HashiCorp Vault 0.8 Released
August 10, 2017
Vault 0.8 includes significant updates to both the open source
and enterprise versions, including new secure plugins, disaster
recovery, mount filtered replication capabilities, and
multi-factor authentication (MFA).
Vault is broadly used among the Global 2000 to address the
challenge of infrastructure and application security in
distributed environments. The Vault open source product
addresses core security use cases for secrets management,
encryption as a service, and privileged access management. Vault
Enterprise enables teams and organizations to simplify Vault
usage with collaboration and operations features, provide
governance capabilities, and scale Vault across multiple data
A significant addition to the open source version of Vault with
the 0.8 release is:
•Secure Plugins: Secure plugins enable individuals and
organizations to integrate custom authentication backends and
workflows. This makes it easier to author plugins for the entire
community and also makes it possible for Vault Enterprise users
to create and integrate custom backends.
Vault Enterprise 0.8 includes capabilities that improve
operations, security workflows, and multi-data center controls:
•Disaster Recovery: A new mode of replication which allows for
the replication of tokens and leased credentials as well as
secrets and policies, and prioritizes the ability to quickly
return from a down state without having to re-generate tokens
for applications/users accessing secrets.
•Mount Filtered Replication: A new addition to the Performance
Mode of Vault Replication released in Vault Enterprise 0.7,
mount filters allow for only selected secret and authentication
mounts to be replicated from primary to secondary. This is
critical for managing secrets governed by data sovereignty,
governance, risk management, and compliance regulations.
•Multi-Factor Authentication (MFA): An entirely new MFA
subsystem allows Duo Push, Okta Push, and Time-based One-Time
Password (TOTP) MFA methods to be required for any operation on
an authenticated path within Vault.
previous release of Vault Enterprise introduced multi-datacenter
replication, which has enabled many of our enterprise customers
to adopt or expand their usage of Vault. The new release makes
the multi-datacenter capability richer and adds disaster
recovery replication for the most mission-critical use cases,"
said Armon Dadgar, co-founder and CTO of HashiCorp.
"Additionally, we have added a secure plugin mechanism which
allows users and customers to innovate on top of Vault and build
on the secure foundation it provides."
"Deployment of HashiCorp Vault began at Adobe a little over a
year ago and has quickly become a fundamental feature of our
large-scale, distributed, hybrid cloud environment," said
Chandler Allphin, security engineer at Adobe. "A native plugin
system is just one of the pieces that engineers are excited to
leverage in the new 0.8 release. With the addition of disaster
recovery as well, Vault allows us to expand how we handle fault
tolerance and replication across our distributed