We are pleased to announce the public beta for HashiCorp Vault running on the HashiCorp Cloud Platform (HCP). HCP Vault allows organizations to get up and running quickly, providing immediate access to Vault’s best-in-class secrets management and encryption capabilities, with the platform providing the resilience and operational excellence so you do not have to manage Vault yourself.
To sign up, please create an account on the HashiCorp Cloud Platform, then you can create a free of charge Vault cluster during the public beta. We have also published new hands-on learning guides for getting started with HCP Vault.
HCP Vault on AWS
HashiCorp products are used and operated by many community members and customers, however many customers also ask HashiCorp to apply best practices to the operation of Vault on your behalf, so you can focus on using it rather than running it. HCP Vault allows teams to manage secrets and protect sensitive data in the cloud faster with fewer resources via a push-button deployment of a fully managed Vault cluster.
HCP Vault enables a user to deploy a dedicated, highly available cluster running Vault Enterprise, making it far easier to get applications up and running in the cloud. HCP Vault clusters are created within a network and compute environment that is isolated on a per-customer basis. While only one cluster size is available during the public beta, additional configurations will be made available shortly, including those meant to handle scaled-out workloads, and smaller developer services.
Once the Vault cluster is deployed by HCP, customers can interact with it using a generated admin-level token. Once the token is generated, Vault will work similarly to a normal customer-managed version of Vault, since the same binaries are used in HCP as in the Enterprise version.
$ export VAULT_ADDR="https://[AWS_VAULT_CLUSTER_ADDRESS_HERE]:8200"; $ export VAULT_NAMESPACE="admin" $ export VAULT_TOKEN=[ENTER_TOKEN_HERE] $ vault secrets enable -path=kv kv Success! Enabled the kv secrets engine at: kv/ $ vault kv put kv/hello public=beta Success! Data written to: kv/hello $ vault kv get kv/hello ===== Data ===== Key Value --- ----- public beta
As of today, HCP Vault clusters are located on AWS running in us-west-2, and will support additional regions throughout the beta, as well as additional cloud providers in the future. HCP Vault also enables secure networking for workloads across EKS, EC2, AWS Lambda, and many other AWS services.
After the initial deployment, your Vault cluster is fully managed by HashiCorp. We look after the overall health, snapshots, monitoring, and a host of other operational tasks, all of which are handled in the background by the engineering teams that build and maintain the core Vault product. Operational issues can be resolved efficiently since logs are readily available to operators. Cloud provider maintenance events that often cause virtual machines to be decommissioned are also automatically dealt with on the customer’s behalf.
A key component of the HashiCorp Cloud Platform is the HashiCorp Virtual Network (HVN), which offers a common abstraction across cloud providers around an isolated single-tenant network. Each HCP Organization (i.e. tenant) is isolated into a separate AWS account. HCP then deploys a single tenant VPC for each HashiCorp Virtual Network (HVN). All HCP resources are deployed into that HVN, which ensures tenant isolation.