Announcing HCP Vault Secrets public beta

Today at HashiDays, we launched the public beta for a new offering on the HashiCorp Cloud Platform: HCP Vault Secrets. HCP Vault Secrets is a new Software-as-a-Service (SaaS) offering of HashiCorp Vault that focuses primarily on secrets management, enables users to onboard quickly, and is free to get started.

In this post, we’ll look at the customer feedback that led to the creation of HCP Vault Secrets and we’ll cover some of its unique features and differences compared to HCP Vault.

»Remediate secret sprawl quickly

As organizations have grown their usage of cloud and SaaS services, they face new challenges around managing security. In dynamic environments, there are more systems to manage, more endpoints to monitor, more networks to connect, and more people who need access. The potential for a breach increases significantly — making the need to adopt the right security posture while maintaining development agility even more important.

We have heard from our customers that secret sprawl and improving security posture while still maintaining developer agility are the biggest challenges they face. Different teams end up using different tools to store and manage secrets across multiple environments, creating challenges around common access management, remediating leaked secrets quickly, and not having a unified view of the secret lifecycle.

We created HCP Vault Secrets as a SaaS service to enable development teams to centralize their secrets management and set up a unified view of their secrets and applications in minutes, while still maintaining their development workflows with their existing cloud secrets managers, CI systems, and deployment services. HCP Vault Secrets is focused solely on secrets management, allowing centralized platform engineering teams to focus on strengthening their secrets management security posture without compromising on development agility.

HCP Vault Secrets offers both a pull model and a push model for getting secrets into the development workflow. With the push model, platform teams can set up secret synchronization from HCP Vault Secrets, and application development teams can continue iterating with their existing workflows without major interruptions. With the pull model, development teams can inject application secrets into their local application deployment workflows ensuring all secrets, including local development secrets, are centralized in HCP Vault Secrets.

»HCP Vault Secrets sharpens the focus on secrets management

HCP Vault Secrets is a managed Vault offering focusing on secrets management for developers across three key areas:

• Centralizing secrets
• Syncing secrets
• Developer flexibility

»Centralizing secrets

HCP Vault Secrets centralizes secrets lifecycle management into one place, so users can eliminate context switching between multiple secrets management applications. We are introducing a new domain model with the concept of applications that are used to logically group secrets. This structure allows organizations to intuitively map their secrets within HCP Vault Secrets as well as easily scale the growth of secrets, while not compromising on the discoverability of secrets.

»Secrets sync

With secrets sync, users can synchronize secrets when and where they need them and continually sync secrets from HCP Vault Secrets to external secrets managers like AWS Secrets Manager so they are always up to date. HCP Vault Secrets will initially integrate with AWS Secrets Manager, with more integrations planned for later in the public beta period.

»Developer flexibility

We built HCP Vault Secrets to prioritize developer flexibility. With HCP Vault Secrets, developers can fetch secrets from any interface (CLI, TF, API, or UI), inject secrets into applications at runtime without code changes, and use the native HCP authentication methods across all interfaces.

»Centralized secrets lifecycle management

The centralized secrets lifecycle management enabled by HCP Vault Secrets lets developers:

• Increase security across clouds and machines: Reduce the risk of breaches by centralizing where secrets are stored and reducing the context switching between multiple solutions that can lead to human error.
• Increase productivity: Development teams can improve their security posture without expending additional time and effort.
• Enhance visibility of secrets activity across teams: Get insight into when secrets are modified or accessed by whom, when, and from where with advanced filtering and storing capabilities.
• Comply with security best practices: Fully managed deployment means your instance is always up to date and in line with security best practices — no more manual upgrades.
• Last-mile secrets availability for developers: Keep secrets centralized in HCP Vault Secrets while syncing secrets to existing platforms and tools, including cloud service providers (starting with AWS Secrets Manager), so that developers can access secrets where they need them.

HCP Vault Secrets is fully managed by HashiCorp and available on the HashiCorp Cloud Platform, allowing users to get up and running quickly — they can sync their first secret in minutes.

»Try HCP Vault Secrets beta for free today

Try HCP Vault Secrets today and begin centralizing your secrets in minutes. To get started, sign up for HCP Vault Secrets for free and check out our HCP Vault Secrets documentation on HashiCorp Developer. And be sure to watch the video demo of HCP Vault Secrets from HashiDays, below: