HashiCorp Vault Expands Security Governance Capabilities and Multi-Cloud Integration in Latest Release

SAN FRANCISCO, CA--(Marketwired - Nov 14, 2017) - HashiCorp, a leader in cloud infrastructure automation, today released HashiCorp Vault 0.9 with significant updates to both the open source and enterprise versions centered around identity and governance. Updates include an identity store to enable privileged access management across multiple identity providers, auto-unseal for AWS Key Management Service (KMS) and Google Cloud Platform (GCP) KMS, FIPS 140-2 compliance, and deeper integration with Sentinel, HashiCorp's new policy as code framework.

"HashiCorp Vault is critical in protecting and managing secrets in our highly distributed environment -- for authorization and other sensitive data," said Jay Christopherson, principal engineer, DevOps, Spaceflight. "With the addition of Vault being FIPS 140-2 compliant, it not only changes how we manage policies and access in secure environments, it adds compliance that allows us to operate securely in the federal space." 

Vault is broadly used among the Global 2000 to address the challenge of infrastructure and application security in distributed environments. The Vault open source product addresses core security use cases for secrets management, encryption as a service, and privileged access management. Vault Enterprise enables teams and organizations to extend Vault with collaboration and operations features, provide governance capabilities, and scale Vault across multiple data centers.

Vault 0.9 introduces several new features and functionality to improve operations around identity and policy management:

• Entities: Entities tie clients into a long-lived logical identity that can be more easily managed. Clients can associate their logical identity with multiple identity services, making access control and auditing much simpler.
• Identity Groups: Group support allows multiple entities to be managed as a group, simplifying role-based access control. Groups can be members of other groups, allowing for better organizational modeling and management.
• Control Groups (Vault Enterprise Premium Only): Control groups are used to enable "dual approver" workflows. For highly sensitive operations or secrets, Control Groups ensure multiple different individuals approve an operation for better separation of privilege and compliance with regulatory regimes.

In addition to features and improvements around identity and policy management, Vault 0.9 expands governance capabilities with Sentinel integration, HashiCorp's new policy as code framework, along with new FIPS 140-2 compliance and Seal Wrapping functionality. Sentinel integration and Seal Wrap/FIPS 140-2 compliance are both available in Vault Enterprise Premium only. Vault can now operate in environments where FIPS 140-2 encryption is required for secrets management and encryption as a service.

• Sentinel Integration: Enforces fine-grained policy controls around access and other dynamic security concerns. Vault exposes Sentinel in two different contexts: Role Governing Policies (RGP) and Endpoint Governing Policies (EGP). RGPs add an additional layer of fine-grained logic to the existing role-based access controls within Vault. EGPs are enforced in front of specified Vault APIs across all roles and add an additional layer of global policy to Vault. The global enforcement of EGPs simplifies regulatory compliance by providing mandatory, auditable policy enforcement. Both provide more control and depth to Vault's security model and policy system.
• Seal Wrap: Allows for double wrapping the cryptography within Vault using a Hardware Security Module's (HSM's) cryptographic modules and random number generator. Seal Wrapping also provides in-flight and at-rest sealing encryption, as well as the ability for Vault to work as a Certificate Authority for key validation and generation. Seal Wrapping has been audited and certified compliant by Leidos, a major security audit and innovation lab. For more details on Vault's Seal Wrapping compliance, see: http://www.marketwire.com/mw/redirect.jsp?id=1324993&sourceType=1

"With the acceleration of cloud adoption, the traditional security perimeter around infrastructure and applications is disappearing," said Armon Dadgar, founder and co-CTO of HashiCorp. "Large organizations are rethinking their approach to security and adopting Vault to provide a solution for secret management, privileged access management, and encryption as a service suited to this new world. The new capabilities in Vault 0.9 give our customers broader support across their range of technologies and clouds, deeper platform integrations, plus validation from our new FIPS 140-2 compliance."

Additionally, Vault 0.9 introduces several updates aimed at collaboration and operations in Vault Enterprise Pro:

• New UI Re-design and Enhancements: This release overhauls the Vault Enterprise UI to bring its design language in line with other HashiCorp Enterprise products as well as to streamline common workflows.
• Vault Auto-unseal on AWS: Automate and manage auto-unseal of Vault Enterprise Pro and Premium systems using unseal keys stored in AWS KMS.
• Vault Auto-unseal on GCP: Automate and manage auto-unseal of Vault Enterprise Pro and Premium systems using unseal keys stored in GCP Cloud KMS.

Additional Resources

• HashiCorp Vault 0.9 blog
• HashiCorp and Google webinar
• HashiCorp Vault webpage
• Manage Security in a Multi-Cloud World
• Sentinel, HashiCorp's policy as code framework webpage

Availability

HashiCorp Vault 0.9 is generally available today. The new capabilities in Vault Enterprise 0.9 enhance the already rich set of enterprise features. Users can download the open source version of Vault at https://www.vaultproject.io. Vault Enterprise is available in two versions: Vault Enterprise Pro focuses on collaboration and operational features, like a UI for managing secrets, health monitoring, and initialization and secure bootstrapping workflows, while Vault Enterprise Premium focuses on multi-datacenter functionality and governance, with features such as HSM integration, replication, and support for Sentinel policy framework integration. For more information about HashiCorp Vault Enterprise, visit https://www.hashicorp.com/products/vault/.

About HashiCorp

HashiCorp is a cloud infrastructure automation company that enables organizations to adopt consistent workflows to provision, secure, connect, and run any infrastructure for any application. HashiCorp open source tools Vagrant, Packer, Terraform, Vault, Consul, and Nomad are downloaded thousands of times per day and are broadly adopted by the Global 2000. Enterprise versions of these products enhance the open source tools with features that promote collaboration, operations, governance, and multi-data center functionality. The company is headquartered in San Francisco and backed by Mayfield, GGV Capital, Redpoint, and True Ventures. For more information, visit https://www.hashicorp.com or follow HashiCorp on Twitter @HashiCorp.