HashiCorp Boundary

Secure access to applications and infrastructure based on user identity

🚀 About

In this HashiQube DevOps lab, you'll get hands-on experience with HashiCorp Boundary, an identity-based secure access management solution.

Boundary is designed to grant access to critical systems using the principle of least privilege, solving challenges organizations encounter when users need to securely access applications and machines. Traditional products that grant access to systems are cumbersome, painful to maintain, or are black boxes lacking extensible APIs.

Boundary allows authenticated and authorized users to access secure systems in private networks without granting access to the larger network where those systems reside.

📰 Latest News

• Boundary 0.12 introduces multi-hop sessions and SSH certificate injection
• Boundary 0.10 Expands Credential Management and Admin UI IAM Workflows
• HashiCorp Boundary 0.8 Expands Health and Events Observability

🎬 Introduction

Click the image to watch an introduction to HashiCorp Boundary by Armon Dadgar, HashiCorp Co-Founder and CTO

🔍 How It Works

Boundary architecture and workflow

🖥️ User Interface

Boundary login page

Boundary dashboard after login

📋 Provision

bash boundary/boundary.sh

vagrant up --provision-with basetools,docsify,boundary

docker compose exec hashiqube /bin/bash
bash hashiqube/basetools.sh
bash docsify/docsify.sh
bash boundary/boundary.sh

🔑 Access Information

After provisioning, you can access Boundary at:

• URL: http://localhost:9200
• Username: admin
• Password: password

🛠️ Key Features

• Identity-based access control for users, services, and systems
• Dynamic host catalogs that automatically discover and register available targets
• Just-in-time credential injection for sessions
• Multi-hop sessions for secure access to remote networks
• Fine-grained authorization with role-based access control
• Observability through health checks and events monitoring
• API-driven architecture for automation and integration

🧩 Boundary Architecture Components

• Controllers - Manage the Boundary control plane
• Workers - Handle connections from clients to targets
• Targets - Resources that clients connect to through Boundary
• Auth Methods - Ways users can authenticate to Boundary
• Projects - Organizational units for targets
• Host Catalogs - Collections of hosts that can be used as targets
• Sessions - Active connections between clients and targets

📜 Provisioner Script

The script below automates the setup of Boundary in your HashiQube environment:

filename

🔗 Additional Resources

• Boundary Official Website
• Boundary Documentation
• Boundary GitHub Repository
• Boundary Tutorials
• Boundary CLI Reference