2023 was a year of incredible technical advancement, especially in the field of AI, that we may one day look back on as a turning point in computing. For HashiCorp, the unprecedented number of new features we’ve brought to our infrastructure and security lifecycle management products marks a turning point as well. As always, we didn’t do it alone — users, customers, partners, and employees played essential roles helping us get to where we are.
This year we saw more signals that the adoption of infrastructure as code and cloud automation is accelerating. HCL rose to #11 on the most-used languages chart in the GitHub Octoverse report, with 36% year-over-year growth. As organizations look to use cloud in a more productive and cost-efficient manner, it’s clear that infrastructure as code plays a key role, and that many organizations are still transforming their approach to infrastructure management.
With that in mind, I wanted to highlight some of the most important enhancements to our products this year, along with improvements to our practitioner experience.
Terraform + HCP Packer
2023 was a year of major improvements for HashiCorp Terraform, with three releases (1.4, 1.5, and 1.6) helping accelerate developer productivity. Highlights include config-driven import in Terraform 1.5, which lets developers safely and securely import existing resources to Terraform and automatically generate the matching configuration. First-class support for checks allows users to define health checks along with resources and modules, making it easier to ensure infrastructure stays healthy. The Terraform test framework, introduced in Terraform 1.6, gives developers easy-to-use tools to perform unit and integration testing of Terraform modules.
To help module producers and consumers truly benefit from this framework, test-integrated module publishing for Terraform Cloud streamlines the module testing and publishing process. We also introduced AI-generated module tests to jumpstart the test authoring process. And there is more to come in 2024, including the highly anticipated Terraform stacks to simplify complex provisioning workflows at scale.
Terraform Cloud also introduced new capabilities to help organizations improve their security with features like dynamic provider credentials, native Open Policy Agent (OPA) integration, and the general availability of no-code provisioning to enable secure self-service infrastructure workflows.
The Cloud Development Kit for Terraform (CDKTF) continued its rapid pace of innovation, with five releases in 2023 that brought many performance and productivity enhancements for developers working in programming languages such as TypeScript, Python, Go, and more. This year also saw the introduction of multi-language provider docs in the Terraform Registry to help developers discover resource configurations and examples in their preferred language.
HCP Packer also made strides to help customers with security on the image level, with features like audit log streaming, inherited revocation, and channel rollback to simplify image health monitoring and lifecycle management.
Like Terraform, Consul, and Nomad, HashiCorp Vault also notched three major releases this year (1.13, 1.14, 1.15), which added important features such as ACME support in Vault PKI, the OpenLDAP secrets engine, Certificate Issuance External Policy Service (CIEPS), and dozens of other productivity, observability, and security enhancements.
A new Kubernetes integration method was also launched in 2023: the Vault Secrets Operator, which is a first-class Kubernetes Operator for Vault. With three primary methods for Vault-Kubernetes integration, see how the Vault Secrets Operator compares with the other two integration methods and find out if it’s the best fit for your use case.
Perhaps the biggest news in the Vault ecosystem this year was the release of HCP Vault Secrets and the associated secrets sync functionality, which is also available in HCP Vault and Vault Enterprise. Secrets sync represents a major leap in how companies fight secret sprawl and centralize secrets management into one interface, enabling secrets to be synced to external systems, such as cloud native secret stores and SaaS solutions like GitHub and Vercel. The focus and simplicity of HCP Vault Secrets helps teams onboard Vault even faster by focusing on solving secrets management first.
Speaking of secret sprawl, HashiCorp’s acquisition of BluBracket and its advanced secret scanning technology birthed HCP Vault Radar: a tool for finding and analyzing unmanaged secrets. Currently available through early access, we hope to widely release Vault Radar in 2024. We’ve been focused on secrets management since the launch of Vault, and one of the most common challenges continues to be discovery of existing secrets and credential leaks by human users. Radar aims to help with both of these problems by scanning across various collaboration tools to find exposed secrets, both existing and new ones, that are leaked by human users.
2023 was an especially important year for HashiCorp Boundary, with three releases (0.12, 0.13, and 0.14) that added key features for secure access management. First, we introduced Boundary Enterprise, allowing organizations with strict security and compliance requirements to self-manage their Boundary deployments.
