As IT organizations have strived to enhance their overall application security, there’s been a lot more focus on secrets management to protect, for example, credentials such as passwords from being hacked. The goal is to create a separate space of managing those credentials that resides outside of the application to make the environment more secure.
HashiCorp this week extended the HashiCorp Vault platform for managing secrets by adding support for secure plugins, disaster recovery, mount filtered replication capabilities, and multi-factor authentication to both the open source and enterprise editions. HashiCorp CTO Armon Dadgar says these capabilities build on the multi data center capabilities that HashiCorp built into the previous versions of HashiCorp Vault.
“We’re focusing more on things such as data governance,” says Dadgar.
For example, the new release allows for the replication of tokens and leased credentials as well as secrets and policies, which makes it faster to return from a down state without having to re-generate tokens for applications/users accessing secrets. Support for secure plugins makes it possible to integrate custom authentication backends and workflows.
Dadgar says HashiCorp Vault is gaining traction because it provides a mechanism that enables IT organizations to manage credentials across a range of applications versus having to replicate the same functionality inside every custom application.
A more structured approach to how secrets are managed with an IT environment can only help. The good news is the developers creating custom applications that employ those secrets finally seem to be taking that requirement to heart.