Login MFA Support Added to Vault Open Source and HCP Vault
HashiCorp expands MFA support across open source and all HCP Vault tiers, previously available only through Vault Enterprise.
We are pleased to announce the general availability of HashiCorp Vault 1.10, which adds login multi-factor authentication (MFA) support for Vault OSS and Vault on the HashiCorp Cloud Platform (HCP Vault). With login MFA, previously available only through Vault Enterprise, this release expands zero trust security best practices to all Vault users. The new login multi-factor authentication integration offers an additional authentication step using time-based one-time password (TOTP), Okta, Duo, or PingIdentity.
As increasingly sophisticated attacks from hackers and ransomware increase each year, organizations and developers need modern, automated security solutions that rely heavily on identity to protect critical infrastructure. In a breach, credentials are among the first things that an intruder will look for: according to Verizon, 89% of web app breaches are caused by credential abuse, while 61% of all breaches involve stolen credentials.
We believe that zero trust security should be comprehensive and accessible. A key component to the cloud operating model is zero trust security where securing infrastructure is predicated on identity rather than securing the network perimeter. Adding MFA to Vault open source — and expansion to HCP Vault — makes identity-based security, for both humans and machines, consistent and accessible at all levels of infrastructure. This release advances our commitment to unlocking the cloud operating model for every business and enabling their digital transformation strategies.
Login MFA offers additional security protections around credentials that are critical to zero trust security initiatives as organizations expand cloud programs and support an increasingly distributed global workforce. We have supported MFA in the Enterprise version of Vault for several years and wanted to bring that enhanced security to the entire Vault portfolio.
Having multiple options on how MFA is used with Vault (e.g., using TOTP, Okta, Duo, or PingIdentity) provides flexibility to support your preferred implementation. Login MFA is now considered a foundational feature in Vault open source and HCP Vault. Vault Enterprise continues to support Step-up Enterprise MFA when additional factors are required for a non-login operation.
For more information on login MFA, please see the auth method documentation, our list of frequently asked questions, and the detailed HashiCorp Learn guide on how to enable login MFA with PingIdentity.
» Vault OSS Upgrade
Vault 1.10 introduces significant new functionality along with login MFA. As such, please review the Upgrading Vault page, as well as the Feature Deprecation Notice and Plans page for further details.
For more information about Vault Enterprise, visit hashicorp.com/products/vault. You can download the open source version of Vault at vaultproject.io.
» HCP Vault Upgrade
New HCP Vault instances can take advantage of login MFA integrations beginning April 7, 2022. Sign up and try HCP Vault for free today.
The HashiCorp team will reach out to existing HCP Vault customers about a planned upgrade to Vault 1.10 in the coming weeks.
Sign up for the latest HashiCorp news
More blog posts like this one
HCP Vault Secrets adds enterprise capabilities for auto-rotation, dynamic secrets, and more
HCP Vault Secrets focuses on making a fast and easy path for secure development with key new features including auto-rotation (GA), dynamic secrets (beta), a new secret sync destination, and more.
New SLM offerings for Vault, Boundary, and Consul at HashiConf 2024 make security easier
The latest Security Lifecycle Management (SLM) features from HashiCorp Vault, Boundary, and Consul help organizations offer a smoother path to better security practices for developers.
Vault 1.18 introduces support for IPv6 and CMPv2 while improving security team user experience
HashiCorp Vault 1.18 brings UI support for AWS Workload Identity Federation (WIF), PKI CMPv2 for 5G, and more.