Boundary 0.16 improves user experience and governance by enabling simplified target connection with custom resource aliases, flexible storage options for session recordings with MinIO, and improved search and filtering.
We’re excited to announce the release of HashiCorp Boundary 0.16, which introduces aliases (available across all editions), an additional session recording storage option with MinIO (available on HCP Plus and Enterprise editions), and improved search capabilities with the admin UI (available across all editions).
Since its inception, Boundary has provided a foundation for modern privileged access management (PAM) with highly automated workflows and identity-driven controls to secure access dynamically. Today, Boundary continues to drive a seamless end-user experience with capabilities that improve resource searchability and add more storage options for session recordings.
As part of an ongoing initiative to drive simplicity, aliases let you use a custom name for target resources. Prior to the availability of aliases, when using the Boundary CLI to establish a new connection, end users needed to include the target ID of the desired target resource. This required them to already know the target ID or look it up with an additional Boundary CLI command.
The new alias feature abstracts the target ID with an alias name that is easier for people to read and remember. This helps users recognize the underlying resource they are trying to access. When users establish new connections to a target using the Boundary CLI, they can type the alias rather than a target ID.
The Boundary 0.16 release provides support for MinIO as a backend storage option for session recordings. This new integration gives customers an alternative storage option that may be a better fit for their infrastructure requirements.
MinIO is a popular, high-performance, Amazon S3-compatible object store. It‘s software-defined, so customers can deploy and run it on any type of infrastructure. The addition of MinIO as a storage backend for Boundary gives organizations in highly regulated industries the flexibility to store recordings in any cloud or on-premises infrastructure.
Since the initial release of session recordings, S3 has been the only storage option for recordings. This meets the needs of many organizations that already use AWS. However, a significant number of organizations cannot store data on AWS for a variety of reasons, including regulations that prohibit them from using the public cloud, and are therefore limited to storing data in their own on-premises datacenters.
Session recording helps organizations improve security and meet compliance requirements. Organizations can record end-user SSH sessions and play back recordings in the event of a breach where deeper analysis is required. Knowing that sessions are being recorded can also help deter users from questionable behavior.
Session recording is a feature available with HCP Boundary, our cloud-managed Boundary offering. It is also available in HashiCorp Boundary Enterprise, our self-managed enterprise offering. Both offerings include Amazon S3 and MinIO storage options.
To learn more about this feature, visit the Boundary documentation on session recording
New search capabilities in the admin UI enable Boundary administrators to easily locate Boundary resources, such as targets, host catalogs, and IAM objects, when making configuration changes to support infrastructure access needs. We’ve also added support for pagination, which improves performance when loading multiple resources.
The new admin UI search functionality supports scopes, targets, sessions, users, groups, roles, auth methods, host catalogs, and credential stores.
We’ve also addressed customer feedback with a number of additional Boundary 0.16 features:
session_recording_id
is now included in authorize-session responses from the controller, reflecting session recording metadata within the audit logs for better compliance.x-correlation-id
header to all Vault API requests, letting customers correlate Boundary and HashiCorp Vault audit events when Boundary injects credentials into a session from a Vault credential store. Users must enable custom audit headers to use this header.For a full list of changes, please visit the Boundary changelog.
You can now take the new Boundary 0.16 features for a spin and learn more about how Boundary continues to evolve its functionality and use cases to address modern PAM requirements.
Administrators can deploy a HashiCorp-managed Boundary cluster using the HashiCorp Cloud Platform (HCP). They can also choose to deploy a self-managed Boundary cluster using Boundary’s Community or Enterprise editions. Check out these resources to get started
For existing Boundary users
For new Boundary users
Golden patterns for infrastructure and security automation workflows lie at the core of The Infrastructure Cloud. Here’s how to implement them using HashiCorp Cloud Platform services.
Do cloud right with The Infrastructure Cloud from HashiCorp. Unlock developer potential while controlling cloud costs and risk.
Discover how HashiCorp Developer Advocate Rosemary Wang uses HashiCorp Boundary on live streams to automate access to servers and record commands to build into future automation.