Virtualization Technology News and Information
HashiCorp Vault 0.8 Expands Secrets Management and Security Across Multiple Clouds

HashiCorp, a leader in cloud infrastructure automation, today released HashiCorp Vault 0.8 which includes significant updates to both the open source and enterprise versions, including new secure plugins, disaster recovery, mount filtered replication capabilities, and multi-factor authentication (MFA).

Vault is broadly used among the Global 2000 to address the challenge of infrastructure and application security in distributed environments. The Vault open source product addresses core security use cases for secrets management, encryption as a service, and privileged access management. Vault Enterprise enables teams and organizations to simplify Vault usage with collaboration and operations features, provide governance capabilities, and scale Vault across multiple data centers.

A significant addition to the open source version of Vault with the 0.8 release is:

  • Secure Plugins: Secure plugins enable individuals and organizations to integrate custom authentication backends and workflows. This makes it easier to author plugins for the entire community and also makes it possible for Vault Enterprise users to create and integrate custom backends.

Vault Enterprise 0.8 includes capabilities that improve operations, security workflows, and multi-data center controls:

  • Disaster Recovery: A new mode of replication which allows for the replication of tokens and leased credentials as well as secrets and policies, and prioritizes the ability to quickly return from a down state without having to re-generate tokens for applications/users accessing secrets.
  • Mount Filtered Replication: A new addition to the Performance Mode of Vault Replication released in Vault Enterprise 0.7, mount filters allow for only selected secret and authentication mounts to be replicated from primary to secondary. This is critical for managing secrets governed by data sovereignty, governance, risk management, and compliance regulations.
  • Multi-Factor Authentication (MFA): An entirely new MFA subsystem allows Duo Push, Okta Push, and Time-based One-Time Password (TOTP) MFA methods to be required for any operation on an authenticated path within Vault.

"The previous release of Vault Enterprise introduced multi-datacenter replication, which has enabled many of our enterprise customers to adopt or expand their usage of Vault. The new release makes the multi-datacenter capability richer and adds disaster recovery replication for the most mission-critical use cases," said Armon Dadgar, co-founder and CTO of HashiCorp. "Additionally, we have added a secure plugin mechanism which allows users and customers to innovate on top of Vault and build on the secure foundation it provides."

"Deployment of HashiCorp Vault began at Adobe a little over a year ago and has quickly become a fundamental feature of our large-scale, distributed, hybrid cloud environment," said Chandler Allphin, security engineer at Adobe. "A native plugin system is just one of the pieces that engineers are excited to leverage in the new 0.8 release. With the addition of disaster recovery as well, Vault allows us to expand how we handle fault tolerance and replication across our distributed infrastructure."


HashiCorp Vault 0.8 is generally available today. The new capabilities in Vault Enterprise 0.8 enhance the already rich set of enterprise features. Users can download the open source version of Vault at

Vault Enterprise is available in two versions. The Vault Enterprise Pro offering focuses on collaboration and operations features like a UI for managing secrets, health monitoring, and initialization and secure bootstrapping workflows. The Vault Enterprise Premium offering focuses on multi-datacenter and governance features such as Hardware Security Module (HSM) integration and multi-datacenter replication. For more information about HashiCorp Vault Enterprise, go to

Published Wednesday, August 09, 2017 1:08 PM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<August 2017>