HashiCorp Vault hits 1.0

Share
  • December 5, 2018

HashiCorp Vault 1.0 is here, which means the company currently has four projects that have reached 1.0. Vault is a tool to manage secrets and protect sensitive data for any infrastructure and application.

The latest release is a major milestone; since it introduces significant new functionality, the company is offering general upgrade instructions, as well as a Vault 1.0-specific upgrade page. Check out the Vault 1.0 changelog for the full list of features, enhancements, and bug fixes.

You can download Vault 1.0 here

Before we dive deeper into the goodies included in HashiCorp Vault 1.0, let’s have a look at the journey to Vault 1.0, as explained by Armon Dadgar, HashiCorp founder & co-CTO.

You can find the full transcript here.

HashiCorp Vault 1.0: Highlights

Vault came into being almost four years ago; it was born out of the company’s desire to find out how an organization has a central place to define where all their secrets live. The latest release is focused on renovating Vault’s infrastructure to support high performance, scalable workloads, according to the blog post announcing Vault 1.0.

The list of highlights includes:

  • Batch Tokens: A new type of token optimized for high performance, ephemeral workloads.

Their biggest benefit is that since they do not write to disk, the performance cost of any operation within Vault is significantly reduced. However, the downside is that they are not persistent and should not be used for any kind of long-lived or ongoing operation or any operation that requires resiliency of that token in the face of the failure or downtime of the Vault cluster.

Batch tokens are well-suited for large batches of single-purpose operations but ill-suited for operations such as persistent access for secrets within a K/V engine.

  • Open Source Cloud Auto Unseal: Cloud-based auto unseal is now open source.

In short, all Vault users can leverage cloud services such as AWS KMS, Azure Key Vault, and GCP CKMS to manage the unseal process for Vault. HashiCorp decided to open source Cloud Auto Unseal in order to make the process of storing and reassembling Shamir’s keys for simple for everyone.

Keep in mind that HSM-based Auto Unseal (via the PKCS#11 standard) and Seal-Wrap will continue to remain features within Vault Enterprise.

SEE ALSO: The meteoric rise of Go and why HashiCorp is betting on it

  • OpenAPI Support: Vault now supports the OpenAPI standard.

The latest release supports the Open API Initiative’s OpenAPI standard. With the /sys/internal/specs/openapi endpoint, Vault can generate an OpenAPI v3 document that describes mounted backends and endpoint capabilities for a given token’s permissions.

  • Updated UI: Significant updates to the Vault UI for better ease of use.

There are a bunch of changes to the Vault UI, including wizards to help introduce new users to common Vault workflows for configuring Vault and storing secrets, updated screens for how users mount auth methods and secret engines, support for managing key versioning within the K/V v2 secrets engine, to name a few. The aim of the updated UI is to ensure that Vault can almost completely be deployed, initialized, and managed from within the Vault UI.

  • GCP Cloud KMS Secrets Engine: Manage GCP CKMS keys from within Vault.

With Vault 1.0, the company released a new secrets engine for managing cryptographic operations within Google Cloud Platform’s Cloud Key Management System. This interface allows for transit-like decrypt/encrypt operations, key creation, and key management within external GCP CKMS systems.

Make sure to upgrade and test HashiCorp Vault 1.0 in an isolated environment. If you experience any issues, report them on the Vault GitHub issue tracker or post to the Vault mailing list.

The post HashiCorp Vault hits 1.0 appeared first on JAXenter.

Source : JAXenter