HashiCorp is a software company developing and providing open-source tools and proprietary commercial products for developers, operators, and network security professionals to supply, secure, run, and connect cloud-computing infrastructures. The San Francisco, California-based company was founded in November 2012 by Mitchell Hashimoto and Armon Dadgar, who serve as co-CTOs. HashiCorp operates on a freemium business model, allowing users to download and utilize products for free and pay for software upgrades as needed. Although the company is headquartered in San Francisco, HashiCorp has employees across the United States, Canada, Australia, and Europe.
Vault is a HashiCorp software product that allows users to secure and manage sensitive or "secret" information under layers of code. Vault secures API keys, passwords, tokens, databases, certificates, and more. The product provides a single interface for sensitive information that provides tight access control and a detailed audit log of all users who have accessed the information. Vault can be integrated with various existing security software and security measures. Vault handles numerous tasks for secrets management, including the following:
- Key revocation
- Key rolling
- Data encryption
- Provides an API for all operations
Vault's offerings are different than competitors such as LastPass and 1Password because it supports all the above operations, whereas its competitors only support the encryption of passwords. HashiCorp has developed security integration partnerships with several companies to make the Vault product accessible.
Secrets management refers to the tools and methods used to manage digital authentication credentials, including passwords, tokens for in-application use, APIs, services, privileged accounts, and other sensitive information. HashiCorp developed Vault to protect "secrets" from unauthorized or rogue users and to maintain active records, including time, date, and identity, of the individuals requesting authentication information from the interface. Vault is primarily put to use through integration in its authorization back end. The authorization back end then moves the information and converts it to the Vault secrets back end, where the information is stored for safekeeping until an authorized user makes the request for specific keys.
Vault allows users to store databases and offers numerous integrations with database providers to allow the storage of important and sensitive data information. The database integrations include the following:
InnoQ is a company that employs HashiCorp's Vault product for secrets management. In an InnoQ conference presentation, Daniel Bornkessel, Senior Consultant at InnoQ, states the vault product is used in the following process:
- Pass secrets in via env vars
- Read the values from Kubernetes secrets (Kubernetes is a Vault integration tool)
- Assign role-based access control
- Manually change and update passwords (InnoQ has plans to automate this process in the future)
At the time of the use case review, InnoQ was not implementing three of Vault's features: the audit log, which tracks the users, time, and date of accessed credentials; automated password changing and updating; and credential revoking. Despite not implementing these features, Daniel Bornkessel stated that InnoQ was considering implementing the features in the future for more maximized security practices.
HashiCorp has developed a network of over 500 partner companies that range from technology companies with integrations for its core products to system integrators and resellers worldwide.
HashiCorp Vault secures 100 trillion transactions/year at Adobe
HashiCorp's Vault use case study by InnoQ's Daniel Bornkessler
The Official SaaStr Podcast: SaaS | Founders | Investors: SaaStr 377: Hashicorp CEO Dave McJannet on Scaling Remote Teams; What Breaks and When, How To Successfully Execute Multi-Product Strategies and How Leadership Style Evolves with Company Stage on Apple Podcasts
September 23, 2020