This post provides a tour of HCP Boundary and HCP Vault through the eyes of Terraform. The goal is to set up just-in-time access to AWS EC2 instances for on-call engineers. When an alarm is triggered in AWS due to high CPU utilization on an EC2 instance a Lambda function is invoked to configure access in Boundary for on-call engineers. When the alarm is cleared the access is removed. Vault is used for credential injection, so that on-call engineers are able to access EC2 instances without requiring access to any static credentials.

I recently submitted my first source code contribution to HashiCorp Vault. This is outside my usual type of work. In this post I walk through my experience!

This week I attended HashiConf in San Francisco. In this post I summarize my experience and what I thought about the conference!

In this post I will demonstrate how HashiCorp Vault can be used to generate temporary credentials to Azure from a GitHub Actions workflow. The workflow will ask Vault to create a temporary service principal with associated credentials that GitHub can use. The service principal is deleted after a few minutes, and no permanent credentials to Azure remain.