HashiCorp’s unified product suite HashiCorp Cloud Platform (HCP) is now generally available in Europe. Its separate products have also received new functionalities and enhancements, which the company collectively calls ‘The Infrastructure Cloud’. In doing so, HashiCorp also aims to set a new industry standard.
The most prominent redesigned product is Terraform Cloud. It now goes by the name HCP Terraform and integrates with the AWS API, among other improvements.
In the near future, more products will receive HashiCorp’s ‘Cloud Platform’ treatment. Not all at once or with all functionalities immediately available; their rollout will be gradual. The goal is to expand product integration—and thus ensure better collaboration—of all products in HashiCorp’s range.
HashiCorp calls these integrations and adjustments of their individual products ‘The Infrastructure Cloud’. The goal is to provide developers with more opportunities to move their businesses to the cloud while managing the costs and risks involved in such a move.
All products get a makeover
In addition to Terraform for provisioning cloud environments, the products involved include Packer (images-as-code) Waypoint (a CI/CD tool redesigned for automated developer services, basically a graphical UI around Terraform) Nomad, (orchestration and scheduling), Vault (secrets manager), Boundary (manage remote access) and Consul (service-based networking).
Vagrant, a platform for development environments that, like Terraform, had a very ‘standalone’ existence, is also transforming. Its latest iteration is currently in public beta. Predecessor Vagrant Cloud will eventually disappear. All user data will be migrated to the new platform, which has received a UI makeover and improved search functionality.
HashiCorp uses the self-styled term The Infrastructure Cloud as a proposed new industry standard for setting up and managing cloud infrastructure. According to CTO and co-founder Armon Dadgar, many customers felt they had to think too much about how HashiCorp’s various products work together.
‘We wanted to make that our problem, no longer the customers’ problem,’ he said during his keynote at the HashiDays Conference, held June 4 at a historic brewery in London. Similar events will take place in Munich on June 6 and Sydney on June 12.
Local Region in Europe
For Europe, HashiCorp has set up a local region for the purpose of data residency and reducing latency. Its data centers are in Dublin and Frankfurt. However, there is limited availability at the moment because the locations can only handle a certain maximum capacity.
In any case, new customers will first move to HashiCorp’s new Infrastructure Cloud, existing customers after that. This way, the existing user base can get accustomed to these new developments.
AWS Cloud Control integration for Terraform
An important new feature is that Terraform now integrates with the API of AWS Cloud Control. The awscc provider ensures that developers can immediately deploy new services and features from AWS as soon as they become available when provisioning clouds through Terraform. It has been downloaded just over 7 million times in beta and is now generally available. This integration results from a newly announced strategic partnership with Amazon, which Hashicorp hasn’t elaborated on yet.
Hashicorp has added private version control to Terraform, so developers no longer need to expose builds to the Internet unnecessarily. Policy enforcement is also possible locally. Terraform Explorer allows users to use refined search filters for more precise reporting and a fully documented API to support custom workflows.
Provider-defined functions will be available in addition to native functions. The ambition is to simplify workflows, which is actually the goal across the board for all products. For example, it has become easier to parse data sources, thus generating more useful context for specific use cases, such as defining a region.
Future of Terraform
The newly added features make clear what HashiCorp believes to be the future of the widely used Terraform tool. It will be much more integrated into Hashicorp’s overall product range and thus move away from—and offer something substantially different from—the open source variant OpenTF that was forked from Terraform not too long ago.
As for the business license that HashiCorp currently uses for Terraform (as opposed to its erstwhile open source license): that won’t change for the foreseeable future. The same goes for the current Resources Under Management (RUM) payment model in which customers pay for the number of resources used rather than the number of users. Although Field CTO Sarah Polan states that HashiCorp will always ‘continue to evaluate that the company’s decisions are based on industry best practices’.
Metamorphosis for Waypoint
Waypoint has also undergone a metamorphosis. No longer a CI/CD tool, it serves as an abstraction of the infrastructure-as-code (IaC) used. In his keynote, Dadgar presented Waypoint as a tool for app developers who don’t actually want to learn Terraform, but still have to work with it within the cloud environments provisioned by the administrators responsible for the overall package.
Waypoint allows users to perform certain actions and workflows through a UI, such as version rollback, without having to work with Terraform. The actions still happen through Terraform under the hood. ‘We hide the details that app developers don’t care about,’ as Dadgar put it.
Packer and Vault
Packer was already a product for easily creating virtual machine images. Now, it includes so-called webhooks, which automatically trigger actions in response to specified events. For example, when a new version of an image becomes available, older versions are immediately revoked.
The new version is then deployed via Terraform and users are notified, for example via Slack, so the entire team is informed. Packer now also provides metadata, such as version management and dependencies.
In line with the idea behind The Infrastructure Cloud, it is possible to easily create VM images and standardize them for use between teams. The next phase—scaling up —might involve one-click patching of new images for the entire company.
Vault makes it possible to keep sensitive data secure, now also when using public cloud providers such as AWS, Azure, and the Google Cloud Platform. This CPS integration comes in addition to those with Github and Vercel, where this was already possible. Other new features include an updated interface to centralise management and automatic updates pushed to all environments.
Secrets Rotation is now available in Vault’s public beta. It should save administrators a lot of work by greatly automating things like password changes, new API code generation, and other sensitive information management. Autorotation can be set up based on 30-, 60-, or 90-day schedules. Of course, it is also possible to rotate on-demand in emergencies.
Vault Radar
Current support for version 2 of the KV Secrets Engine will soon be expanded to include more types. Support for Red Hat’s OpenShift container platform is also coming. There will also be an LTS version of Vault with two years of support. Users can update from one LTS to another and skip the smaller releases in between.
Furthermore, HCP Vault Radar now offers the ability to scan Confluence and Jira for unmanaged or plaintext secrets. Vault Radar is the continuation of BluBracket, which Hashicorp acquired last year and now integrated into HCP Vault. This functionality must ensure these loose credentials get ‘into the vault’. Once that is done, the tracked credentials can join the rotation system.
Remote Access Control with Boundary
For remote access management there is Boundary, which checks the permissions of each user and device before allowing them access to a given environment, and provides for privilege setting. Lifecycle management, such as retention and automatic deletion, are among its features. HashiCorp now allows setting up aliases to simply establish temporary, secure connections.
The service has been further enhanced with updates for session recording to meet customers’ desire to store such recordings securely and compliantly. This is now possible through support for the object storage system MinIO, which can run in public clouds as well as on-prem. MinIO offers API Compatibility with the Amazon S3 cloud storage service.
Finally, Nomad offers time-based task execution, making executing certain tasks impossible outside a certain time window. Because it was difficult to get Nomad to work with the latest versions of the network platform Consul, HashiCorp has added transparent proxy and gateway support for the Consul API. There is also now support for partitions.
Building cloud environments in steps
According to the company, this integration of all products should optimize services for building, deploying, and managing cloud infrastructures on the one hand and their security lifecycle management on the other.
The company believes this must be done in steps, by slowly maturing a company’s cloud strategy while providing proper infrastructure management and security every step of the way. At this week’s HashiDays conference in London, the company explained this maturity model as a way to ‘do cloud right’. Not coincidentally, this slogan was also branded during the event.
To reach the desired cloud maturity, Hashicorps defines three steps: adoption (the initial move to the cloud), standardization, and scaling. During each of those steps, the company provides a series of new or enhanced applications for each of its products to automate workflows, creating and managing a single unified system of record and lifecycle management.
Also read: IBM confirms billion-dollar acquisition of HashiCorp