HashiCorp Debuts Open-Source Vault Project for Crypto Key Management
HashiCorp, the vendor behind popular Vagrant developer tool, makes a big jump into security with the open-source Vault project.Open-source software vendor HashiCorp is getting into the security business with the initial release of the Vault project. HashiCorp is best known for its DevOps tools, particularly its widely used open-source Vagrant application that enables developers to reproduce developer environments easily. The Vault project is a new open-source tool aimed at safely and securely storing secrets. Those secrets include passwords, security certificates, API keys and tokens. The idea of a security secrets manager is not new, said Kevin Fishner, director of customer success at HashiCorp. In fact, key and secret managers, such as Venafi or Hardware Security Modules (HSMs), are the main competition for Vault, he said. "The main Vault differentiator is key rolling and key leasing," Fishner told eWEEK. "Keys have a short period of usability and have strict permissions, so even in the event of a compromise, the attacker's time and surface area windows are drastically limited." In modern IT infrastructure, many organizations will tie their secrets to some form of identity or access control system, such as Microsoft's Active Directory or a Lightweight Directory Access Protocol (LDAP) system.
"We have no direct integration with LDAP systems; however, Vault could be used to manage the keys for those identity/access systems," Fishner said. "Unique keys can be generated per user and provide an audit log for all accesses."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.