Vault is a platform for centralized secrets management, encryption as a service, and identity-based access.

This release features Integrated Storage enhancements, a new Key Management Secrets Engine, Transform Secrets Engine updates, and more.

Announcing HashiCorp Vault 1.6

This blog is a summary of HashiCorp activities at AWS re:Invent 2020. 

HashiCorp at AWS re:Invent 2020

We will be organizing a HashiCraft Holidays Hackstravaganza where you and your fellow tinkerers can use your creativity to showcase one or more of our products in creative and unexpected ways.

Announcing the HashiCraft Holidays Hackstravaganza

In this blog, we round-up all of the KubeCon related activities HashiCorp will be doing this week at the virtual conference and adjacent to it. 

HashiCorp and KubeCon North America Virtual

New step-by-step tutorials demonstrate the features introduced in Vault 1.6. 

Vault Learning Resources: Vault 1.6 Release Highlights

New Sentinel HTTP import capabilities in Vault Enterprise 1.5 enable new sophisticated governance policies. See it in action.

Using Sentinel's HTTP Import in HashiCorp Vault Enterprise

Try HashiCorp Vault as a managed cloud service by signing up for the HCP Vault private beta.

Announcing Vault on the HashiCorp Cloud Platform

Developers no longer have to make their Lambda functions Vault-aware. 

Use AWS Lambda Extensions to Securely Retrieve Secrets From HashiCorp Vault

Use Vault-generated dynamic credentials to provision infrastructure. Learn how to inject secrets into your Terraform configuration using the Vault provider.

Learn to Inject Secrets Into HashiCorp Terraform Configuration using Vault

Get Terraform, Packer, Vault, Consul, and Nomad up and running even faster on macOS with our new official Homebrew Tap.

Announcing HashiCorp’s Homebrew Tap

Learn about a Vault SlackBot made by DigitalOnUs.

Vault AIDE: A ChatOps Bot for HashiCorp Vault

When multiple teams use Consul, it becomes difficult to correlate manually managed policies with the identity accessing it. In this blog, we'll show you an automated method to ensure least-privilege access to Consul using Terraform and Vault. 

Managing HashiCorp Consul Access Control Lists (ACLs) with Terraform & Vault

We are happy to announce that we have an officially supported HashiCorp Vault GitHub Action. GitHub Actions allow you to easily automate your CI/CD developer workflows to run actions against repositories based on triggers within GitHub. The Vault GitHub Action allows you to take advantage of secrets sourced from your HashiCorp Vault infrastructure for things like static and dynamic secrets and inject these secrets into your GitHub workflows.

Automate Secret Injection into CI/CD Workflows with the GitHub Action for Vault

We are excited to announce that HashiCorp Vault is now validated on Google Cloud Platform’s Confidential Computing service. Confidential Computing allows HashiCorp Vault to operate in environments with resilient host based security that adds additional protection through the use of memory encryption.

Using HashiCorp Vault with Google Confidential Computing

Today, the Sentinel team is pleased to announce the release of the Sentinel Playground. We have built the Playground so that new and existing customers have access to a zero-install development environment. Now, practitioners can learn and experiment with policy as code in minutes without having to install and maintain runtime environments on their own machines.

Announcing the Sentinel Playground

Ample Organics, a global leader in tech infrastructure and services for the cannabis industry, shares how HashiCorp Nomad and Consul has helped them create an agnostic platform that makes it possible to ship 125 client deployments per day with zero downtime and 10% reduction in operating costs.

How HashiCorp Nomad Helps Relax Cannabis Compliance and Kubernetes Complexity

Here is a closer look at the HashiConf talk with Sky Betting & Gaming that shows the HashiCorp Vault features they use to mitigate user errors.

How HashiCorp Vault Helps Minimize the Impact of User Error

Learn from nearly 20 free, interactive, hands-on tutorials as presented at HashiConf Digital.

Learn From 20 Free Interactive Tutorials As Presented At HashiConf Digital

Today we’re happy to announce HashiCorp’s official Linux repository, a source of Debian and RPM packages for HashiCorp products. These packages will provide Linux users with a better installation and upgrade experience.

