When the Levee Breaks: Protecting Vault Against Advanced Adversaries and Internal Threats
The cryptography and key management protecting HashiCorp Vault secrets is designed to stand up to concerted attacks from well-resourced, skilled adversaries. Here's how it works.
Shadow and Dust: Better Security Through HashiCorp Boundary and Ephemeral Infrastructure
Using Boundary's credential abstraction along with ephemeral targets makes it very hard for adversaries to gain anything.
Using HashiCorp Vault with Google Confidential Computing
We are excited to announce that HashiCorp Vault is now validated on Google Cloud Platform’s Confidential Computing service. Confidential Computing allows HashiCorp Vault to operate in environments with resilient host based security that adds additional protection through the use of memory encryption.
Vault Transform: Protecting Secrets in External Systems
Transform is a Secrets Engine that allows Vault to encode and decode sensitive values residing in external systems such as databases or file systems. This capability allows Vault to ensure that when an encoded secret’s residence system is compromised, such as when a database is breached and its data is exfiltrated, that those encoded secrets remain uncompromised even when held by an adversary.
Announcing HashiCorp Vault 1.3
We are excited to announce the public availability of HashiCorp Vault 1.3. Vault is a tool to provide secrets management, data encryption, and identity management for any infrastructure and application.
Quantum Security and Cryptography in HashiCorp Vault
As quantum computers grow in power and reliability, we at HashiCorp have been asked a number of questions about how we plan on protecting Vault against quantum threats.
Announcing HashiCorp Vault 1.2
We are excited to announce the public availability of HashiCorp Vault 1.2. Vault is a tool to provide secrets management, data encryption, and identity management for any infrastructure and application.
Vault 1.1
We are excited to announce the public availability of HashiCorp Vault 1.1. Vault is a tool to provide secrets management, data encryption, and identity management for any infrastructure and application. Vault 1.1 is focused on building a foundation of new infrastructure for delivering a host of advanced platform features for upcoming releases of Vault and Vault Enterprise.
HashiCorp Vault 1.0
Vault 1.0 is focused on renovating Vault's infrastructure to support high performance, scalable workloads.
HashiCorp Vault 0.11
We are excited to announce the release of HashiCorp Vault 0.11! Vault is a security tool for secrets management, data encryption, and identity-based access among other features. The 0.11 release of Vault delivers new features to streamline the management of tokens for applications and users attempting to access Vault, provide secure multi tenancy for multiple teams and organizations using a single Vault installation, and other features focused on enhancing system performance and automation.
Vault 0.11 Feature Preview: Vault Agent
The Vault team is quickly closing on the next major release of Vault: Vault 0.11. As we approach the release we will preview some of the new functionality coming soon to Vault Open Source and Vault Enterprise. This post will focus on Vault Agent: a new feature in all versions of Vault that manages the process of secure introduction and the management of tokens for accessing dynamic secrets.
Vault 0.11 Feature Preview: Namespaces
The Vault team is quickly closing on the next major release of Vault: Vault 0.11. As we approach the release we will preview some of the new functionality coming soon to Vault Open Source and Vault Enterprise. This post will focus on namespaces: a new feature in Vault Enterprise that enables the creation and delegated management of secure multi-tenant environments within a single Vault Enterprise infrastructure.
HashiCorp Vault 0.10
The 0.10 release of Vault delivers new features to help with automating secrets management and enhancing Vault's ability to operate natively in multi-cloud.
Preparing for GDPR Compliance with HashiCorp Vault
Here at HashiCorp, we've been releasing features and constructing a roadmap for Vault that specifically assists in helping your organization comply with GDPR, or the General Data Protection Regulation standard that is set to go live in May 25, 2018. We're excited to share and explain how some of these Vault features can be used to comply with specific GDPR articles. We specifically developed Vault to manage, store, and protect sensitive information in a way that reduces secret sprawl but also enables global organizations to operate at a very large scale. In a world where secrets are spread in a global manner, this use case is critical especially if you are spanning your infrastructure across multiple public and private clouds. In the context of GDPR, this use case becomes extremely critical, as it requires us to be more sensitive to where our data is moving or sitting at any given time physically and forces us to put our best effort to protect the data sovereignty of our sensitive information.
HashiCorp Vault 0.9
We are excited to announce the release of HashiCorp Vault 0.9. Vault is an infrastructure automation security product that provides secrets management, encryption as a service, and privileged access management. The 0.9 release of Vault is focused on new functionality that improves Vault’s governance and data security capabilities across globally-distributed, multi-cloud environments.
HashiCorp Vault 0.8.3
We are pleased to announce the release of HashiCorp Vault 0.8.3. The highlight of the latest release is a Kubernetes authentication backend. For Vault Enterprise, we are also releasing an integration with Sentinel, HashiCorp's policy as code framework announced at HashiConf.
HashiCorp Vault 0.8.2
We are proud to announce the release of HashiCorp Vault 0.8.2, which includes a number of new features, improvements, bug fixes, and a security notice.
HashiCorp Vault 0.8.1
We are proud to announce the release of HashiCorp Vault 0.8.1, which includes a number of exciting new features, improvements, and bug fixes. In addition to a number of bug fixes and minor enhancements, Vault 0.8.1 contains new functionality including Google Cloud Platform IAM Authentication Backend support, Oracle Database Secret Backend support, and much more.
HashiCorp Vault 0.8
We are proud to announce the release of HashiCorp Vault 0.8. Vault is an infrastructure automation security product that provides secrets management, encryption as a service, and privileged access management. The 0.8 release of Vault is focused on bringing major, new functionality to Vault and includes additional new features, secure workflow enhancements, general improvements, and bug fixes.
HashiCorp Vault 0.7
We are proud to announce the release of HashiCorp Vault 0.7. Vault provides secrets management, encryption as a service, and privileged access management. There is a necessary shift as traditional network-based approaches to security are being challenged by the increasing adoption of cloud and an architectural shift to highly elastic and microservice-oriented architectures. Organizations now must thread security within the application in addition to relying on perimeter-based security and traditional firewalls. Vault provides a necessary last line of defense to secure any application infrastructure. Vault 0.7 adds major new functionality to both open source and enterprise versions. Highlights include: Multi-datacenter replication (Enterprise) Parameter-scoped ACLs SSH backend as a Certificate Authority The release includes additional new features, secure workflow enhancements, general improvements, and bug fixes. The Vault 0.7 Changelog provides a full list of features, enhancements, and bug fixes. Also, note that some of these changes occurred in Vault 0.6.5, but were not covered in previous blog posts. As always, a big thanks to our community for their ideas, bug reports, and pull requests.
Addressing Top Security Threats with Vault
Cybersecurity remains a critical area of concern for the public and private sector. According to IBM and the Ponemon Institute, last year saw 383 publicized malicious data breaches targeting the public and private sector globally, dealing north of $1.5B in direct damage and potentially trillions of dollars in lost intellectual property. HashiCorp Vault has a unique role in responding to these security trends. Vault secures, stores, and tightly controls access to secrets across distributed application infrastructure. The unique portfolio of features allows users of various security expertise to craft strong defenses against real-world cybercriminal adversaries. In this post we'll talk through real-world attack vectors and how Vault can be used to protect against them: Preventing large scale data breaches with secrets management Limiting privilege escalation with privileged access management Protecting customer data with encryption as a service