Transparent sessions now GA in HashiCorp Boundary

If you want developers to do the secure thing, you have to make it easy for them. Too often, developers have to jump through hoops to follow the workflows security and identity teams prescribe. So, they don’t – leaving your company without visibility into what they’re doing and credentials unmanaged with the potential for exposure.

That’s why we built transparent sessions, now generally available. Transparent sessions are a feature in HCP Boundary and Boundary Enterprise that allows end users to connect to infrastructure resources without changing their existing workflows, habits, or client tools. Authorized and logged in? Follow your usual workflow, then, boom, you’re connected.

This post will cover the problems you can solve with transparent sessions, how the feature works, and how to get started.

»Enforce least privileged access with a VPN-like experience

When organizations introduce privileged access management (PAM) or remote access tools to their development teams, it often causes disruptions to the end-user workflow. Not only do users need to inject these tools into their daily routine, but they also need to spend time learning how to navigate the new tools and new commands. This leads to resistance, which can result in low adoption by the workforce. In addition, complex security tools can lead to back doors and shadow IT that, ironically, would increase security risk.

Transparent sessions provide a new workflow designed to make the user experience as seamless as possible, while still protecting access and enforcing security best practices. Prior to transparent sessions, end users had to directly interact with Boundary client tools in order to initiate a connection to a target.

»Connect seamlessly to approved privileged resources

With transparent sessions, users can connect to targets with minimal, and often, zero interaction with Boundary client tools. Users only use the Boundary client tools to authenticate and log onto Boundary. Once authenticated, they can proceed with their favorite client tools (SSH clients, RDP clients, etc.) to connect to their targets using an alias name. The alias name is a DNS-like string that’s customizable by the administrator and can be in the form of a hostname, a web URL, or any human-readable name. The Boundary client tools will still be available if users want to view the alias names or target resources that they’re authorized to access.

This simpler workflow reduces the barrier to entry, which leads to improved adoption and a stronger security posture for the organization. Furthermore, Boundary’s existing features like credential injection simplify the user experience even more by providing a passwordless experience, which also reduces the risk of leaked or stolen credentials. Lastly, Boundary’s tight integration with Vault to generate short-lived disposable credentials means that credentials are rendered useless if ever exposed to a bad actor.

»Secure access to web applications over HTTPS

Another benefit of transparent sessions is secure web access. With Transparent Sessions, HTTPS is now supported because Boundary intercepts and directs DNS requests to local IP addresses, maintaining HTTPS domain name integrity. As a result, users can securely access any web application over HTTPS whether they are internal services in the private network or services on the public internet. This is especially important for non-technical end users (i.e. sales, marketing, accounting, etc.) who typically use VPNs to get access to internal web applications. Boundary transparent sessions now provide them with a familiar VPN-like experience to access their web application tools in a more secure manner.

»Strengthen security with faster adoption

With the general availability of transparent sessions, HashiCorp Boundary takes a major step forward in delivering secure access without compromising user experience. By eliminating the need for users to change their workflows or learn new tools, organizations can achieve broader adoption and reduce the friction often associated with implementing security solutions.

Transparent sessions also extend Boundary’s capabilities to include secure HTTPS access, making it a practical solution not just for technical users, but for non-technical teams as well. Transparent sessions make it easier than ever to embed strong security controls into everyday workflows — reducing friction, minimizing resistance, and helping teams stay focused on building, not battling access hurdles.

»Learn more about transparent sessions

To learn more:

• Watch the Transparent sessions demo video.
• Watch the Transparent session getting started video.
• Create a free HCP account and deploy HCP Boundary for your environment.
• View transparent sessions setup details in our documentation.
• Check out our many tutorials on Boundary.
• Download the latest version of Boundary installer to try it out yourself.