Announcing the HashiCorp Linux Repository

We are excited to announce new step-by-step tutorials to demonstrate the features introduced in Vault 1.5, which was just released on July 21st. In addition, the Performance Tuning guide and Monitor Telemetry guide are now available.

Vault Learning Resources: Vault 1.5 features and more

In Vault 1.5, we redesigned the replication UI to create dashboards that are easy to read, and make problems easier to see and troubleshoot. We are excited to share our redesigned dashboards with you.

HashiCorp Vault Replication UI Redesign

We are pleased to announce the launch of our Splunk app to help you with the out-of-the-box HashiCorp Vault monitoring experience. The app helps you understand how Vault is doing from an operational and security perspective in a multi-tenant environment, and comes with pre-built dashboards and reports that span various monitoring use cases.

Splunk App for Monitoring HashiCorp Vault

With Vault 1.5, we added a new feature called Resource Quotas, which allows you to protect your Vault environment's stability and resource consumption in a predictable way from runaway application through the use of request rate limiting and counters.

Announcing HashiCorp Vault Resource Quotas

We are excited to announce the HashiCorp Vault Helm chart has been updated with RedHat OpenShift 4.X support. We have extended the existing Helm chart to support installing and running Vault Enterprise on OpenShift.

Announcing OpenShift Support Via the HashiCorp Vault Helm Chart

We are excited to announce the general availability of HashiCorp Vault 1.5 Vault is a tool which provides secrets management, data encryption, and identity management for any application on any infrastructure.

Announcing HashiCorp Vault 1.5

Today we are pleased to announce the HashiCorp Cloud Platform (HCP), a fully managed cloud offering to automate deployment of HashiCorp products on any cloud provider.

Our first HCP service — HCP Consul — is now in private beta with support for AWS. HCP Vault will follow next. Get early access here.

Announcing the HashiCorp Cloud Platform

We are excited to announce that HashiCorp Vault Enterprise has successfully completed product compatibility validations for both VMware vSphere and NetApp ONTAP. Vault Enterprise can be used as a flexible, very cost-effective, and scalable external key manager solution using the built in Key Management Interoperability Protocol (or KMIP) standard for securing and encrypting the storage systems.

Securing VMware and NetApp Data with HashiCorp Vault

Vault 1.4 Enterprise introduced a new secrets engine called Transform. This post shows you how to implement Transform secrets into a simple API; source code is provided for both the Java and Go programming languages.

Encrypting Data while Preserving Formatting with the Vault Enterprise Transform Secrets Engine

In this article, we will see how to automate the creation and management of the lifecycle of TLS certificates in a Kubernetes environment with HashiCorp Vault and its PKI secret engine as well as JetStack cert-manager.

Kubernetes Traffic Ingress with HashiCorp Vault PKIaaS and JetStack Cert-Manager

Introducing the HashiCorp Cloud Engineering Certification program, for cloud engineers to demonstrate their knowledge, capability, and expertise working with the de facto standard open source multi-cloud automation tools from HashiCorp

Announcing HashiCorp Cloud Engineering Certifications 

HashiCorp has created a Vault 1.4 Release Highlights section on HashiCorp Learn to list all guides that are specific to Vault 1.4 features. Start exploring those new features today.

Vault Learning Resources: Vault 1.4 features

Kubernetes users can now bring Vault into their Kubernetes environment using the Vault Helm chart to manage secrets. Get started with hands-on tutorials that demonstrate operating Vault in a variety of modes within Kubernetes.

Learn How to Run Vault on Kubernetes

We are excited to announce the general availability of the Integrated Storage backend for Vault with support for production workloads. Integrated Storage exists as a purely Vault internal storage option and eliminates the need to manage a separate storage backend.

HashiCorp Vault Announces Integrated Storage General Availability

We are excited to announce the general availability of HashiCorp Vault 1.4. Vault is a tool which provides secrets management, data encryption, and identity management for any application on any infrastructure.