Second, we added SSH session recording, Boundary’s most requested feature. Session recording lets administrators record and play back user actions over remote SSH sessions, allowing teams to meet key regulatory requirements, deter malicious behavior, and remediate threat incidents. Multi-hop worker sessions, passwordless SSH access, and an embedded terminal for the Boundary Desktop app also made a big impact among dozens of notable new features in Boundary.
The enterprise IT world is starting to take notice of Boundary’s modern approach to privileged access management (PAM), with Vault and Boundary being added to Gartner’s Magic Quadrant for privileged access management. We’re building an approach to PAM that wasn’t conceived in an era of on-premises castle-and-moat security perimeters, but instead looks toward the cloud-based future of zero trust architectures. I think it’s a sign we’re on the right track and we’re glad to see that the world’s view of PAM is evolving with us.
HashiCorp Consul's 2023 releases (1.15, 1.16, and 1.17) and the new HCP Consul Central significantly improved observability, scalability, and reliability. Envoy access logging and extensions streamlined Consul onboarding and troubleshooting while sameness groups optimized multi-cluster operations. Consul also gained locality-aware service mesh routing, which prioritizes local instances for lower latency and reduced costs.
The introduction of HCP Consul Central was pivotal, providing observability and centralizing management for both HashiCorp-managed and self-managed Consul clusters across diverse cloud environments, simplifying global operations.
Consul’s service mesh capabilities for securing service-to-service communication gained several security upgrades. In 1.16, Consul gained JWT authentication for service-to-service traffic. Envoy extensions also gave Consul more options for security with Wasm and external AuthZ Envoy extensions. Consul API gateways also received security upgrades, such as support for JWT-based authentication and authorization.
HashiCorp Nomad’s three releases (1.5, 1.6, and 1.7) continued to enhance the product’s trademark flexibility and simplicity by giving users more ways to make clusters run as efficiently as possible. One of the biggest additions was node pools: a new way to determine which client nodes are eligible to receive workloads. Nomad Enterprise customers gained additional governance on top of node pools, giving Nomad administrators fine-grained control over which users can put work on what machines.
Along with NUMA support and the release of Nomad Pack 0.1, Nomad also gained enhancements to its Vault and Consul integrations, replacing static token management with simpler and more secure dynamic credentials. Production-ready support for the Podman driver also added more flexibility for customers who want to run containers in RedHat environments. Nomad support for distributed locking also makes it easier to run mission-critical applications without the complexity of external leader election.
Along with reliability improvements, Nomad was focused on becoming even more secure. Better credential management was a key theme, as Nomad added single sign-on (SSO), allowing users to sign into Nomad using any OIDC-compliant identity provider (IdP). Nomad also gained the ability to act as an OIDC provider and mint dynamic workload identity tokens that third parties can use to authenticate the identity of Nomad tasks.
We introduced a new vision for HashiCorp Waypoint this year, pivoting to focus solely on HCP Waypoint. As we reframed HCP Waypoint to empower platform teams to define golden patterns and workflows for developers, we introduced templates to abstract and standardize application scaffolding and add-ons to install infrastructure dependencies into their Waypoint-defined applications. This new vision points HCP Waypoint toward providing an internal developer platform, which is a trend we’ve seen accelerate as platform teams look to simplify how application teams build and deliver in the cloud.
HashiCorp Developer AI
At HashiConf in October, we announced the private beta for Developer AI, a new AI-powered experience for practitioners using our products that we trained on our APIs, documentation, learn guides, support knowledge base, and more. Users who are new to the products can quickly get answers to questions about key use cases, configurations, and how to get started. Experienced users can ask about advanced scenarios and get references to guides and documentation to dive deeper. The private beta is going on now, with an open beta planned for early 2024. To try it out, sign up today.
See you in 2024
2023 was a turning point for generative AI. At HashiCorp, we are excited to power the infrastructure for some of the most innovative applications in this emerging field, from using Terraform to deploy cloud infrastructure to train models, to using Nomad to schedule across large-scale GPU clusters. HashiCorp products are playing an enabling role in unlocking the power of AI.
Beyond AI, we see accelerating demand for infrastructure as code, cloud-native approaches to security, and automation for application delivery.
To our users, customers, partners, and employees, I want to give a heartfelt “thank you” for your contributions to the progress we made this year. We look forward to doing great things with you again in 2024 as we continue to build the future of cloud infrastructure and security together.
from HashiCorp Blog https://bit.ly/3NAPlua