After years of development, HashiCorp is finally ready to release HashiCorp Vault 1.0 to the public. According to the company, Vault was developed as a tool for managing secrets and protecting sensitive data within an application and/or infrastructure.
The 1.0 release includes batch tokens, open-source cloud auto unseal, OpenAPI support, and an updated UI.
“Vault 1.0 is a major milestone for the Vault team and HashiCorp as a whole. Vault is the fourth HashiCorp project to reach 1.0, and where we are today is the result of nearly four years of hard work between HashiCorp and the broader open source community,” the team wrote in a blog post.
Batch tokens are designed to support high-performance workloads, the team explained. Since these types of tokens don’t write to disk, the reduce the performance cost of operations within the tool. However, as a trade off, the tokens aren’t persistent and shouldn’t be used for a long-term or ongoing operation, the team explained.
As part of the 1.0 release, the team is open source its Cloud Auto Unseal so users can leverage services from AWS KMS, Azure Key Vault and GCP CKMAS. “We decided to open source Cloud Auto Unseal to simplify the process of storing and reassembling Shamir’s keys for all users. While we originally thought cloud auto-unseal was just an enterprise compliance need, we’ve realized in working with the community that auto-unseal is more for ease of use than compliance requirements,” the team wrote.
The release also provides support for the Open API Intiative’s OpenAPI standard, which provides a vendor-neutral description format for API calls, according to the team.
Updates in the Vault 1.0 UI include wizards for introducing new users to common Vault workflows, and a number of improvements for ensuring Value can be completely deployed, initialized and managed from the UI.
Other features include an expanded Alibaba cloud integration, a GCP CKMS secret engine, AWS secret engine root credential rotate, and transit key trimming.