Announcing HashiCorp Vault 1.4

Transform is a Secrets Engine that allows Vault to encode and decode sensitive values residing in external systems such as databases or file systems. This capability allows Vault to ensure that when an encoded secret’s residence system is compromised, such as when a database is breached and its data is exfiltrated, that those encoded secrets remain uncompromised even when held by an adversary.

Vault Transform: Protecting Secrets in External Systems

HashiCorp Learn now features embedded interactive experiences powered by Katacoda. Use these in-page tutorials to have an immediate hands-on experience with HashiCorp products.

Get Hands-on Experience with HashiCorp Products in Your Browser

We are excited to announce a new Kubernetes integration that allows applications with no native HashiCorp Vault logic built-in to leverage static and dynamic secrets sourced from Vault.

Injecting Vault Secrets Into Kubernetes Pods via a Sidecar

In this blog post, we will look at how the Vault integration for Kubernetes allows an operator or developer to use metadata annotations to inject dynamically generated database secrets into a Kubernetes pod. The integration automatically handles all the authentication with Vault and the management of the secrets, the application just reads the secrets from the filesystem.

Dynamic Database Credentials with Vault and Kubernetes

We are excited to announce new guides to demonstrates the features introduced in Vault 1.3, which was just released: Active Directory Check-in/Check-out, Entropy Augmentation, and the Vault debug tool. In addition, a new Katacoda scenario is now available.

Vault Learning Resources: Vault 1.3 features and more

We are excited to announce the public availability of HashiCorp Vault 1.3. Vault is a tool to provide secrets management, data encryption, and identity management for any infrastructure and application.

Announcing HashiCorp Vault 1.3

This week we're releasing an updated version of the Helm Chart for Vault. The Helm Chart greatly reduces the complexity of running Vault on Kubernetes, and allows for Vault clusters to be up and running in just minutes.

Releasing HashiCorp Vault Helm Chart 0.2.0

As quantum computers grow in power and reliability, we at HashiCorp have been asked a number of questions about how we plan on protecting Vault against quantum threats.

Quantum Security and Cryptography in HashiCorp Vault

We're excited to announce multiple features that deeply integrate HashiCorp Vault with Kubernetes. This post will share the initial set of features that will be released in the coming months.

What's Next for Vault and Kubernetes

Become proficient with new Vault features including the Database Static Roles and Credential Rotation, KMIP Secrets Engine, and Integrated Storage.

Vault Learning Resources: Vault 1.2 Feature Introduction

This week we're releasing an official Helm Chart for Vault. Using the Helm Chart, you can start a Vault cluster running on Kubernetes in just minutes. This Helm chart will also be the primary mechanism for setting up future roadmapped Vault and Kubernetes features. By using the Helm chart, you can greatly reduce the complexity of running Vault on Kubernetes, and it gives you a repeatable deployment process in less time (vs rolling your own).

Announcing the HashiCorp Vault Helm Chart

We are excited to announce the public availability of HashiCorp Vault 1.2. Vault is a tool to provide secrets management, data encryption, and identity management for any infrastructure and application.

Announcing HashiCorp Vault 1.2

HashiCorp will be a sponsor at the AWS re:Inforce conference in Boston happening June 25-26, 2019. In this blog, we explore how HashiCorp Vault helps secure AWS environments using principles from the Cloud Operating Model.

Ahead of re:Inforce: Security in the Cloud Operating Model with AWS and HashiCorp

Become proficient with new Vault features including the Transit Secrets Engine, the OpenID Connect Auth Method, Vault Agent, and Vault Auto-Unseal.

Vault Learning Resources: Transit Secrets Engine, OpenID Connect Auth Method

We are excited to announce the public availability of HashiCorp Vault 1.1. Vault is a tool to provide secrets management, data encryption, and identity management for any infrastructure and application. Vault 1.1 is focused on building a foundation of new infrastructure for delivering a host of advanced platform features for upcoming releases of Vault and Vault Enterprise.

Vault 1.1

Learn to use features of Vault 1.1 including agent caching, replication, auto-unseal, and Kubernetes integration.

