HashiCorp Vault scans for skeletons in your code closet

Added functionality follows BluBracket acquisition earlier this year

HashiConf HashiCorp today revealed its latest front in the battle against secrets sprawl with new Vault functionality – plus a first look at the fruits of the company's BluBracket purchase.

Unsurprisingly, the announcements at the company's annual HashiConf shindig – this year in San Francisco – were heavy on the HashiCorp Cloud Platform (HCP). However, some features from HCP have made their way into the enterprise product.

HCP Vault Radar

HashiCorp bought code security startup BluBracket earlier this year, and the alpha of HCP Vault Radar is the first emission resulting from the venture.

In a nutshell, HCP Vault Radar is a cloud service to automate code scanning, including detecting, identifying, and removing secrets. The HashiCorp team has integrated the service in Git-based version control, AWS Configuration Manager, and directory structures in the HCP ecosystem.

The market for code scanning tools is crowded: GitHub, for example, will scan a user's repos for anything that shouldn't be there.

HashiCorp's take goes somewhat further, with a range of categories on offer. As well as secrets, the tool will hunt out personally identifiable information (PII) and infrastructure-as-code (IAC) risks. It will also root out non-inclusive language and dependencies.

The company's vision for the tool, which won't hit beta before January 2024 with general availability following later in the year, is intended to encompass much of the developer IT estate, from Git providers, CI/CD tools, version control, and code servers down to messaging and ticketing systems.

Secrets and Sync

More here and now is the general availability of HCP Vault Secrets following a stint in beta – the SaaS product focuses primarily on secrets management – and a Vault Enterprise Secrets sync beta. The latter was a service previously only available in HCP Vault Secrets but has now turned up in Vault Enterprise 1.15.

Secrets sync is designed to permit platform teams to centralize secrets management while allowing developers to consume secrets as needed in their applications. The nature of the tool means it will happily hop across platforms – the beta release includes support for AWS, Azure, GCP, and GitHub. ®

More about

More about

More about


Send us news

Other stories you might like