Announcing Boundary Desktop embedded terminal, LDAP support, and more

HashiCorp Boundary 0.14, with an embedded terminal in the desktop client and LDAP GA support, is now available for download as well as for use on HCP Boundary.

HashiCorp Boundary, a modern privileged access management (PAM) offering for cloud-driven environments, provides just-in-time access to infrastructure without requiring end users to manage IP addresses or credentials. Boundary also ensures an organization’s infrastructure is secure and compliant by using identity driven controls and ensuring least-privilege access, session and credential expiration, and session recording. These new capabilities help organizations streamline their user workflow as they leverage a cloud operating model for secure remote access.

Boundary 0.14, which we are announcing today at HashiConf, adds important new functionality, including:

  • Dramatically improved SSH access: Users can now seamlessly establish and connect to SSH sessions directly in the Boundary Desktop client.
  • Expanded authentication options: Boundary 0.14 includes a fully instrumented LDAP auth method, with support in both the desktop client and admin UI.
  • Enhanced security removing hard-coded credentials: AWS administrators now have enhanced security and access control for their most sensitive recordings with the addition of AssumeRole authentication for storage buckets.

Here’s a closer look at the new capabilities:

»Boundary Desktop embedded terminal

Almost two years ago, we launched Boundary Desktop, an easy way for end users to securely establish sessions to machines across their environment. Since then, we’ve been working hard to add important new features, like SSH credential injection and session recording.

Boundary 0.14 includes our biggest update yet to Boundary Desktop: an embedded terminal. Our goal with Boundary Desktop is to centralize the experience of connecting to a resource for any type of user. The embedded terminal provides a seamless, end-to-end experience that guides users into securely establishing sessions. This new experience reduces steps and decreases the risk of human error when connecting to desired resources.

Launching an SSH session in HashiCorp Boundary 0.14 using the embedded terminal

Launching an SSH session in HashiCorp Boundary 0.14 using the embedded terminal

If your users prefer to use their own clients to establish connections rather than the embedded terminal in the Boundary Desktop, you can still establish sessions just as you did before, but now there’s additional helper information available directly in Boundary Desktop.

Connecting to a target using the Boundary Desktop helper command

Connecting to a target using the Boundary Desktop helper command

We’re excited to share the embedded terminal with the Boundary community. The embedded terminal works with any edition of Boundary and can be used with both TCP and SSH targets. To get started, download the latest Boundary Desktop binary.

»LDAP auth method reaches general availability

Boundary 0.13, released in June, included an LDAP auth method in beta supported in the CLI, API, and HashiCorp Terraform provider. This allows users to set up and manage LDAP-based auth methods, adding a third auth method to the existing username/password and OIDC authentication options.

In Boundary 0.14, we are bringing full admin UI and Boundary Desktop client support for LDAP auth methods, allowing users to more seamlessly log in with LDAP as their primary auth method. To get started with LDAP authorization, check out our documentation.

A configured LDAP auth method in the Boundary 0.14 admin UI

A configured LDAP auth method in the Boundary 0.14 admin UI

»AWS IAM AssumeRole authentication for storage buckets

With the release of SSH session recording in Boundary 0.13, we introduced storage buckets, a Boundary resource used for securely storing recorded sessions, scoped to support Amazon S3 with access keys. In Boundary 0.14, we're enhancing storage bucket support by allowing AWS administrators to utilize AssumeRole authentication when configuring their storage bucket, strengthening security by removing the need for static, potentially long-lived credentials in your Boundary environment.

AssumeRole storage buckets config in the admin UI

AssumeRole storage buckets config in the admin UI

»Get started with Boundary 0.14

We are excited for users to try the new Boundary features landing in 0.14, which make it even easier for users to securely connect to their resources. Administrators have the option to deploy a HashiCorp-managed Boundary cluster using the HashiCorp Cloud Platform (HCP) or a self-managed Boundary cluster. Here’s how to get started:

Sign up for the latest HashiCorp news

By submitting this form, you acknowledge and agree that HashiCorp will process your personal information in accordance with the Privacy Policy.