Vault Learning Resources: 1.1, Caching, Kubernetes, Unseal, Azure, Replication

Today, HashiCorp announced the formation of a new professional services program for enterprise customers. HashiCorp customers are now able to purchase additional professional services packages as a part of their enterprise agreements. HashiCorp has brought on highly skilled individuals to serve on its “virtual consulting bench” who will deliver these services. The purpose of this blog is to explain why we have decided to start offering professional services and explain more about what the program entails.

Introducing the HashiCorp Professional Services Program

In addition to providing for more rapid deployments, Terraform has features for securing those deployments and lowering risk.This blog will cover the features you can use to improve the security posture of your infrastructure: Sentinel policy as code, Terraform module registry, and HashiCorp Vault integration.

Using Terraform to Improve Infrastructure Security Posture

Learn from hands-on labs to build proficiency with Vault 1.0, auto-unseal, Kubernetes, and other secrets management features.

Vault Learning Resources: 1.0, Auto-unseal, Agent, Kubernetes

In this blog post, we’ll look at practical public key certificate management in Vault, which uses a dynamic secrets approach.

X.509 Certificate Management with Vault

Today we are excited to announce the public availability of HashiCorp Vault 1.0. Vault is a tool to manage secrets and protect sensitive data for any infrastructure and application.

Vault 1.0 is focused on renovating Vault's infrastructure to support high performance, scalable workloads.

HashiCorp Vault 1.0

Today at HashiConf 2018 in San Francisco, we are announcing major updates across our entire suite of open source and enterprise products. Our mission is to allow users to run applications on any infrastructure, cloud or on-premises, using a modern infrastructure as code approach. This blog is a summary of the announcements being made at the event.

HashiCorp Product Announcements at HashiConf 2018

As a follow-up to the HashiCorp Consul plus Kubernetes blog series, this blog highlights our recent work to provide first-class support for Kubernetes across HashiCorp product line.

Announcing First-Class Kubernetes Support for HashiCorp Products

The HashiCorp learn platform is focused on HashiCorp product education for practitioners. The platform is self-guided, so you can follow along at your own pace and schedule. The courses start with beginner introductions and progressively go through intermediate and advanced topics.

Announcing the HashiCorp Learn Platform for HashiCorp Vault

To highlight the growing support for Terraform and Vault, Microsoft invited HashiCorp to participate in a series of technical videos for IT practitioners. Anubhav Mishra, developer advocate for HashiCorp, and Zachary Deptawa, cloud developer advocate for Microsoft, created four videos to introduce and educate users on how these tools work together and what challenges they address.

Microsoft Publishes Video Series on HashiCorp Terraform and Vault

We are excited to announce the release of HashiCorp Vault 0.11! Vault is a security tool for secrets management, data encryption, and identity-based access among other features.

The 0.11 release of Vault delivers new features to streamline the management of tokens for applications and users attempting to access Vault, provide secure multi tenancy for multiple teams and organizations using a single Vault installation, and other features focused on enhancing system performance and automation.

HashiCorp Vault 0.11

The Vault team is quickly closing on the next major release of Vault: Vault 0.11. As we approach the release we will preview some of the new functionality coming soon to Vault Open Source and Vault Enterprise. 

This post will focus on Vault Agent: a new feature in all versions of Vault that manages the process of secure introduction and the management of tokens for accessing dynamic secrets.

Vault 0.11 Feature Preview: Vault Agent

The Vault team is quickly closing on the next major release of Vault: Vault 0.11. As we approach the release we will preview some of the new functionality coming soon to Vault Open Source and Vault Enterprise. 

This post will focus on namespaces: a new feature in Vault Enterprise that enables the creation and delegated management of secure multi-tenant environments within a single Vault Enterprise infrastructure.

Vault 0.11 Feature Preview: Namespaces

Some personal thoughts from Jeff Mitchell on Vault winning the OSCON 2018 Breakout Project of the Year Award.

HashiCorp Vault wins OSCON 2018 Breakout Project of the Year Award

This blog announces the latest product integrations available from our Technology Partner Ecosystem for HashiCorp Terraform and Vault.

