News Feed Item

HashiCorp Vault Expands Security Governance Capabilities and Multi-Cloud Integration in Latest Release

New Release Introduces FIPS 140-2 Compliance Along with Vault Entities and Auto-Unseal Integration for AWS and Google Cloud

SAN FRANCISCO, CA -- (Marketwired) -- 11/14/17 -- HashiCorp, a leader in cloud infrastructure automation, today released HashiCorp Vault 0.9 with significant updates to both the open source and enterprise versions centered around identity and governance. Updates include an identity store to enable privileged access management across multiple identity providers, auto-unseal for AWS Key Management Service (KMS) and Google Cloud Platform (GCP) KMS, FIPS 140-2 compliance, and deeper integration with Sentinel, HashiCorp's new policy as code framework.

"HashiCorp Vault is critical in protecting and managing secrets in our highly distributed environment -- for authorization and other sensitive data," said Jay Christopherson, principal engineer, DevOps, Spaceflight. "With the addition of Vault being FIPS 140-2 compliant, it not only changes how we manage policies and access in secure environments, it adds compliance that allows us to operate securely in the federal space."

Vault is broadly used among the Global 2000 to address the challenge of infrastructure and application security in distributed environments. The Vault open source product addresses core security use cases for secrets management, encryption as a service, and privileged access management. Vault Enterprise enables teams and organizations to extend Vault with collaboration and operations features, provide governance capabilities, and scale Vault across multiple data centers.

Vault 0.9 introduces several new features and functionality to improve operations around identity and policy management:

  • Entities: Entities tie clients into a long-lived logical identity that can be more easily managed. Clients can associate their logical identity with multiple identity services, making access control and auditing much simpler.
  • Identity Groups: Group support allows multiple entities to be managed as a group, simplifying role-based access control. Groups can be members of other groups, allowing for better organizational modeling and management.
  • Control Groups (Vault Enterprise Premium Only): Control groups are used to enable "dual approver" workflows. For highly sensitive operations or secrets, Control Groups ensure multiple different individuals approve an operation for better separation of privilege and compliance with regulatory regimes.

In addition to features and improvements around identity and policy management, Vault 0.9 expands governance capabilities with Sentinel integration, HashiCorp's new policy as code framework, along with new FIPS 140-2 compliance and Seal Wrapping functionality. Sentinel integration and Seal Wrap/FIPS 140-2 compliance are both available in Vault Enterprise Premium only. Vault can now operate in environments where FIPS 140-2 encryption is required for secrets management and encryption as a service.

  • Sentinel Integration: Enforces fine-grained policy controls around access and other dynamic security concerns. Vault exposes Sentinel in two different contexts: Role Governing Policies (RGP) and Endpoint Governing Policies (EGP). RGPs add an additional layer of fine-grained logic to the existing role-based access controls within Vault. EGPs are enforced in front of specified Vault APIs across all roles and add an additional layer of global policy to Vault. The global enforcement of EGPs simplifies regulatory compliance by providing mandatory, auditable policy enforcement. Both provide more control and depth to Vault's security model and policy system.
  • Seal Wrap: Allows for double wrapping the cryptography within Vault using a Hardware Security Module's (HSM's) cryptographic modules and random number generator. Seal Wrapping also provides in-flight and at-rest sealing encryption, as well as the ability for Vault to work as a Certificate Authority for key validation and generation. Seal Wrapping has been audited and certified compliant by Leidos, a major security audit and innovation lab. For more details on Vault's Seal Wrapping compliance, see: http://www.marketwire.com/mw/redirect.jsp?id=1324993&sourceType=1

"With the acceleration of cloud adoption, the traditional security perimeter around infrastructure and applications is disappearing," said Armon Dadgar, founder and co-CTO of HashiCorp. "Large organizations are rethinking their approach to security and adopting Vault to provide a solution for secret management, privileged access management, and encryption as a service suited to this new world. The new capabilities in Vault 0.9 give our customers broader support across their range of technologies and clouds, deeper platform integrations, plus validation from our new FIPS 140-2 compliance."

Additionally, Vault 0.9 introduces several updates aimed at collaboration and operations in Vault Enterprise Pro:

  • New UI Re-design and Enhancements: This release overhauls the Vault Enterprise UI to bring its design language in line with other HashiCorp Enterprise products as well as to streamline common workflows.
  • Vault Auto-unseal on AWS: Automate and manage auto-unseal of Vault Enterprise Pro and Premium systems using unseal keys stored in AWS KMS.
  • Vault Auto-unseal on GCP: Automate and manage auto-unseal of Vault Enterprise Pro and Premium systems using unseal keys stored in GCP Cloud KMS.

Additional Resources


HashiCorp Vault 0.9 is generally available today. The new capabilities in Vault Enterprise 0.9 enhance the already rich set of enterprise features. Users can download the open source version of Vault at https://www.vaultproject.io. Vault Enterprise is available in two versions: Vault Enterprise Pro focuses on collaboration and operational features, like a UI for managing secrets, health monitoring, and initialization and secure bootstrapping workflows, while Vault Enterprise Premium focuses on multi-datacenter functionality and governance, with features such as HSM integration, replication, and support for Sentinel policy framework integration. For more information about HashiCorp Vault Enterprise, visit https://www.hashicorp.com/products/vault/.

