News Feed Item

HashiCorp Vault Expands Security Governance Capabilities and Multi-Cloud Integration in Latest Release

New Release Introduces FIPS 140-2 Compliance Along with Vault Entities and Auto-Unseal Integration for AWS and Google Cloud

SAN FRANCISCO, CA -- (Marketwired) -- 11/14/17 -- HashiCorp, a leader in cloud infrastructure automation, today released HashiCorp Vault 0.9 with significant updates to both the open source and enterprise versions centered around identity and governance. Updates include an identity store to enable privileged access management across multiple identity providers, auto-unseal for AWS Key Management Service (KMS) and Google Cloud Platform (GCP) KMS, FIPS 140-2 compliance, and deeper integration with Sentinel, HashiCorp's new policy as code framework.

"HashiCorp Vault is critical in protecting and managing secrets in our highly distributed environment -- for authorization and other sensitive data," said Jay Christopherson, principal engineer, DevOps, Spaceflight. "With the addition of Vault being FIPS 140-2 compliant, it not only changes how we manage policies and access in secure environments, it adds compliance that allows us to operate securely in the federal space."

Vault is broadly used among the Global 2000 to address the challenge of infrastructure and application security in distributed environments. The Vault open source product addresses core security use cases for secrets management, encryption as a service, and privileged access management. Vault Enterprise enables teams and organizations to extend Vault with collaboration and operations features, provide governance capabilities, and scale Vault across multiple data centers.

Vault 0.9 introduces several new features and functionality to improve operations around identity and policy management:

  • Entities: Entities tie clients into a long-lived logical identity that can be more easily managed. Clients can associate their logical identity with multiple identity services, making access control and auditing much simpler.
  • Identity Groups: Group support allows multiple entities to be managed as a group, simplifying role-based access control. Groups can be members of other groups, allowing for better organizational modeling and management.
  • Control Groups (Vault Enterprise Premium Only): Control groups are used to enable "dual approver" workflows. For highly sensitive operations or secrets, Control Groups ensure multiple different individuals approve an operation for better separation of privilege and compliance with regulatory regimes.

In addition to features and improvements around identity and policy management, Vault 0.9 expands governance capabilities with Sentinel integration, HashiCorp's new policy as code framework, along with new FIPS 140-2 compliance and Seal Wrapping functionality. Sentinel integration and Seal Wrap/FIPS 140-2 compliance are both available in Vault Enterprise Premium only. Vault can now operate in environments where FIPS 140-2 encryption is required for secrets management and encryption as a service.

  • Sentinel Integration: Enforces fine-grained policy controls around access and other dynamic security concerns. Vault exposes Sentinel in two different contexts: Role Governing Policies (RGP) and Endpoint Governing Policies (EGP). RGPs add an additional layer of fine-grained logic to the existing role-based access controls within Vault. EGPs are enforced in front of specified Vault APIs across all roles and add an additional layer of global policy to Vault. The global enforcement of EGPs simplifies regulatory compliance by providing mandatory, auditable policy enforcement. Both provide more control and depth to Vault's security model and policy system.
  • Seal Wrap: Allows for double wrapping the cryptography within Vault using a Hardware Security Module's (HSM's) cryptographic modules and random number generator. Seal Wrapping also provides in-flight and at-rest sealing encryption, as well as the ability for Vault to work as a Certificate Authority for key validation and generation. Seal Wrapping has been audited and certified compliant by Leidos, a major security audit and innovation lab. For more details on Vault's Seal Wrapping compliance, see: http://www.marketwire.com/mw/redirect.jsp?id=1324993&sourceType=1

"With the acceleration of cloud adoption, the traditional security perimeter around infrastructure and applications is disappearing," said Armon Dadgar, founder and co-CTO of HashiCorp. "Large organizations are rethinking their approach to security and adopting Vault to provide a solution for secret management, privileged access management, and encryption as a service suited to this new world. The new capabilities in Vault 0.9 give our customers broader support across their range of technologies and clouds, deeper platform integrations, plus validation from our new FIPS 140-2 compliance."

