Boundary 0.16 adds aliases, MinIO storage, and improved search

We’re excited to announce the release of HashiCorp Boundary 0.16, which introduces aliases (available across all editions), an additional session recording storage option with MinIO (available on HCP Plus and Enterprise editions), and improved search capabilities with the admin UI (available across all editions).

Since its inception, Boundary has provided a foundation for modern privileged access management (PAM) with highly automated workflows and identity-driven controls to secure access dynamically. Today, Boundary continues to drive a seamless end-user experience with capabilities that improve resource searchability and add more storage options for session recordings.

»Custom resource aliases

As part of an ongoing initiative to drive simplicity, aliases let you use a custom name for target resources. Prior to the availability of aliases, when using the Boundary CLI to establish a new connection, end users needed to include the target ID of the desired target resource. This required them to already know the target ID or look it up with an additional Boundary CLI command.

The new alias feature abstracts the target ID with an alias name that is easier for people to read and remember. This helps users recognize the underlying resource they are trying to access. When users establish new connections to a target using the Boundary CLI, they can type the alias rather than a target ID.

»On-premises storage for session recordings with MinIO storage buckets

The Boundary 0.16 release provides support for MinIO as a backend storage option for session recordings. This new integration gives customers an alternative storage option that may be a better fit for their infrastructure requirements.

MinIO is a popular, high-performance, Amazon S3-compatible object store. It‘s software-defined, so customers can deploy and run it on any type of infrastructure. The addition of MinIO as a storage backend for Boundary gives organizations in highly regulated industries the flexibility to store recordings in any cloud or on-premises infrastructure.

Since the initial release of session recordings, S3 has been the only storage option for recordings. This meets the needs of many organizations that already use AWS. However, a significant number of organizations cannot store data on AWS for a variety of reasons, including regulations that prohibit them from using the public cloud, and are therefore limited to storing data in their own on-premises datacenters.

Here's a demo of MinIO SSH session storage in action:

»What is session recording?

Session recording helps organizations improve security and meet compliance requirements. Organizations can record end-user SSH sessions and play back recordings in the event of a breach where deeper analysis is required. Knowing that sessions are being recorded can also help deter users from questionable behavior.

Session recording is a feature available with HCP Boundary, our cloud-managed Boundary offering. It is also available in HashiCorp Boundary Enterprise, our self-managed enterprise offering. Both offerings include Amazon S3 and MinIO storage options.

To learn more about this feature, visit the Boundary documentation on session recording

»Improved search and filtering with admin UI search

New search capabilities in the admin UI enable Boundary administrators to easily locate Boundary resources, such as targets, host catalogs, and IAM objects, when making configuration changes to support infrastructure access needs. We’ve also added support for pagination, which improves performance when loading multiple resources.

The new admin UI search functionality supports scopes, targets, sessions, users, groups, roles, auth methods, host catalogs, and credential stores.

»More new features Boundary 0.16

We’ve also addressed customer feedback with a number of additional Boundary 0.16 features:

• Manual updates to HCP Boundary: Administrators will now be notified when new versions of Boundary are available and can perform updates on-demand within the first 30 days of release, which provides more control over updates. Updates will be applied automatically after 30 days.
• Session recording ID in audit logs (available across HCP and Enterprise): session_recording_id is now included in authorize-session responses from the controller, reflecting session recording metadata within the audit logs for better compliance.
• Vault and Boundary audit log correlation: Boundary adds a plaintext x-correlation-id header to all Vault API requests, letting customers correlate Boundary and HashiCorp Vault audit events when Boundary injects credentials into a session from a Vault credential store. Users must enable custom audit headers to use this header.

For a full list of changes, please visit the Boundary changelog.

»Get started with Boundary 0.16

You can now take the new Boundary 0.16 features for a spin and learn more about how Boundary continues to evolve its functionality and use cases to address modern PAM requirements.

Administrators can deploy a HashiCorp-managed Boundary cluster using the HashiCorp Cloud Platform (HCP). They can also choose to deploy a self-managed Boundary cluster using Boundary’s Community or Enterprise editions. Check out these resources to get started

For existing Boundary users

• For self-managed versions, download Boundary 0.16
• Watch this tutorial to learn how to upgrade self-managed versions of Boundary
• HCP Boundary users will be notified and admins can start the update immediately. Updates are automatic after 30 days of release.

For new Boundary users

• Sign up for a free HCP Boundary account
• Download the free Boundary Desktop client
• Go through our tutorial on getting started with HCP Boundary
• To request a Boundary Enterprise trial, contact HashiCorp sales