HashiCorp Achieves SOC 2 Type I Compliance
Earning and maintaining our customers’ trust is of the utmost importance to us at HashiCorp. Because of this we have invested heavily in security, and we are excited to share that HashiCorp has achieved SOC 2 Type I compliance for HashiCorp Terraform Enterprise, Vault Enterprise, Consul Enterprise, Nomad Enterprise, and Terraform Cloud.
Our security team, in collaboration with our product and engineering teams, is dedicated to ensuring that our products are designed, architected and developed with both the security of our products, and of our customers’ data in mind.
With the adoption of industry best practices for controls and processes throughout our environments and software development lifecycle, we strive for best-in-class security. This includes security awareness training for all employees, internal threat models, as well as external penetration testing, vulnerability management, security in the release cycle, and endpoint management.
Our security program was audited by an external third party against the AICPA Trust Service Principles, including Security, Availability and Confidentiality. This achievement validates our commitment as we strive to earn and maintain our customers’ trust, and, as we progress in our compliance journey, and pursuing SOC 2 Type II, along with ISO 27001, helps us mature our security posture. For more information about HashiCorp security, please visit hashicorp.com/security.
Our complete SOC 2 Type I audit report is available to customers and prospects under NDA upon request.
Sign up for the latest HashiCorp news
More blog posts like this one

Secure AI identity with HashiCorp Vault
HashiCorp Vault's dynamic credentials give AI applications traceable, short-lived identities with just-in-time access, replacing risky static credentials. Try our proof-of-concept LangChain application to see how this can work.

SCEP: A bridge from legacy PKI to modern certificate management
Vault Enterprise now supports SCEP, empowering secure certificate enrollment for legacy and device-constrained environments while helping teams plan their evolution to modern protocols like EST and ACME.

Build secure, AI-driven workflows with Terraform and Vault MCP servers
At AWS Summit New York, HashiCorp introduced new capabilities that bring Terraform, Vault, and Vault Radar into the age of AI agents — advancing secure, automated infrastructure through composable, agentic systems.