Skip to main content

HCP Packer adds bucket-level RBAC

You can now manage access at the bucket level in HCP Packer.

We are excited to announce that HCP Packer has released a new enhancement to its role-based access control (RBAC): bucket-level RBAC. With this new feature, organizations gain further control over their permissions management to mitigate security risks and practice the principle of least privilege.

»Access management challenges

HashiCorp Packer automates the process of building system and container images from a single source configuration. HCP Packer is a service that builds on Packer, enabling platform teams to manage and standardize the lifecycle of image artifacts across different clouds or on-premises environments.

In HCP Packer, users organize their images using buckets, which serve as a repository to store metadata for specific artifact versions. Previously, HCP Packer access roles could be defined only at the organizational or project level, which presented challenges for teams trying to strengthen security with a more-granular approach to access management.

Limited RBAC options meant admins might grant project access to individuals who didn’t fully require such permissions, resulting in a potential misalignment with their security and compliance policies. To avoid that situation, admins might have had to set up a separate project, adding further complexity to their image workflows and slowing down their development teams. Getting around this limitation called for a more tiered approach to access control in HCP Packer.

»Enabling granular access control

With the latest release, HCP Packer users can now define user access at the bucket level. With this, developers can create buckets within the same project to gain functionality like ancestry tracking and multi-level revocation without needing full project access. Admins can now assign specific permission at the bucket level for actions such as creating, updating, and deleting artifact versions and more:

Permissions Viewer Contributor Admin
View bucket
Delete bucket
Create versions
Update versions
Delete versions
Manage bucket service principals
Edit bucket permissions
Manage group role for bucket

Table shows the capabilities of viewer, contributor, and admin roles for HCP Packer buckets

With this improvement, organizations can now ensure sensitive golden images remain protected from unauthorized modifications while giving developers the self-service capabilities they need to be agile and efficient.

»Learn more

For details on bucket-level RBAC and how to start mitigating risk with access management, check out the HCP Packer permissions documentation. To learn more about HCP Packer, visit the HCP Packer introduction page on HashiCorp Developer. And you can get started with HCP Packer for free to track and manage artifacts across all your cloud environments.

Sign up for the latest HashiCorp news

By submitting this form, you acknowledge and agree that HashiCorp will process your personal information in accordance with the Privacy Policy.