Infrastructure and security releases open HashiConf 2023

Today at HashiConf, we are excited to announce a host of important new products, features, and updates spanning our entire product line. The new products and features focus on enhancing workflow automation for developers and lifecycle management for cloud platform teams across both infrastructure and security.

Dealing with cloud infrastructure and addressing related security challenges highlights two key areas of concern for many organizations: making the cloud easily accessible to developers — in a secure, cost-effective, and efficient way. Our HashiConf announcements focus on infrastructure and security concerns, with an ongoing mission of delivering developer-driven workflows that are well integrated with the standardized, shared services enabled by platform teams.

»Infrastructure

Infrastructure is the unseen enabler of innovation across modern companies. The new features and products announced today enhance the capabilities and workflows of teams that build infrastructure using HashiCorp Terraform, HCP Packer, and HCP Waypoint.

»New Terraform testing and UX features

The latest Terraform and Terraform Cloud capabilities are designed to improve developer velocity, code quality, and infrastructure cost management. The new announcements include:

• Terraform test framework (generally available) to help developers produce higher-quality modules more quickly using a native testing framework that operates using the HashiCorp configuration language (HCL) to remove the need for context switching or additional learning
• Test-integrated module publishing (beta) to streamline the testing and publishing process
• Generated module tests (beta) that leverage AI to help module authors get started in seconds
• Enhanced editor validation in Microsoft Visual Studio Code (generally available) to make it easier to find and resolve errors
• Stacks* (in private preview) to simplify dependency management and module deployment ordering
• Ephemeral workspaces (generally available) that have expiration times to automatically remove non-production resources, optimizing infrastructure spend

For more information, see our blog post: New Terraform testing and UX features reduce toil, errors, and costs.

* U.S. and foreign patents pending

»HCP Packer webhooks and streamlined run task reviews

HCP Packer, a powerful tool for tracking, governing, and managing image artifacts across multi-cloud environments, adds two key new features: project-level webhooks and streamlined run task reviews.

Webhooks let users notify external systems about specific image-related events using automation, which delivers more comprehensive workflow automation and reduced manual effort as well as enhanced security by mitigating the risk of human errors such as missed notifications and forgotten image management tasks.

Streamlined run task reviews provide meaningful context on run task evaluations for the HCP Packer run task on Terraform Cloud to improve security and compliance and make issue remediation more efficient.

For more information, see our HCP Packer now supports webhooks and streamlined run task reviews blog post.

»New roadmap for HCP Waypoint

Originally aimed at helping standardize application delivery across platforms, our updated vision for HCP Waypoint is to empower platform teams to define golden patterns and workflows for developers to manage applications at scale. Along with the new vision, we are announcing a pair of new features for HCP Waypoint designed to help platform teams abstract and share standardized workflows with developers, without making them worry about the infrastructure details.

The new features include templates, which enables enterprise platform teams to abstract and standardize application scaffolding, and add-ons, which helps define application dependencies, such as infrastructure resources, using Terraform, and makes them available to application developers as dependencies.

For more information see our blog post on A new vision for HCP Waypoint.

»Security

Companies that make security the default and simplify security best practices for developers typically see fewer, less disruptive breaches. Today’s new features and products further enable secure software delivery for teams that use HashiCorp Vault (HCP and Enterprise), Boundary (HCP and Enterprise), and Consul (Community and HCP).

»HCP Vault Secrets (general availability)

Generally available today, HCP Vault Secrets is a new software-as-a-service (SaaS) offering of Vault that focuses on secrets management for developers and lets users onboard quickly. HCP Vault Secrets centralizes secrets management, lets users secure secrets when and where they need them, and enables users to get up and running in minutes, for free.

The GA release of HCP Vault Secrets adds new capabilities to the beta release announced earlier this year with production-ready secrets management capabilities, additional secrets sync destinations, and multiple consumption tiers. Our always-free tier lets users manage up to 25 secrets while the extended capabilities of our Standard paid tier is priced based on a combination of secrets created and access API operations used.

To learn more, see the HCP Vault Secrets announcement blog post.

»Vault Enterprise secrets sync (beta)

Cloud secrets sync, previously available only in HCP Vault Secrets, is now available as a beta feature in Vault Enterprise 1.15. Secrets sync allows platform teams to centralize their secrets management while still letting developers easily consume secrets as needed within the applications they use every day. The Vault secrets sync beta release supports the synchronization of secrets with Amazon Web Services (AWS), Microsoft Azure, Google Cloud, GitHub, and Vercel. More integrations are planned for the feature’s general availability.

To learn more, see the New HCP Vault Secrets, Radar, and other features fight secrets sprawl blog post.

»HCP Vault Radar (alpha)

HCP Vault Radar, now in alpha, is the initial deliverable built from our June, 2023 acquisition of BluBracket, a company that focused on secret scanning. HCP Vault Radar enables customers to scan, identify, and remediate secrets inadvertently stored in source code, development environments, internal wikis, chat services, and ticketing systems. It categorizes secrets, ranks them by risk, and provides a means to remediate them. Now in an early access program, HCP Vault Radar is due to be released in beta in January 2024 with general availability later in 2024.

To learn more, see the New HCP Vault Secrets, Radar, and other features fight secrets sprawl blog post.

»Boundary Desktop embedded terminal, LDAP support, and more

HashiCorp Boundary 0.14, with an embedded terminal in the desktop client and general availability of LDAP support, is now available for download as well as for use on HCP Boundary. HashiCorp Boundary is a modern privileged access management (PAM) offering for cloud-driven environments, and Boundary 0.14 brings new capabilities to enhance the end-user experience and expanded authentication options.

Specific enhancements include a more intuitive desktop client with an embedded terminal that lets users seamlessly establish and connect to SSH sessions directly in the Boundary Desktop client as well as a fully instrumented LDAP auth method, with support in both the desktop client and admin UI. Boundary 0.14 gives AWS administrators enhanced security and access control for their most sensitive session recordings with the addition of AssumeRole authentication for storage buckets.

To learn more, see the Announcing Boundary Desktop embedded terminal, LDAP support, and more blog post.

»Consul 1.17 beta and HCP Consul Central

New features in HashiCorp Consul 1.17, now in beta, include multi-port support, locality-aware service mesh routing, sameness groups, and more. HCP Consul Central, formerly known as the management plane for HCP Consul, adds observability features for HashiCorp-managed and linked self-managed clusters.

HashiCorp Consul 1.17’s multi-port support (in beta) is a new, simplified way to onboard modern distributed applications that require different ports for various traffic types for intricate client-server communication. Locality-aware service mesh routing within a Consul datacenter optimizes traffic routing within datacenters, prioritizing local instances for lower latency and reduced costs. Sameness groups (generally available) simplifies multi-cluster operations, enhancing service reliability for enterprises.

HCP Consul Central is a cloud-based service that centralizes global visibility and management of Consul deployments, whether they’re self-managed or managed by HashiCorp. Global service catalog, cluster details, and health status are available to all Consul clusters, including Community edition clusters.

To learn more, see our blog post on Announcing Consul 1.17 beta and HCP Consul Central.

»Thank you to our contributors

These new features and enhancements would not have been possible without the dedicated efforts of the product teams across HashiCorp, as well as the essential contributions of the HashiCorp community and customers. To learn more about how these product capabilities and features can benefit your organization, click on the links above or visit https://hashiconf.com/2023/register/ and check the schedule to watch related sessions live or on demand.