Partner Product Integrations Announcement: Hetzner Cloud, Flexible Engine, Yubico, and Fortanix

In this post webinar blog post, we review using HashiCorp Vault as a backend for secret storage via Puppet's Hiera lookup tool. We also showcase a demo environment and architecture, as well as answer pending questions from the webinar.

How to Use Vault with Hiera 5 for Secret Management with Puppet

Today, Centrify is proud to announce the integration of the Centrify Identity Service with HashiCorp Vault for role-based user authentication and access to the Vault.

Introducing Centrify Identity Services for HashiCorp Vault

We are excited to announce the release of HashiCorp Vault 0.10. Vault is an identity-based security product that provides secrets management, encryption as a service, and identity and access management, that leverages any trusted source of identity to enforce access to systems, secrets, and applications.

The 0.10 release of Vault delivers new features to help with automating secrets management and enhancing Vault's ability to operate natively in multi-cloud environments. In addition to this new functionality Vault 0.10 will open source the Web UI.

HashiCorp Vault 0.10

A lot of HashiCorp users and employees love our whole suite of products, but like with your grandmother, it’s almost impossible not to have one slight predilection over one of our creations (says the favorite grandchild). In my case, my predilection for HashiCorp Nomad is quite evident, to the point of being a running joke among the European team. I think not a single customer meeting goes by without someone saying "yeah, that’s Nomad, Nico’s favorite product…".

A brief history on how to secure your workflow for job deployments in Nomad

Here at HashiCorp, we've been releasing features and constructing a roadmap for Vault that specifically assists in helping your organization comply with GDPR, or the General Data Protection Regulation standard that is set to go live in May 25, 2018. We're excited to share and explain how some of these Vault features can be used to comply with specific GDPR articles.

We specifically developed Vault to manage, store, and protect sensitive information in a way that reduces secret sprawl but also enables global organizations to operate at a very large scale. In a world where secrets are spread in a global manner, this use case is critical especially if you are spanning your infrastructure across multiple public and private clouds. In the context of GDPR, this use case becomes extremely critical, as it requires us to be more sensitive to where our data is moving or sitting at any given time physically and forces us to put our best effort to protect the data sovereignty of our sensitive information.

Preparing for GDPR Compliance with HashiCorp Vault

At Banzai Cloud we are building an open source next generation platform as a service, Pipeline - built on Kubernetes. With Pipeline we provision large multi-tenant Kubernetes clusters on all major cloud providers and deploy different workloads to these clusters. We needed to find an industry standards based way for our users to publish and interact with protected endpoints and at the same time provide dynamic secret management for all the different applications we support, all these with native Kubernetes support. After several proof-of-concepts, we chose Hashicorp Vault. 
In this post we’d like to highlight how we use Vault and provide technical insight into the available options.

Secure Kubernetes Deployments with Vault and Banzai Cloud 

Whenever adopting any new software products, there are always operational considerations. Particularly in the case of HashiCorp Vault, HashiCorp’s centralized secrets management solution, is a double edge sword, where the security is only as good as the governance around it

Continuously Integrating Policy Into Vault

The AppRole auth method provides a workflow for application or machines to authenticate with Vault. This post explores how applications and machines can use AppRole auth method to authenticate with Vault in a modern CI/CD pipeline.

Authenticating Applications with HashiCorp Vault AppRole

Every modern application has a requirement for encrypting certain amounts of data. The traditional approach has been either relying on some sort of transparent encryption. While this clearly minimizes the requirement for encryption within the application, it doesn’t secure the data from attacks like a SQL Injection, or someone just dumping data since their account had excessive privileges, or though exposure of backups.

Understanding the Performance Overhead of Encryption

Secret management is one of the core use cases for Vault. Today, many organizations have credentials hard coded in source code, littered throughout configuration files and configuration management tools, and stored in plaintext in version control, wikis, and shared volumes. Vault provides a central place to store these credentials, ensuring they are encrypted, access is audit logged, and exposed only to authorized clients. Achieving this centralization is a huge improvement in security posture, but its not the end of the journey. This is because applications don't keep secrets! Vault presents an answer to this problem in the form of "Dynamic Secrets".

