Feb 14 2017 Seth Vargo
Cloud Foundry Vault Service Broker
We are pleased to announce the release of the official Cloud Foundry HashiCorp Vault Service Broker. This service broker connects to an existing Vault cluster and can be used by multiple tenants within Cloud Foundry to securely store, access, and encrypt using Vault.
Feb 08 2017 Armon Dadgar
Replacing Queues with Nomad Dispatch
Nomad v0.5.3 introduced parameterized jobs which act as job scaffolds that can be dispatched on demand with configurable arguments. These jobs behave similar to functions, encapsulating the logic and allowing the caller to name the job and provide appropriate arguments. Nomad Dispatch treats those "function calls" like a future or promise, making it easy to build scalable processing pipelines for operations like video transcoding, image resizing, sending emails, or doing a billing rollup.
This blog post explores using the new Nomad Dispatch feature to build a video transcoding service using the popular open source tool ffmpeg. Traditional approaches to this problem often involve many different components for work queuing, scheduling, capacity planning, and failure handling. Due to its design, Nomad automatically handles these concerns, allowing for focus on a minimal job definition and the business logic of the video transcoding service.
Jan 26 2017 Aater Suleman
Flux7 helps customers securely run applications in the cloud with Vault
The following is a guest blog post from Aater Suleman, CEO at Flux7. Flux7 is one of HashiCorp's Premier System Integration partners and have successfully helped deploy dozens of customer environments using the HashiCorp stack.
As a HashiCorp consulting partner, Flux7 helps organizations establish a framework for repeatable deployments of Vault on top of their existing infrastructure or as part of a new infrastructure solution. We began working with HashiCorp Vault two years ago in response to increased requests from Chief Information Security Officers (CISOs) who wanted to ensure their company’s cloud migration or greenfield deployment met the organization’s risk, security, and compliance objectives.
Organizations migrating to cloud technologies want to ensure security controls and policies are in place before moving. Whether they recognize it or not, organizations are looking for secrets management, encryption as a service, and privilege access management (PAM).
In addition to continued conversation around cloud migration strategy, we also began fielding concerns over the proliferation of credentials and secrets as organizations adopt microservices. One challenge organizations often face when implementing microservices is the proliferation of secrets. As the number of microservices grows, so too does the number of required credentials, certificates, and logins. This exponential growth drives the need for effective and efficient secret management across multiple levels of the organization.
Jan 24 2017 Andy Manoske
Addressing Top Security Threats with Vault
Cybersecurity remains a critical area of concern for the public and private sector. According to IBM and the Ponemon Institute, last year saw 383 publicized malicious data breaches targeting the public and private sector globally, dealing north of $1.5B in direct damage and potentially trillions of dollars in lost intellectual property.
HashiCorp Vault has a unique role in responding to these security trends. Vault secures, stores, and tightly controls access to secrets across distributed application infrastructure. The unique portfolio of features allows users of various security expertise to craft strong defenses against real-world cybercriminal adversaries. In this post we'll talk through real-world attack vectors and how Vault can be used to protect against them:Preventing large scale data breaches with secrets management Limiting privilege escalation with privileged access management Protecting customer data with encryption as a service
Dec 13 2016 Mitchell Hashimoto
We've released Terraform 0.8. Terraform is a tool for safely and efficiently building, combining, and launching any infrastructure.
Terraform continues to grow extremely fast! Since our last major Terraform release, downloads have increased 100% month over month and the number of community contributors has increased 50% from 500 to over 750. We had 14 minor releases of 0.7.x to add and improve hundreds of resources and dozens of providers.
Terraform 0.8 adds major new functionality to Terraform. Highlights include:Console Conditional Values Terraform Version Requirement Depending on Modules Vault Provider Nomad Provider
Dec 01 2016 Seth Vargo
Spotlight: Consul KV CLI
The recent release of [Consul 0.7.1][consul-0.7.1] included a number of exciting new features. One powerful new capability is the addition of a full-featured CLI for interacting with Consul's key-value store. This blog post explores the new Consul KV CLI with some great examples and techniques.
Nov 28 2016 Armon Dadgar
HashiCorp, DevOps, and the Application Delivery Process
Today we are excited to formally release DevOps Defined, a guide for adopting DevOps to accelerate application delivery. Two years ago we published our Tao of HashiCorp, in which we detailed the design principles and philosophy behind our tools. Since then we have launched several new open source projects including Vault and Nomad which follow the Tao. It has been an extremely useful resource for giving our technology a shared direction.
