018 Anubhav Mishra
Authenticating Applications with HashiCorp Vault AppRole
The AppRole auth method provides a workflow for application or machines to authenticate with Vault. This post explores how applications and machines can use AppRole auth method to authenticate with Vault in a modern CI/CD pipeline.
Mar 07 2018 Jeff Silberman
On-demand Container Storage with HashiCorp Nomad
No one wants to manage storage, but high-value applications aren’t going to run without it. In an ideal world, storage would “just be there” without having to think about it --- or provision and manage it, right?
Portworx, a software-defined persistent storage solution for container workloads, provides a highly-available elastic data fabric. Portworx cloud native storage allows jobs to seamlessly run hyper-converged with the storage layer for best performance --- and also provides a rich spectrum of options for data availability.
Mar 06 2018 Nicolas Corrarello
Understanding the Performance Overhead of Encryption
Every modern application has a requirement for encrypting certain amounts of data. The traditional approach has been either relying on some sort of transparent encryption. While this clearly minimizes the requirement for encryption within the application, it doesn’t secure the data from attacks like a SQL Injection, or someone just dumping data since their account had excessive privileges, or though exposure of backups.
Mar 01 2018 Armon Dadgar
Why We Need Dynamic Secrets
Secret management is one of the core use cases for Vault. Today, many organizations have credentials hard coded in source code, littered throughout configuration files and configuration management tools, and stored in plaintext in version control, wikis, and shared volumes. Vault provides a central place to store these credentials, ensuring they are encrypted, access is audit logged, and exposed only to authorized clients. Achieving this centralization is a huge improvement in security posture, but its not the end of the journey. This is because applications don't keep secrets! Vault presents an answer to this problem in the form of "Dynamic Secrets".
Feb 22 2018 Jeff Ploughman
Using Vault to Build an Ethereum Wallet
This is a guest post by Jeff Ploughman, a Security Architect at T. Rowe Price and founder of the DC-Baltimore HashiCorp User Group; this work was done in his role as an Ethereum aficionado and open source contributor.
HashiCorp Vault focuses on keeping application data secure across distributed infrastructure by tightly coupling your trusted identity with brokering access and managing sensitive organizational information and secrets. An Ethereum Wallet (add link) is a gateway to decentralized applications on the Ethereum blockchain. It allows you to hold and secure ether and other crypto-assets built on Ethereum, as well as deploy and use smart contracts. This blog will look at how the two can work seamlessly together.
Feb 20 2018 Anubhav Mishra
Announcing HashiCorp Diversity Scholarship Program
Last year, HashiCorp gave away a number of conference passes to the various organizations to join us for HashiConf, our flagship user conference. This year we are excited to build on that contribution and introduce HashiCorp Diversity Scholarship Program. The intent is to assist members of our community who are from underrepresented groups in the technology and open source communities with these scholarships— to cover the costs associated with HashiConf or HashiDays conferences.
Feb 16 2018 Chris Roberts
Updating the Vagrant VMware Plugin
The Vagrant VMware plugin will fail to activate with HashiCorp servers starting on February 18th, 2018. For the next 30 days after this date, currently installed VMware plugins will start to encounter errors activating their license.
Feb 16 2018 Peter McCarron
New Terraform Providers: Palo Alto Networks, Open Telekom Cloud
We are proud to announce two new providers now available for HashiCorp Terraform. This blog will give a more detailed description on the providers and any helpful links that may provide additional insight. For more information on Terraform providers please visit our docs page.
Feb 14 2018 Nic Jackson
HashiCorp Terraform: Modules as Building Blocks for Infrastructure
Operators adopt tools like HashiCorp Terraform to provide a simple workflow for managing infrastructure. Users write configurations and run a few commands to test and apply changes. However, infrastructure management often extends beyond simple configuration and we require a workflow to build, publish, and share customized, validated, and versioned configurations. Successful implementation of this workflow starts with reusable configuration, in this post we will look at modules, the problems they solve, and how you can leverage them to form the building blocks for your infrastructure.
Feb 08 2018 Anubhav Mishra
Applying Policy as Code to Kubernetes Resources
Using HashiCorp Terraform Enterprise and the Kubernetes provider we can apply fine-grained policy enforcement using Sentinel to Kubernetes resources, before the changes to the resources are applied on the cluster. This blog post explores using Sentinel in Terraform Enterprise to manage Kubernetes clusters and enforce Kubernetes service types and namespace naming conventions.