Why We Need Dynamic Secrets

This is a guest post by Jeff Ploughman, a Security Architect at T. Rowe Price and founder of the DC-Baltimore HashiCorp User Group; this work was done in his role as an Ethereum aficionado and open source contributor. 

HashiCorp Vault focuses on keeping application data secure across distributed infrastructure by tightly coupling your trusted identity with brokering access and managing sensitive organizational information and secrets. An Ethereum Wallet (add link) is a gateway to decentralized applications on the Ethereum blockchain. It allows you to hold and secure ether and other crypto-assets built on Ethereum, as well as deploy and use smart contracts. This blog will look at how the two can work seamlessly together.

Using Vault to Build an Ethereum Wallet

As organizations adopt one or more public clouds they are faced with the challenge of securely providing access to secret material, such as usernames and passwords, API tokens, encryption keys, and TLS certificates. This problem is known as secret management, and there are several primary challenges including authentication, authorization, auditing, and supporting a diverse set of environments, clients, and end systems.

Brokering Cloud Identity

We are excited to announce the release of HashiCorp Vault 0.9. Vault is an infrastructure automation security product that provides secrets management, encryption as a service, and privileged access management. The 0.9 release of Vault is focused on new functionality that improves Vault’s governance and data security capabilities across globally-distributed, multi-cloud environments.

HashiCorp Vault 0.9

Transparent Data Encryption (TDE) is a technology coined by Microsoft, IBM, and Oracle to encrypt databases on the filesystem. TDE attempts to solve the problem of protecting data at rest, encrypting databases both on the hard drive and consequently on backup media. It does not protect data in transit, nor data in use. Organizations often employ TDE to solve compliance issues which require the protection of data at rest.

Transparent Data Encryption in the Modern Datacenter

Vault is an open source tool for managing secrets. Earlier we showcased how Vault provides Encryption as a Service and how to build custom Vault plugins. This post explores a lesser-known feature of Vault Open Source and Vault Enterprise: token helpers.

Building a Vault Token Helper

Vault is an open source tool for managing secrets. Earlier we showcased how Vault provides Encryption as a Service and how New Relic trusts HashiCorp Vault for their platform. This post explores extending Vault even further by writing custom auth plugins that work for both Vault Open Source and Vault Enterprise.

Building a Vault Secure Plugin

We are pleased to announce the release of HashiCorp Vault 0.8.3. The highlight of the latest release is a Kubernetes authentication backend. For Vault Enterprise, we are also releasing an integration with Sentinel, HashiCorp's policy as code framework announced at HashiConf.

HashiCorp Vault 0.8.3

Today at HashiConf 2017 in Austin, Texas, we announced major updates and new features across our entire suite of open source and enterprise products, including HashiCorp Terraform, HashiCorp Vault, HashiCorp Consul, and HashiCorp Nomad. In addition to these product updates, we announced the release of Sentinel, our new policy as code framework that integrates across the Enterprise product suite, and the Terraform Module Registry, which provides example infrastructure templates to make provisioning across cloud environments easier, and so much more.

HashiCorp Announcements at HashiConf 2017

We are proud to announce the release of HashiCorp Vault 0.8.2, which includes a number of new features, improvements, bug fixes, and a security notice.

HashiCorp Vault 0.8.2

We are proud to announce the release of HashiCorp Vault 0.8.1, which includes a number of exciting new features, improvements, and bug fixes.

In addition to a number of bug fixes and minor enhancements, Vault 0.8.1 contains new functionality including Google Cloud Platform IAM Authentication Backend support, Oracle Database Secret Backend support, and much more.

HashiCorp Vault 0.8.1

We are proud to announce the release of HashiCorp Vault 0.8. Vault is an infrastructure automation security product that provides secrets management, encryption as a service, and privileged access management.

The 0.8 release of Vault is focused on bringing major, new functionality to Vault and includes additional new features, secure workflow enhancements, general improvements, and bug fixes.