About HashiCorp

HashiCorp is a cloud infrastructure automation company that enables organizations to adopt consistent workflows to provision, secure, connect, and run any infrastructure for any application. HashiCorp open source tools Vagrant, Packer, Terraform, Vault, Consul, and Nomad are downloaded thousands of times per day and are broadly adopted by the Global 2000. Enterprise versions of these products enhance the open source tools with features that promote collaboration, operations, governance, and multi-data center functionality. The company is headquartered in San Francisco and backed by Mayfield, GGV Capital, Redpoint, and True Ventures. For more information, visit https://www.hashicorp.com or follow HashiCorp on Twitter @HashiCorp.

Media and Analyst Contact:
Amber Rowland
[email protected]

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
Recently, REAN Cloud built a digital concierge for a North Carolina hospital that had observed that most patient call button questions were repetitive. In addition, the paper-based process used to measure patient health metrics was laborious, not in real-time and sometimes error-prone. In their session at 21st Cloud Expo, Sean Finnerty, Executive Director, Practice Lead, Health Care & Life Science at REAN Cloud, and Dr. S.P.T. Krishnan, Principal Architect at REAN Cloud, discussed how they built...
Mobile device usage has increased exponentially during the past several years, as consumers rely on handhelds for everything from news and weather to banking and purchases. What can we expect in the next few years? The way in which we interact with our devices will fundamentally change, as businesses leverage Artificial Intelligence. We already see this taking shape as businesses leverage AI for cost savings and customer responsiveness. This trend will continue, as AI is used for more sophistica...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
The “Digital Era” is forcing us to engage with new methods to build, operate and maintain applications. This transformation also implies an evolution to more and more intelligent applications to better engage with the customers, while creating significant market differentiators. In both cases, the cloud has become a key enabler to embrace this digital revolution. So, moving to the cloud is no longer the question; the new questions are HOW and WHEN. To make this equation even more complex, most ...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and simple way to introduce Machine Leaning to anyone and everyone. He solved a machine learning problem and demonstrated an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intelligence and B...
Blockchain is a shared, secure record of exchange that establishes trust, accountability and transparency across business networks. Supported by the Linux Foundation's open source, open-standards based Hyperledger Project, Blockchain has the potential to improve regulatory compliance, reduce cost as well as advance trade. Are you curious about how Blockchain is built for business? In her session at 21st Cloud Expo, René Bostic, Technical VP of the IBM Cloud Unit in North America, discussed the b...
The past few years have brought a sea change in the way applications are architected, developed, and consumed—increasing both the complexity of testing and the business impact of software failures. How can software testing professionals keep pace with modern application delivery, given the trends that impact both architectures (cloud, microservices, and APIs) and processes (DevOps, agile, and continuous delivery)? This is where continuous testing comes in. D
SYS-CON Events announced today that Synametrics Technologies will exhibit at SYS-CON's 22nd International Cloud Expo®, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. Synametrics Technologies is a privately held company based in Plainsboro, New Jersey that has been providing solutions for the developer community since 1997. Based on the success of its initial product offerings such as WinSQL, Xeams, SynaMan and Syncrify, Synametrics continues to create and hone in...
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, examined the regulations and provided insight on how it affects technology, challenges the established rules and will usher in new levels of diligence arou...
Nordstrom is transforming the way that they do business and the cloud is the key to enabling speed and hyper personalized customer experiences. In his session at 21st Cloud Expo, Ken Schow, VP of Engineering at Nordstrom, discussed some of the key learnings and common pitfalls of large enterprises moving to the cloud. This includes strategies around choosing a cloud provider(s), architecture, and lessons learned. In addition, he covered some of the best practices for structured team migration an...
As you move to the cloud, your network should be efficient, secure, and easy to manage. An enterprise adopting a hybrid or public cloud needs systems and tools that provide: Agility: ability to deliver applications and services faster, even in complex hybrid environments Easier manageability: enable reliable connectivity with complete oversight as the data center network evolves Greater efficiency: eliminate wasted effort while reducing errors and optimize asset utilization Security: imple...
The 22nd International Cloud Expo | 1st DXWorld Expo has announced that its Call for Papers is open. Cloud Expo | DXWorld Expo, to be held June 5-7, 2018, at the Javits Center in New York, NY, brings together Cloud Computing, Digital Transformation, Big Data, Internet of Things, DevOps, Machine Learning and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding busin...
No hype cycles or predictions of a gazillion things here. IoT is here. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, an Associate Partner of Analytics, IoT & Cybersecurity at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He also discussed the evaluation of communication standards and IoT messaging protocols, data...
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structures and systems with limitations. Until now. As the cloud toolkit to analyze data has evolved, GPUs have stepped in to massively parallel SQL, visualization and machine learning.
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...