Simplifying Terraform Dynamic Credentials on AWS with Native OIDC Integration
AWS has added native OpenID Connect (OIDC) integration for HCP Terraform and Terraform Enterprise within Account Factory for Terraform (AFT). By setting the terraform_oidc_integration flag to true, AFT automatically creates the trust relationship between AWS and Terraform workspaces, removing the need to manually configure OIDC providers, IAM roles, trust policies, and environment variables. The change preserves the short‑lived, dynamically generated credential model while eliminating the operational overhead of the previous manual setup. Platform teams can now provision secure infrastructure across accounts with a single configuration toggle.
AWS Permission Delegation Now Generally Available in HCP Terraform
HashiCorp has made AWS temporary permission delegation generally available in HCP Terraform, integrating AWS’s just‑in‑time (JIT) IAM model with HashiCorp’s dynamic provider credentials. The feature lets customers grant short‑lived, scoped IAM permissions to HashiCorp for automated setup of roles, permission...
HCP Terraform Adds IP Allow List for Terraform Resources
HashiCorp announced that IP allow lists are now generally available in HCP Terraform, enabling organizations to define approved CIDR ranges for both platform access and Terraform agents. The new organization‑level setting can be scoped to individual agent pools, restricting UI,...
HCP Vault Dedicated Now Available in Additional AWS and Azure Regions
HashiCorp announced that HCP Vault Dedicated is now available in four new cloud regions—AWS Stockholm and Paris, and Azure Australia East and Australia Central. The expansion broadens the service’s global footprint, giving customers the ability to locate Vault clusters closer...
High-Performance Envelope Encryption at Ariso.ai with Vault
Ariso.ai integrated HashiCorp Vault’s Transit engine to secure its multi‑tenant AI assistant, Ari, using envelope encryption across 21 database tables. A single master key with context‑based derivation provides organization, user, and session isolation while eliminating key sprawl. DEK caching yields...
Building Day 2 Ops Guardrails with Terraform and Packer
The article outlines how Terraform and Packer can establish Day 2 operations guardrails that keep cloud environments secure, compliant, and cost‑effective after initial provisioning. It identifies common post‑deployment pitfalls such as manual ticketing, policy drift, orphaned resources, and misconfigurations that drive...
Terraform Enterprise 1.2 Upgrades Workflows, Visibility, and Brownfield Migration
Terraform Enterprise 1.2 is now generally available, adding a visual UI‑driven search and import tool that lets teams bring unmanaged, brownfield resources into Terraform without writing code. The release also graduates Explorer to GA, delivering a centralized dashboard that records...
Saving Banks From Technical Debt: How Atruvia Built Secure, Self-Service Infrastructure
Atruvia, the backbone of over 900 German cooperative banks, tackled massive technical debt by adopting HashiCorp Terraform and Vault. The shift to infrastructure‑as‑code slashed cluster provisioning from three months to two hours and cut network setup from weeks to minutes....
HCP Packer Adds SBOM Vulnerability Scanning
HashiCorp announced that HCP Packer now offers SBOM vulnerability scanning in public beta, while its package‑visibility feature has moved to general availability. The new scanning capability cross‑references each artifact’s software bill of materials against the MITRE CVE database and flags...
Vault Radar 2025 Recap: Expanding Visibility, Deepening Integration, and Simplifying Security
HashiCorp's Vault Radar, launched in 2025, expanded its secret‑sprawl detection across developer tools and cloud services, adding integrations for Jira, VS Code, Amazon S3, Slack, and AWS Secrets Manager. The platform introduced real‑time IDE scanning, direct remediation through Vault, webhook alerts,...