HashiCorp Vault 0.8

This is a guest post by Matthew Lapworth, Senior Application Security Engineer at New Relic.   New Relic is a leading digital intelligence company, delivering full-stack visibility and analytics with more than 14,000 paid business accounts. The New Relic Digital Intelligence Platform provides actionable insights to drive digital business results. Companies of all sizes trust New Relic to monitor application and infrastructure performance so they can quickly resolve issues, and improve digital customer experiences.
At New Relic, our systems and infrastructure had grown, and we were facing challenges with securely storing and managing credentials. HashiCorp Vault has provided us with a consistent approach to manage secrets and credentials.

HashiCorp Vault helps New Relic manage secrets for their digital intelligence platform

This is a guest post by Rani Osnat, VP Marketing at Aqua Security. Aqua is a HashiCorp technology partner and focuses on securing container-based applications from development to production, on any platform. 
Aqua Security, founded in 2015, focuses on securing applications that are developed and run using virtual containers, e.g. using Docker. We provide automated security controls for the entire lifecycle of containers, starting from development and all the way to protecting container workloads in production. We work with  large enterprises that already use containers or are migrating to containers, and have security and regulatory requirements to ensure their applications are protected and monitored.
We chose to integrate with HashiCorp Vault after learning of a customer need for secrets management in containers. Vault is the leading product for secrets management in the enterprise, is widely used by large enterprises, and is easy to integrate with.

Aqua Security helps enterprises to securely manage secrets in containers with Vault

Companies today are adopting the cloud and looking for ways to accelerate application delivery. Migrations can often times create challenges around data privacy and secrets management, since distributed applications and infrastructure need to share and transmit data between different components and layers. HashiCorp Vault Encryption as a Service focuses on keeping application data secure across distributed infrastructure.

How Vault Encrypts Application Data During Transit and at Rest 

We are proud to announce the release of HashiCorp Vault 0.7.3, which includes a number of exciting new features, improvements, and bug fixes, as well as some security updates.

HashiCorp Vault 0.7.3

This is a guest post by Joel Thompson, Systems Engineer at Bridgewater Associates. Joel is a user of Vault at Bridgewater Associates and a contributor to the HashiCorp Vault project, specifically for the AWS IAM Authentication method discussed in this post.
HashiCorp released Vault 0.7.1 which ships with a major enhancement to the AWS-EC2 authentication backend, now renamed to the AWS authentication backend, making it easy for many different AWS resource types to securely authenticate with Vault and get a Vault token. Lambda functions, ECS jobs, EC2 instances, or any other client with access to AWS IAM credentials can use those credentials to securely authenticate to Vault to retrieve their secrets. I'm really excited about the feature, and I think it'll be a game changer for all the security-conscious AWS customers out there.
First, though, some introductions. Bridgewater Associates is focused on understanding how the world works. By having the deepest possible understanding of the global economy and financial markets, and translating that understanding into great portfolios and strategic partnerships with institutional clients, we've built a distinct track record of success. Today, we manage about $160 billion for approximately 350 of the largest and most sophisticated global institutional clients including public and corporate pension funds, university endowments, charitable foundations, supranational agencies, sovereign wealth funds, and central banks.
A few years ago, Bridgewater started moving to Amazon Web Service's cloud offering, and I was one of the first engineers involved with that effort. We loved many of the advantages offered by AWS, but there was one problem that had consistently caused us pain. How do we take advantage of the dynamic compute capabilities offered by a cloud provider without sacrificing security? Or, to put it concretely, how do we securely grant new instances in an AWS autoscaling group access to secrets they need?

Bridgewater: Securing their AWS Infrastructure with Vault

We are proud to announce the release of HashiCorp Vault 0.7.1, which includes a number of exciting new features, improvements, and bug fixes.

HashiCorp Vault 0.7.1

This is a guest post by Grant Joy, Senior DevOps Engineer at Distil Networks.
Distil Networks blocks bots. We protect websites from attacks like site scraping, ticket sniping, and click fraud. Founded in 2011 by three good friends, our company atmosphere is one of friendship and hard work. Distil has over 150 employees and five offices worldwide.  Our U.S. offices are in California, North Carolina, and Virginia. Our international offices include London, England and Stockholm, Sweden. We recently partnered with Verizon to rapidly expand our content delivery network.
We have a lot of secrets. These secrets include database passwords, certificates, and private keys.  We are serious when it comes to the job of protecting them.  Shipping our code with speed and reliability in mind is essential. In support of this goal, we needed a secret storage system with high availability built in.
HashiCorp released Vault in 2015, around the time we were looking for a solution for secrets.