However, technology is just one aspect software development. Software organizations are composed of people, processes, and technology. While it's easy to focus on just the technology, it is ultimately just an enabler of successful people and process. Thus, it's important to understand the workflows and productivity of the people that power software organizations. Our organizations should be designed to align teams through empowering workflows. To us, that is the essence of DevOps.
Nov 22 2016 Jana Boruta
Consul and Vault on AWS: Quick Start Guides
At HashiCorp, we make tools that automate the modern datacenter, so you can secure, provision, and run any application on any infrastructure. Today we are excited to announce the general availability of AWS Quick Start Guides for two of our popular open source tools: Consul and Vault.
Nov 21 2016 James Phillips
We are excited to release Consul 0.7.1. Consul is a critical infrastructure service for organizations that rely on it for service discovery, key/value storage, and health checks.
The focus for Consul 0.7.1 is the ability to take a complete snapshot of Consul's state and restore it for disaster recovery. With three or more servers, Consul is highly available, but if a cluster is lost completely, it's essential that organizations have a workflow to quickly restore Consul as the source of truth for the status of applications and resources in their infrastructure.
New snapshot CLI and APIs provide an easy mechanism for operators to capture and restore the complete state of a Consul cluster. Consul Enterprise adds a new Snapshot service to automatically schedule taking snapshots, sending them off site, and rotating them.
Read on to learn more about snapshot and restore features in this release. You can also read the 0.7.1 change log for details on features like the new key/value store CLI, AWS auto discovery, and more.
Nov 16 2016 Alex Dadgar
We are pleased to announce the release of Nomad 0.5. Nomad is a distributed, scalable, and highly available cluster manager and scheduler designed for both microservice and batch workloads.
Nomad 0.5 includes a number of new features focused on increasing cluster security and enabling new workloads to be run on Nomad. Highlights include:Vault Integration Template Block Sticky Volumes Cluster Encryption
Nov 14 2016 Seth Vargo
Codifying Vault Policies and Configuration
One of the pillars behind the Tao of HashiCorp is "Automation through Codification". Recently I had the pleasure of participating in some very thoughtful discussions on whether Vault embodies that principle, specifically as it relates to Vault's configuration and policies.
This post discusses techniques for capturing your Vault policies and configurations in source control, providing repeatable workflows, continuous integration of policy testing, and much more.
Oct 18 2016 Clint Shryock
We are pleased to announce the release of Terraform v0.7.7. This release comes just 4 days after Terraform v0.7.6! While this was a shorter release cycle than normal, this release has a ton of new features, including support for the newly-announced AWS region in Ohio, us-east-2!
Oct 06 2016 Jeff Mitchell
We are proud to announce the release of Vault 0.6.2. Vault is a tool for managing secrets. From API keys and encrypting sensitive data to being a complete internal CA, Vault is meant to be a solution for all secret management needs.
This blog post covers two releases: 0.6.1 and 0.6.2, which together comprise a major feature release, plus large numbers of additional improvements and bug fixes.
In Detail:AppRole Authentication Backend Convergent Encryption in transit Request Forwarding and Retrying Additional Response Wrapping Endpoints
In Brief:Key Usage Control and Chained Intermediate Support in pki Flexible Filters in ldap MongoDB Secret Backend Circonus Metrics Integration Response Wrapping for /sys Endpoints and List Operations
Please see the full Vault 0.6.2 CHANGELOG for more details. Additionally, please be sure to read the upgrade information at the end of this post.
As always, a big thanks to our community for their ideas, bug reports, and pull requests.
Read on to learn more about the major new features in Vault 0.6.1/0.6.2.
Sep 14 2016 James Phillips
We are excited to release Consul 0.7, a major update with many new features and improvements. This release focused on making it easier to operate Consul clusters, and built key foundations for continued operational improvements in future releases.
Consul is a modern datacenter runtime that provides service discovery, configuration, and orchestration capabilities in an easy-to-deploy single binary. It is distributed, highly available, and proven to scale to tens of thousands of nodes with services across multiple datacenters. There are a huge number of features, bug fixes, and improvements in Consul 0.7. Here are some of the highlights:Transactional Key/Value API Consul Operator Improvements Lifeguard ACL Replication
You can download Consul 0.7 here and view the changelog for a complete list of changes.
Read on to learn more about the major new features in 0.7.