As organizations face growing complexity across their development and security workflows, HCP Vault Radar helps simplify one of the hardest challenges in modern DevSecOps: finding, fixing, and preventing secret sprawl.
»Launching Vault Radar
Our mission from day one was clear: make secrets discovery and remediation simple, accurate, and deeply integrated into the workflows teams already use.
Vault Radar introduces a modern approach to secrets discovery and remediation by empowering security and platform teams to continuously detect unmanaged secrets across their ecosystem and bring them under centralized management with HashiCorp Vault.
Together, Vault and Vault Radar help teams close the loop between visibility and control, uncovering where secrets exist, preventing new exposures from entering developer tools, and enforcing secure management practices without slowing down development.
Since launching Vault Radar, we’ve integrated capabilities across all core components — detection, remediation, and governance — helping organizations strengthen their security posture without sacrificing developer speed.
Below are the key milestones that showcase Vault Radar’s evolution since launch:
»Expanding visibility across the ecosystem
Throughout 2025, we expanded Radar’s visibility to follow where secrets actually are. Development environments are complex. Secrets no longer just live in one place. They surface in code repositories, collaboration tools, across production infrastructure.
Since the GA of Vault Radar, we’ve introduced key integrations that extend coverage, including:
- Jira scanning to detect credentials shared in collaboration spaces
- VS Code integration to surface risks and guide remediation directly within the developer workflow
- Amazon S3 scanning to detect exposed secrets within S3 buckets, logs, and configuration archives to close critical cloud visibility gaps.
- Slack scanning to identify credentials shared across channels, messages, or attachments.
- AWS Secrets Manager correlation to automatically detect when secrets stored in AWS Secrets Manager are duplicated or exposed inside or outside AWS-native services.
These capabilities make it easier for teams to detect exposures in real time, streamline remediation, and prevent leaks before they reach production.
The result: Unified coverage across the tools developers use every day, faster detection at the source, and stronger alignment between security and engineering workflows.
»Shifting security left: Empowering developers in VS Code
Vault Radar’s VS Code extension extends the detect-and-remediate-early philosophy by directly identifying risks where they originate - the developer’s workspace. Instead of waiting for a post-commit scan, engineers now see secret exposure in real time as they write code.
This change embodies a simple but powerful principle: the fastest fix is the one made before a vulnerability ever leaves the editor. By embedding secret detection into daily development, Vault Radar helps teams eliminate leaks at the source, reduce downstream incidents, and build a stronger security culture without disrupting delivery speed.
You can install the HCP Vault Radar extension for Visual Studio Code from the Visual Studio Code Marketplace.
The result: Holistic visibility across code, collaboration, and cloud platforms, reducing blind spots early on.
»Strengthening cloud control: Correlating secrets across AWS
Vault Radar’s AWS Secrets Manager correlation feature extends the principle of “detect early, remediate intelligently” into the cloud layer. As organizations scale their AWS footprint, secrets often move between applications, services, and automation pipelines.
With AWS Secret Manager correlation, Vault Radar automatically detects when secrets are securely stored in AWS Secrets Manager but have been mishandled. It gives security teams clear, actionable insight into where AWS-managed secrets appear across their environment, making it easier to verify proper usage and contain exposure quickly.
The result: Faster remediation, and complete visibility into how managed secrets move across distributed AWS environments, without adding operational complexity.
»From discovery to action: Closing the loop with Vault
The year’s biggest advancement came from deep integration with Vault, enabling direct remediation of detected secrets. Teams can correlate discovered secrets with managed secrets in Vault and automatically import them for rotation or revocation. This allows security teams to move directly from detection to secure management.
This turns Vault Radar into more than a scanning tool. It’s now a control point in the secret lifecycle, bridging the gap between finding exposed credentials and ensuring they are properly managed, revoked, and replaced.
The result: Fewer unmanaged secrets, shorter exposure windows, and a direct path from detection to remediation.
»Seamless orchestration: Responding faster with webhooks
Security works best when it fits the way teams operate. The introduction of webhooks allowed Vault Radar to stream real-time alerts into any external system, from incident-response/monitoring dashboards, messaging platforms, ticketing systems, and other custom integrations like Datadog or bespoke alerting tools.
This flexibility enables teams to automate workflows, synchronize responses, and align detection with their operational context. Instead of forcing teams to adapt to Vault Radar, Radar now adapts to them, embedding security directly into their existing processes.
The result: Faster incident response, fewer manual handoffs, and fully integrated security workflows.
»AI readiness: Enabling agentic workflows with the MCP Server
As AI becomes embedded in operations, visibility must evolve with it. Vault Radar’s new MCP Server opened Radar data to agentic AI workflows, allowing intelligent systems to query, reason, and act on live security context.
Through the MCP interface, AI agents can access structured data about detected risks, severity, and remediation, enabling use cases like automated triage, risk scoring, and prioritization.
The Vault Radar MCP server supports all MCP clients.
This shift marks Vault Radar’s first step into AI-augmented security, not just detecting risks but empowering intelligent systems to triage risks autonomously and at scale.
The result: smarter analysis, faster decision-making, and a foundation for AI-driven security operations.
»Built for scale: A platform ready for enterprise depth
Every feature in 2025 shared a single design principle: enterprise scalability without complexity. Vault Radar now supports hundreds of thousands of active repositories, stronger hybrid deployments, and more consistent performance across large data sets.
These improvements make Vault Radar ready for any environment: global, distributed, and fast-moving. With integrations that span the developer lifecycle and an architecture built for scale, Vault Radar delivers resilience that meets enterprise expectations.
»Looking ahead to 2026
Vault Radar’s first full year was shaped by collaboration and feedback from our customers. We focused on connection between systems, teams, and moments in the development lifecycle, and built Vault Radar to be an intelligent, integrated layer of the HashiCorp Security Lifecycle Management platform. By unifying remediation with Vault, embedding prevention in the IDE, expanding coverage to new data sources, and integrating with AI and automation frameworks, Vault Radar meets teams exactly where they work.
Looking ahead, our work continues around three core priorities that reflect where customers need us most:
- Automation and remediation: Seamless integration with Vault for end-to-end remediation, reporting, and continuous protection.
- Ecosystem expansion: Broader coverage across enterprise platforms and AI-driven detection to stay ahead of emerging risk areas like non-human identities.
- Enterprise readiness: Greater scalability, regional disaster recovery compliance, and a streamlined experience for distributed organizations.
Vault Radar detects. Vault governs. Together, they secure the lifecycle of every secret.
Start your free trial of Vault Radar to explore the latest capabilities.
You can also request a free Vault Radar discovery session to talk with one of our experts. Together, we'll evaluate your approach and discover how Vault Radar can help your teams.
