Navigating the New HashiCorp Enterprise License Deployment Process
Get helpful resources on a recent change to product license deployments and learn how to navigate this change.
We recently introduced a new licensing deployment process to the enterprise offerings of Consul, Nomad, and Vault. The changes will affect product upgrades and the server instances’ boot-up order of operations. This is a minor but important change that brings our product licensing in line with industry best practices. Further, many customers have asked for enhanced automation for license loading. We're using this change as an opportunity to simplify the license loading operation.
A learning guide is available to help you install an enterprise license. Check out the Install a HashiCorp Enterprise License tutorial for detailed guidance.
» The New Enterprise License Process
The new license enablement process ships with Consul Enterprise 1.10, Nomad Enterprise 1.1, and Vault Enterprise 1.8. In these product versions, HashiCorp Enterprise servers will no longer start without a license.
Instead, the server boot-up process introduces a license check. When the server instance initializes the license watcher, it will read from an environment variable or file. If the license is missing, invalid, or expired, the server will immediately exit. Read on for more details on how this process functions.
Vault Enterprise will retain the capability of looking up a license from storage. However, this capability will be deprecated in a future release, and customers must provide an enterprise license through the process mentioned above.
In previous versions of HashiCorp enterprise products, one server could distribute a license to other servers via the Raft protocol. This method will no longer work since each server must find a valid license during the startup process.
» License Frequently Asked Questions (FAQ)
You can find a product-specific FAQ on each of the products' documentation pages.
» Boot-Up Process Flow
Here is a closer look at the boot-up process, and the available options for providing a license to the server instances.
As mentioned previously, the server instances expect a valid license to be available during the boot-up process. The license order of precedence for the boot-up process is the following:
-
file_path
specified in the configuration file. -
CONSUL_LICENSE
,NOMAD_LICENSE
,VAULT_LICENSE
environment variable. -
CONSUL_LICENSE_PATH
,NOMAD_LICENSE_PATH
,VAULT_LICENSE_PATH
environment variable
The license watcher process verifies that a valid license is available during the boot-up process by following the license order of precedence. The diagram below shows how the process works and the license search order.
» Request a Trial License
You can download a 30-day free trial license for any HashiCorp enterprise product. Follow the links below and agree to the terms of service. Upon completing the form, you will observe a license key on the screen and receive an email containing the license.
Don’t have your enterprise license handy? Got other questions? HashiCorp Enterprise customers may contact their organization's customer success manager (CSM) or email support-softwaredelivery@hashicorp.com.
» Next Steps
The license enablement process is different starting with Consul Enterprise 1.10, Nomad Enterprise 1.10, and Vault Enterprise 1.8. Read the Install a HashiCorp Enterprise License tutorial for detailed guidance on how to configure a server instance with an enterprise license.
We don’t foresee an impact on other aspects of your incumbent automation tooling. If you have any specific questions, please reach out to your account team or email us on support-softwaredelivery@hashicorp.com. We are standing by to help.
Sign up for the latest HashiCorp news
More blog posts like this one
Vault integrations with MongoDB, Private Machines, and walt.id strengthen customer security
Three new HashiCorp Vault ecosystem integrations extend security use cases for customers.
HashiCorp at re:Invent 2024: Security Lifecycle Management with AWS
A recap of HashiCorp security news and developments on AWS from the past year, for your security management playbook.
HCP Vault Dedicated adds secrets sync, cross-region DR, EST PKI, and more
The newest HCP Vault Dedicated 1.18 upgrade includes a range of new features that include expanding DR region coverage, syncing secrets across providers, and adding PKI EST among other key features.