All posts by Jeff Mitchell
Announcing HashiCorp Boundary
Announcing HashiCorp Boundary

Simple and secure remote access — to any system anywhere based on trusted identity.

HashiCorp Vault wins OSCON 2018 Breakout Project of the Year Award
HashiCorp Vault wins OSCON 2018 Breakout Project of the Year Award

Some personal thoughts from Jeff Mitchell on Vault winning the OSCON 2018 Breakout Project of the Year Award.

HashiCorp Vault 0.7.1
HashiCorp Vault 0.7.1

We are proud to announce the release of HashiCorp Vault 0.7.1, which includes a number of exciting new features, improvements, and bug fixes.

HashiCorp Vault 0.6.2
HashiCorp Vault 0.6.2

We are proud to announce the release of Vault 0.6.2. Vault is a tool for managing secrets. From API keys and encrypting sensitive data to being a complete internal CA, Vault is meant to be a solution for all secret management needs. This blog post covers two releases: 0.6.1 and 0.6.2, which together comprise a major feature release, plus large numbers of additional improvements and bug fixes. As always, a big thanks to our community for their ideas, bug reports, and pull requests. Read on to learn more about the major new features in Vault 0.6.1/0.6.2.

HashiCorp Vault 0.6
HashiCorp Vault 0.6

We are proud to announce the release of Vault 0.6. Vault is a tool for managing secrets. From API keys and encrypting sensitive data to being a complete internal CA, Vault is meant to be a solution for all secret management needs. This release contains major new features, some new secure workflow enhancements, and many improvements and bug fixes. A major focus was token management and token/authentication workflows. In Detail: Token Accessors Token Authentication Backend Roles Response Wrapping AWS EC2 Authentication Backend In Brief: Codebase Audit Integrated Consul Health Checks Listener Certificate Reloading MSSQL Credential Generation Azure Data Store Swift Data Store (Some of these features appeared in 0.5.1 and 0.5.2, however they were not discussed in previous blog posts.) Please see the full Vault 0.6 CHANGELOG for more details. Additionally, please be sure to read the upgrade information at the end of this post. As always, a big thanks to our community for their ideas, bug reports, and pull requests. Read on to learn more about the major new features in Vault 0.6.

HashiCorp Vault 0.5
HashiCorp Vault 0.5

We are proud to announce the release of Vault 0.5. Vault is a tool for managing secrets. From API keys and encrypting sensitive data to being a complete internal CA, Vault is meant to be a solution for all secret management needs. This release focuses on enhancing Vault's core significantly, adding some long-awaited features while also making some huge improvements to existing systems. Feature highlights include: Listing Secrets Finer-Grained ACLs Split HA and Data Store Backends Rekey and Unseal Improvement, Keybase Integration Root Token Regeneration Please see the full Vault 0.5 CHANGELOG for more details and the huge list of improvements. There are more breaking changes than usual in this version, so please be sure to read the upgrade information at the end of this post. As always, a big thanks to our community for their ideas, bug reports, and pull requests. Read on to learn more about the major new features in Vault 0.5.

HashiCorp Vault 0.4
HashiCorp Vault 0.4

We are proud to announce the release of Vault 0.4. Vault is a tool for managing secrets. From storing credentials and API keys to encrypting sensitive data to managing access to external systems, Vault is meant to be a solution for all secret management needs. Vault 0.4 brings significant enhancements to the pki backend, CRL checking for certificate authentication, a default policy, and a long list of improvements and bug fixes. Please see the full Vault 0.4 CHANGELOG for more details. As always, a big thanks to our community for their ideas, bug reports, and pull requests. You can download Vault 0.4 from the project website. Upgrade information is available at the end of this post. Read on to learn more about the major new features in Vault 0.4.

Vault: Cubbyhole Authentication Principles
Vault: Cubbyhole Authentication Principles

PLEASE NOTE: This post is kept for historical purposes only and to avoid breaking inbound links. The paradigms discussed here have been extended, formalized, and standardized into a built-in Vault feature called Response Wrapping. Check out the Response Wrapping concept page for more information. Last Updated: 2016-04-27 In the Vault 0.3 release post, the cubbyhole backend was introduced, along with an example workflow showing how it can be used for secure authentication to Vault. Here at HashiCorp, we believe that Cubbyhole-based authentication is the best approach for authenticating to Vault in a wide variety of use-cases. In this post we will explain why Cubbyhole may be the right authentication model for you, and present multiple considerations around Cubbyhole authentication to help fit a number of real-world deployment scenarios. This post will first explain the motivation behind developing the Cubbyhole authentication model, then describe the model itself, and finally present some considerations for designing deployment scenarios.

HashiCorp Vault 0.3
HashiCorp Vault 0.3

We are proud to announce the release of Vault 0.3. Vault is a tool for managing secrets. From storing credentials and API keys to encrypting sensitive data, Vault is meant to be a solution for all secret management needs. Vault 0.3 brings many new features including an ssh backend, a cubbyhole backend, new features and improvements to the transit backend, settable global and per-mount default/max TTLs, PGP encryption for unseal keys, large performance improvements for the generic backend, Duo Multi-Factor Authentication support, and much more. We cannot possibly list all of the improvements here, so please see the full Vault 0.3 CHANGELOG for more details. In addition, the entire 0.2 codebase underwent an audit by noted security experts iSEC Partners. Although we cannot share the results, their feedback was valuable, and we intend to continue with regular security audits to ensure that Vault can be trusted with the secrets of even the most cautious of organizations. As always, a big thanks to our community for their ideas, bug reports, and pull requests. You can download Vault 0.3 from the project website. Read on to learn more about the major new features in Vault 0.3.