HashiCorp Vault 1.3 facilitates credential management

HashiCorp has released version 1.3 of its open source Vault tool, which is designed to manage sensitive information. The new release incorporates a number of enhancements and new features, some of which are reserved, as in the case of entropy augmentation and path filters, but the paid Enterprise edition. For credential management in compliance-regulated multi-cloud environments, Vault users have advanced options for services such as Active Directory and Kubernetes.

Vault has been working with static credentials since version 1.1. The new Check In / Check Out feature allows users to manage entire sets of Active Directory credentials in a system so that they can be shared and used in teams, using rotating passwords.

Introduced for Enterprise customers in the previous release, the Secret Engine that uses Vault as a KMIP server (Key Management Interoperability Protocol), was further expanded. In order to be able to use Vault as a full-fledged external key management tool, the tool now supports advanced KMIP features that include processes for registering externally derived keys. In addition to the proven mount filters, Vault Enterprise now also provides path filters that allow you to mount secret information in namespaces while preventing replication that would violate compliance requirements.

Entropy augmentation also allows Vault users to comply with stricter cryptographic regulations such as NIST SP800-90B. About the sealInterface, Vault can now check the entropy, which serves as a measure of the randomness of cryptographic operations, also from an external source. As a result, for example, hardware-based random number generators can also be integrated.

Other recent enhancements to Vault 1.3 include a debug command that helps collect metrics about the health status of nodes, as well as improving internal storage (Raft Storage Backend), which still has beta status. A detailed overview offers the blog post to the release, the full list of changes can be found in the changelog on GitHub.


. (TagsToTranslate) HashiCorp (t) Vault