HashiCorp acquires BluBracket to add secrets scanning

Today, HashiCorp announced that it has acquired BluBracket, a startup that enables its customers to easily scan, identify, and address secrets hidden in their source code, development environments, internal websites, chat services, ticketing systems, and other locations. This secret-scanning functionality helps companies deliver secure code without compromising speed or innovation.

BluBracket’s functionality will complement HashiCorp Vault’s secrets management to help prevent accidental leaks and fight secret sprawl. Initially, BluBracket’s detection and remediation workflows will be integrated into Vault to expand HashiCorp’s zero trust security offerings with improved full secret-lifecycle management. HashiCorp expects to announce details about new product capabilities related to the BluBracket acquisition later this year.

Palo Alto, California-based BluBracket helps companies ship secure code without compromising development speed or changing developer workflows. Prakash Linga, BluBracket Co-Founder and CEO, previously founded Vera Security and served as Vice President of Engineering at AppSense.

To share more about the acquisition, James Bayer, HashiCorp’s Senior Vice President of R&D for the Secure product line, sat down with Linga to discuss how the combination of BluBracket and HashiCorp can create a more comprehensive lifecycle of managing secrets and provide a more secure-by-default experience for our customers. (A lightly edited transcript follows the video below.)

James Bayer, HashiCorp:

Prakash, why don't you tell us a little bit about BluBracket?

Prakash Linga, BluBracket:

BluBracket was founded with the mission of bringing security and engineering teams together. Our product focuses on source-code security — finding risks in code and other developer environments. This helps teams ship secure code faster, or at least not slow down release cycles.

One of the key problems we address is secret detection, helping our customers solve the secret sprawl problem, by finding secrets in source code and other environments.

Once they find those secrets, the natural next questions are, "What happens to these secrets? How do we move them? And what do we move them into?” Those are questions we are excited to answer together with HashiCorp.

Bayer:

That's a great fit, because with HashiCorp Vault we've been doing a lot to manage the storage of secrets, managing their lifecycle, and making those secrets available to applications and to people. But we've never had the capability to discover and find secrets and then import them into Vault. I'm super excited our organizations will be working together to make that problem go away.

Can you also tell us, from your perspective, why the BluBracet team is excited to join HashiCorp?

Linga:

As a team made up primarily of engineers, we all have used HashiCorp products pretty heavily, so we’re thrilled to now be part of the team and help build Vault and other related products.

On a more strategic note, when moving from secret detection into remediation, working with HashiCorp Vault creates a unique opportunity for us to help solve this problem end-to-end. Couple that with the thousands of customers that Vault has today, this is an opportunity to bring BluBracket to market in an accelerated fashion, which is extremely compelling to us.

Last but not least, the most compelling reason that I’m so excited is the people here at HashiCorp, and the culture that HashiCorp has put together. It clearly comes across that they care about building amazing products that are industry leaders.

Bayer:

Thank you, Prakash, for sharing the BluBracket story. We have some integration work to do between our teams, and then we're going to be working on some exciting product announcements. So please stay tuned.

If you would like us to notify you when we have additional details about the availability of secret scanning and the BluBracket integration into the HashiCorp portfolio, please provide your contact details here.