Additionally, Vault 0.9 introduces several updates aimed at collaboration and operations in Vault Enterprise Pro:

  • New UI Re-design and Enhancements: This release overhauls the Vault Enterprise UI to bring its design language in line with other HashiCorp Enterprise products as well as to streamline common workflows.
  • Vault Auto-unseal on AWS: Automate and manage auto-unseal of Vault Enterprise Pro and Premium systems using unseal keys stored in AWS KMS.
  • Vault Auto-unseal on GCP: Automate and manage auto-unseal of Vault Enterprise Pro and Premium systems using unseal keys stored in GCP Cloud KMS.

Additional Resources


HashiCorp Vault 0.9 is generally available today. The new capabilities in Vault Enterprise 0.9 enhance the already rich set of enterprise features. Users can download the open source version of Vault at https://www.vaultproject.io. Vault Enterprise is available in two versions: Vault Enterprise Pro focuses on collaboration and operational features, like a UI for managing secrets, health monitoring, and initialization and secure bootstrapping workflows, while Vault Enterprise Premium focuses on multi-datacenter functionality and governance, with features such as HSM integration, replication, and support for Sentinel policy framework integration. For more information about HashiCorp Vault Enterprise, visit https://www.hashicorp.com/products/vault/.

About HashiCorp

HashiCorp is a cloud infrastructure automation company that enables organizations to adopt consistent workflows to provision, secure, connect, and run any infrastructure for any application. HashiCorp open source tools Vagrant, Packer, Terraform, Vault, Consul, and Nomad are downloaded thousands of times per day and are broadly adopted by the Global 2000. Enterprise versions of these products enhance the open source tools with features that promote collaboration, operations, governance, and multi-data center functionality. The company is headquartered in San Francisco and backed by Mayfield, GGV Capital, Redpoint, and True Ventures. For more information, visit https://www.hashicorp.com or follow HashiCorp on Twitter @HashiCorp.

Media and Analyst Contact:
Amber Rowland
[email protected]

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors!
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. All In Mobile is a mobile app development company from Poland. Since 2014, they maintain passion for developing mobile applications for enterprises and startups worldwide.
Both SaaS vendors and SaaS buyers are going “all-in” to hyperscale IaaS platforms such as AWS, which is disrupting the SaaS value proposition. Why should the enterprise SaaS consumer pay for the SaaS service if their data is resident in adjacent AWS S3 buckets? If both SaaS sellers and buyers are using the same cloud tools, automation and pay-per-transaction model offered by IaaS platforms, then why not host the “shrink-wrapped” software in the customers’ cloud? Further, serverless computing, cl...
JETRO showcased Japan Digital Transformation Pavilion at SYS-CON's 21st International Cloud Expo® at the Santa Clara Convention Center in Santa Clara, CA. The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get...
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...
The now mainstream platform changes stemming from the first Internet boom brought many changes but didn’t really change the basic relationship between servers and the applications running on them. In fact, that was sort of the point. In his session at 18th Cloud Expo, Gordon Haff, senior cloud strategy marketing and evangelism manager at Red Hat, will discuss how today’s workloads require a new model and a new platform for development and execution. The platform must handle a wide range of rec...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
"We view the cloud not as a specific technology but as a way of doing business and that way of doing business is transforming the way software, infrastructure and services are being delivered to business," explained Matthew Rosen, CEO and Director at Fusion, in this SYS-CON.tv interview at 18th Cloud Expo (http://www.CloudComputingExpo.com), held June 7-9 at the Javits Center in New York City, NY.
DXWorldEXPO LLC announced today that the upcoming DXWorldEXPO | CloudEXPO New York event will feature 10 companies from Poland to participate at the "Poland Digital Transformation Pavilion" on November 12-13, 2018.
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
Without lifecycle traceability and visibility across the tool chain, stakeholders from Planning-to-Ops have limited insight and answers to who, what, when, why and how across the DevOps lifecycle. This impacts the ability to deliver high quality software at the needed velocity to drive positive business outcomes. In his general session at @DevOpsSummit at 19th Cloud Expo, Eric Robertson, General Manager at CollabNet, will discuss how customers are able to achieve a level of transparency that e...
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
We all know that end users experience the internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices - not doing so will be a path to eventual ...
"DivvyCloud as a company set out to help customers automate solutions to the most common cloud problems," noted Jeremy Snyder, VP of Business Development at DivvyCloud, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.