Distil Networks securely stores and manages all their secrets with Vault and Consul

We are proud to announce the release of HashiCorp Vault 0.7.  Vault provides secrets management, encryption as a service, and privileged access management.  
There is a necessary shift as traditional network-based approaches to security are being challenged by the increasing adoption of cloud and an architectural shift to highly elastic and microservice-oriented architectures. Organizations now must thread security within the application in addition to relying on perimeter-based security and traditional firewalls. Vault provides a necessary last line of defense to secure any application infrastructure.
Vault 0.7 adds major new functionality to both open source and enterprise versions. Highlights include: 

Multi-datacenter replication (Enterprise) 
Parameter-scoped ACLs
SSH backend as a Certificate Authority

The release includes additional new features, secure workflow enhancements, general improvements, and bug fixes.  The Vault 0.7 Changelog provides a full list of features, enhancements, and bug fixes. Also, note that some of these changes occurred in Vault 0.6.5, but were not covered in previous blog posts.  As always, a big thanks to our community for their ideas, bug reports, and pull requests.

HashiCorp Vault 0.7

I had the privilege of joining Adam Stacoviak on the popular Changelog podcast to talk about Vault and modern secrets management. Vault allows users to centrally store, secure, and tightly control access to secrets across distributed infrastructure, applications, and humans.

Vault on the Changelog Podcast

We are pleased to announce the release of the official Cloud Foundry HashiCorp Vault Service Broker. This service broker connects to an existing Vault cluster and can be used by multiple tenants within Cloud Foundry to securely store, access, and encrypt using Vault.

Cloud Foundry Vault Service Broker

We are pleased to announce the release of Vault v0.6.5. This release includes several new features, improvements, and bug fixes.

HashiCorp Vault v0.6.5

The following is a guest blog post from Aater Suleman, CEO at Flux7. Flux7 is one of HashiCorp's Premier System Integration partners and have successfully helped deploy dozens of customer environments using the HashiCorp stack.

As a HashiCorp consulting partner, Flux7 helps organizations establish a framework for repeatable deployments of Vault on top of their existing infrastructure or as part of a new infrastructure solution. We began working with HashiCorp Vault two years ago in response to increased requests from Chief Information Security Officers (CISOs) who wanted to ensure their company’s cloud migration or greenfield deployment met the organization’s risk, security, and compliance objectives.

Flux7 helps customers securely run applications in the cloud with Vault

Cybersecurity remains a critical area of concern for the public and private sector. According to IBM and the Ponemon Institute, last year saw 383 publicized malicious data breaches targeting the public and private sector globally, dealing north of $1.5B in direct damage and potentially trillions of dollars in lost intellectual property.
HashiCorp Vault has a unique role in responding to these security trends. Vault secures, stores, and tightly controls access to secrets across distributed application infrastructure. The unique portfolio of features allows users of various security expertise to craft strong defenses against real-world cybercriminal adversaries. In this post we'll talk through real-world attack vectors and how Vault can be used to protect against them:

Preventing large scale data breaches with secrets management
Limiting privilege escalation with privileged access management
Protecting customer data with encryption as a service

Addressing Top Security Threats with Vault

At HashiCorp, we make tools that automate the modern datacenter, so you can secure, provision, and run any application on any infrastructure. Today we are excited to announce the general availability of AWS Quick Start Guides for two of our popular open source tools: Consul and Vault.

Consul and Vault on AWS: Quick Start Guides

One of the pillars behind the Tao of HashiCorp is &amp;quot;Automation through Codification&amp;quot;. Recently I had the pleasure of participating in some very thoughtful discussions on whether Vault embodies that principle, specifically as it relates to Vault's configuration and policies.
This post discusses techniques for capturing your Vault policies and configurations in source control, providing repeatable workflows, continuous integration of policy testing, and much more.