Vault 1.4 focuses on reliability, ease of use, and broader ecosystem integration. It includes new features like OpenLDAP secrets engine automation, Kerberos authentication, and integrated storage. The release also enhances disaster recovery workflows and adds support for NetApp key management. Additionally, Vault Enterprise's new Transform secrets engine allows secure data transformation and masking for untrusted systems.
3. About HashiCorp
Leading Cloud Infrastructure Automation
Our software stack enables the provisioning, securing, connecting,
and running of apps and the infrastructure to support them.
We unlock the cloud operating model for every business and
enable their digital transformation strategies to succeed.
2012
Founded
900+
Employees
$349M
Funding
5. Secrets management to centrally store
and protect secrets across clouds and
applications
Data encryption to keep application
data secure across environments and
workloads
Advanced Data Protection to secure
workloads and data across traditional
systems, clouds, and infrastructure
7. What is a “secret”?
Defining the language of Secrets Management
Anything used for authentication (AuthN) or
authorization (AuthZ)
Username/Password, API key, TLS certificate, etc.
Secret
Anything that is confidential
SSN, Credit Card, PII, etc.
Sensitive
8. Questions in Secrets Management
▪ How do applications get secrets?
▪ How do humans acquire secrets?
▪ How are secrets updated?
▪ How is a secret revoked?
▪ When were secrets used?
▪ What do we do in the event of compromise?
9. Questions in Data Protection
▪ Is data encrypted in transit?
▪ Is data encrypted at rest?
▪ Will data be transparently decrypted on access?
▪ Who is allowed to access data? Who is allowed to access storage?
▪ Does access to storage imply access to data?
10. Guiding Principle: Identity Brokering
▪ Authenticate and access different clouds,
systems, and endpoints using identity-based
policies
▪ Leverage multiple identities across different
platforms with common policy enforcement
▪ Integrate trusted identities in the same
application workflow to reduce operational
overhead
▪ Support people, machines, and applications
11. Single Control Plane for cloud security
▪ Automate, control, and secure
infrastructure and applications through
one API
▪ Unified support across diverse
environments
▪ Integrate with providers and technologies
you’re already using
14. Vault 1.4 Focus
Reliability and ease
of use
Focus on improving time to
happiness and expanding the
capabilities and reliability of
Vault.
Ecosystem and
broader integrations
Integrate Vault with existing
workflows, applications, and
technology seamlessly.
Advanced data
protection
Organizations need a secure
way to protect against data
breaches or leaks.
15. Vault 1.4 Ecosystem
OpenLDAP Secrets
Engine
Automate the management of
static users and service
accounts within OpenLDAP.
Integrated Storage
Promoted out of beta and into
general availability for both
open-source and enterprise
workloads.
Kubernetes Service
Registration
Automate tagging pods with
metadata to simplify service
discovery.
MongoDB Atlas
integration
Generate dynamic credentials
for both MongoDB Atlas
databases and API.
Kerberos Auth Method
Authenticate users and
applications via Kerberos.
Redshift Database
Secrets Engine
Secrets engine now supports
static and dynamic secrets for
the Amazon Web Services
(AWS) Redshift service.
16. Vault 1.4 OpenLDAP Automation
Update stored credentials
Open LDAP
Configure initial credentials
Create or update static credentials
Open LDAP
Automate credential rotation
17. Vault 1.4 Kerberos / AD
Kerberos / Active
Directory
User authenticates1
Kerberos session ticket granted2
Kerberos SPNEGO ticket
used to authenticate to Vault
3
Vault verifies ticket
with Kerberos
4
20. Vault 1.4 Enterprise
Transform Secrets
Engine
Performs secure data
transformation for protecting
secrets that reside in untrusted
or semi-trusted systems outside
of Vault.
Vault Helm Chart
Added support for Vault
Enterprise in the Helm Chart for
hosting Vault on Kubernetes.
Improved Disaster
Recovery Workflow
Support improved workflow for
promoting a DR Secondary
should the DR Primary be lost.
NetApp Enterprise Key
Management Support
Automate enterprise key
management of NetApp Full
Disk Encryption (FDE) and
Volume Level Encryption via the
KMIP Secrets Engine.