Mar 15 2018 Nicolas Corrarello
Continuously Integrating Policy Into Vault
Whenever adopting any new software products, there are always operational considerations. Particularly in the case of HashiCorp Vault, HashiCorp’s centralized secrets management solution, is a double edge sword, where the security is only as good as the governance around it
Mar 13 2018 Anubhav Mishra
Authenticating Applications with HashiCorp Vault AppRole
The AppRole auth method provides a workflow for application or machines to authenticate with Vault. This post explores how applications and machines can use AppRole auth method to authenticate with Vault in a modern CI/CD pipeline.
Mar 07 2018 Jeff Silberman
On-demand Container Storage with HashiCorp Nomad
No one wants to manage storage, but high-value applications aren’t going to run without it. In an ideal world, storage would “just be there” without having to think about it --- or provision and manage it, right?
Portworx, a software-defined persistent storage solution for container workloads, provides a highly-available elastic data fabric. Portworx cloud native storage allows jobs to seamlessly run hyper-converged with the storage layer for best performance --- and also provides a rich spectrum of options for data availability.
Mar 06 2018 Nicolas Corrarello
Understanding the Performance Overhead of Encryption
Every modern application has a requirement for encrypting certain amounts of data. The traditional approach has been either relying on some sort of transparent encryption. While this clearly minimizes the requirement for encryption within the application, it doesn’t secure the data from attacks like a SQL Injection, or someone just dumping data since their account had excessive privileges, or though exposure of backups.
Mar 01 2018 Armon Dadgar
Why We Need Dynamic Secrets
Secret management is one of the core use cases for Vault. Today, many organizations have credentials hard coded in source code, littered throughout configuration files and configuration management tools, and stored in plaintext in version control, wikis, and shared volumes. Vault provides a central place to store these credentials, ensuring they are encrypted, access is audit logged, and exposed only to authorized clients. Achieving this centralization is a huge improvement in security posture, but its not the end of the journey. This is because applications don't keep secrets! Vault presents an answer to this problem in the form of "Dynamic Secrets".
Feb 22 2018 Jeff Ploughman
Using Vault to Build an Ethereum Wallet
This is a guest post by Jeff Ploughman, a Security Architect at T. Rowe Price and founder of the DC-Baltimore HashiCorp User Group; this work was done in his role as an Ethereum aficionado and open source contributor.
HashiCorp Vault focuses on keeping application data secure across distributed infrastructure by tightly coupling your trusted identity with brokering access and managing sensitive organizational information and secrets. An Ethereum Wallet (add link) is a gateway to decentralized applications on the Ethereum blockchain. It allows you to hold and secure ether and other crypto-assets built on Ethereum, as well as deploy and use smart contracts. This blog will look at how the two can work seamlessly together.
Feb 20 2018 Anubhav Mishra
Announcing HashiCorp Diversity Scholarship Program
Last year, HashiCorp gave away a number of conference passes to the various organizations to join us for HashiConf, our flagship user conference. This year we are excited to build on that contribution and introduce HashiCorp Diversity Scholarship Program. The intent is to assist members of our community who are from underrepresented groups in the technology and open source communities with these scholarships— to cover the costs associated with HashiConf or HashiDays conferences.
Feb 16 2018 Chris Roberts
Updating the Vagrant VMware Plugin
The Vagrant VMware plugin will fail to activate with HashiCorp servers starting on February 18th, 2018. For the next 30 days after this date, currently installed VMware plugins will start to encounter errors activating their license.
Feb 16 2018 Peter McCarron
New Terraform Providers: Palo Alto Networks, Open Telekom Cloud
We are proud to announce two new providers now available for HashiCorp Terraform. This blog will give a more detailed description on the providers and any helpful links that may provide additional insight. For more information on Terraform providers please visit our docs page.
Feb 14 2018 Nic Jackson
HashiCorp Terraform: Modules as Building Blocks for Infrastructure
Operators adopt tools like HashiCorp Terraform to provide a simple workflow for managing infrastructure. Users write configurations and run a few commands to test and apply changes. However, infrastructure management often extends beyond simple configuration and we require a workflow to build, publish, and share customized, validated, and versioned configurations. Successful implementation of this workflow starts with reusable configuration, in this post we will look at modules, the problems they solve, and how you can leverage them to form the building blocks for your infrastructure.
Feb 08 2018 Anubhav Mishra
Applying Policy as Code to Kubernetes Resources
Using HashiCorp Terraform Enterprise and the Kubernetes provider we can apply fine-grained policy enforcement using Sentinel to Kubernetes resources, before the changes to the resources are applied on the cluster. This blog post explores using Sentinel in Terraform Enterprise to manage Kubernetes clusters and enforce Kubernetes service types and namespace naming conventions.
Feb 05 2018 Chris Roberts
HashiCorp Vagrant 2.0.2.
We are pleased to announce the release of HashiCorp Vagrant 2.0.2. Vagrant is a tool for building and distributing development environments. The highlight of this release is an updated implementation of SMB synced folders with added host support for macOS.
Jan 25 2018 Nic Jackson
Using Sentinel Policy to enforce continuous deployment windows
In the same way that we can embed Sentinel into a pipeline to enforce policy for Terraform plans, or Vault secrets, we can also enforce policy in a continuous delivery pipeline.
In this post, we are going to examine how Sentinel Policy and the Sentinel Simulator can be used to ensure your CD system only deploys your application within a specified time window.
Jan 18 2018 Fraser Pollock
TFE and Sentinel: Provisioning Policy for Data Sovereignty in the Cloud
Infrastructure as code with HashiCorp Terraform enables operators to automate provisioning at scale. This comes with risks, as every action can have larger effects. Sentinel policy as code places guardrails to protect users from creating infrastructure changes that fall outside of business, security, and compliance policies. This blog will take a look at writing and enforcing a policy using Terraform Enterprise to restrict provisioning resources in certain availability zones to ensure data sovereignty.
Jan 12 2018 Armon Dadgar
Why Policy as Code?
HashiCorp advocates for "infrastructure as code" approaches to managing infrastructure. We have talked about it publicly and published about it in our Tao of HashiCorp. At HashiConf 2017, we announced Sentinel, a framework for "policy as code". The same coding practices that are applied to infrastructure can be very effective in enforcing and managing policies. Codifying policy removes the need for ticketing queues, without sacrificing enforcement.