HCP Vault Secrets extends secret sync to GitHub Actions

At HashiDays earlier this year, we launched the public beta for a new offering on the HashiCorp Cloud Platform: HCP Vault Secrets. HCP Vault Secrets is a new Software-as-a-Service (SaaS) offering of HashiCorp Vault that focuses primarily on secrets management, enables users to onboard quickly, and is free to get started.

Since then, we have been working on various improvements and additions to HCP Vault Secrets. These updates are aligned with our core product principles focusing on secrets management for developers across three key areas: centralizing secrets, syncing secrets, and developer flexibility. These additions will help our users to:

• Increase security across clouds and machines: Reduce the risk of breaches by centralizing where secrets are stored and reducing context switching between multiple solutions that can lead to human error.
• Increase productivity: Development teams can improve their security posture without expending additional time and effort.
• Enhance visibility of secrets activity across teams: Get insight into when secrets are modified or accessed — including by whom, when, and from where — with advanced filtering and storing capabilities.
• Comply with security best practices: Fully managed deployment means your instance is always up to date and in line with security best practices — no more manual upgrades.
• Last-mile secrets availability for developers: Keep secrets centralized in HCP Vault Secrets while syncing secrets to existing platforms and tools, including cloud service providers (starting with AWS Secrets Manager), so that developers can access secrets where they need them.

»Secrets sync for GitHub Actions

With secrets sync, users can continually synchronize secrets from HCP Vault Secrets when and where they need them. At launch, users could leverage this feature for AWS Secrets Manager. Today, we are pleased to announce that we have added secrets sync for GitHub Actions.

Currently, secrets in GitHub Actions do not have secret versioning, which can cause an influx of secret sprawl for users. GitHub stores secrets on a per-repository basis, which sometimes results in duplicate secrets created across multiple repositories. Oftentimes, inconsistencies between environments can emerge if secret values in CI (specifically GitHub Actions) and in a deployment environment are different.

By centrally managing secrets in HCP Vault Secrets and enabling syncing to GitHub, developers can enable access to secrets within GitHub Actions. HCP Vault Secrets gives users improved secrets versioning and access control setup and can ensure secrets are synced across multiple repositories.

»Other recent additions

1. Improved secret versioning: Bring an old secret value back to the current version or delete secret versions.
2. Terraform HCP provider integration: Use the Terraform HCP provider to retrieve secrets from HCP Vault Secrets. Read HCP Vault Secrets with Terraform for details.
3. Updated API docs: Seamlessly and efficiently interact with the HCP Vault Secrets API.
4. Updated security documentation: Better understand how secrets are secured with HCP Vault Secrets.

HCP Vault Secrets is fully managed by HashiCorp and available on the HashiCorp Cloud Platform (HCP). With HCP Vault Secrets, users can sync their first secret in minutes. Sign up for free today.