Back to HashiConf Boston 2024

From October 14, 2024, to October 16, 2024, the very first edition of HashiConf took place in Boston, which was originally held in San Francisco. Additionally, it was also possible to participate in the event online. I had the chance to attend in person in Boston.

In this article, we will review together the new features presented during this event, particularly around HCP (HashiCorp Cloud Platform), which is highlighted at every HashiConf/HashiDays.

Infrastructure Lifecycle Management (ILM)

The first day mainly focused on products related to Infrastructure Lifecycle Management (ILM). These products include Terraform, Packer, Nomad and Waypoint.

In summary, the new features are presented through this slide:

HashiCorp Terraform

In this HashiConf, most of the new features are oriented around HCP (HashiCorp Cloud Platform).

For those looking for updates on the community version, I invite you to check out the new features of version 1.9.

Regarding the new features for HCP, we have:

• HCP Terraform Stacks (public Beta): Probably the most significant novelty of HashiConf 2024, this feature allows you to manage a Components (defined in .tfstack.hcl) that represents a set of resources (an infrastructure) through Deployments that define how and how many times the Components will be deployed. This addresses common issues such as having Terraform modules within the same stack sharing the same lifecycle or deploying across multiple regions/accounts/providers without duplicating code. To top it off, you can use Orchestration rules that allow for auto-approve under certain conditions or check for specific conditions (e.g., blocking the apply if resources are deleted) and much more. I strongly encourage you to delve deeper into this topic on the official HashiCorp blog post.
• HCP Terraform module lifecycle management (public Beta): Very focused on HCP, this feature allows you to notify via Slack, email, or other means about a deprecated module, an upgrade of a provider, a drift, etc.Additionally, you will have the ability to see the usage of your modules in your workspaces via the Explorer.
• Terraform migrate (public Beta): tf-migrate is an executable that enables migration from a community version of Terraform to HCP Terraform or Enterprise.

For more information:

• HCP Terraform Stacks
• HCP Terraform Stacks demonstration
• HCP Terraform Stacks EKS deferred example
• HCP Terraform module lifecycle management demonstration
• Terraform migrate

HashiCorp Waypoint

For those who may have missed the announcement made at HashiDays in London, HCP Waypoint now has the ability to perform actions thus expanding its range of features through GitHub Actions, Jenkins or even with HTTP API (perfect for third parties). The novelty of this HashiConf regarding Waypoint Actions lies in the fact that you can now use variables at the action level, providing more modularity for the actions and for the developers using them.

On the HCP Waypoint side, several features have reached General Availability (GA):

• HCP Waypoint templates (GA): templates are now in GA. As a reminder, templates allow you to use no-code module to deploy resources without writing Terraform configuration.
• HCP Waypoint add-ons (GA): Similarly, add-ons are now in GA to better manage application dependencies.
• HCP Waypoint workflow for templates: This offers the ability to upgrade templates seamlessly for developers.

For more information:

• HCP Waypoint templates
• HCP Waypoint add-ons
• HCP Waypoint Upgrade workflow for workflow
• HCP Waypoint actions

HashiCorp Packer

The product has been quite stable in recent years, and the new features bring some improvements, but nothing particularly notable. All efforts in recent years have focused on HCP Packer, for which we had some new features during HashiConf in Boston, such as:

• HCP Packer CI/CD pipeline metadata (GA): For users of HCP Packer via GitLab or GitHub, this is a major update because it will now be possible to retrieve information through metadata such as pipeline IDs, job names, commit hash, etc.
• HCP Packer bucket-level RBAC (GA): It was already possible to manage permissions at the Registry level, but now it will also be possible to manage them at the bucket level: Who can see the bucket? Who can push metadata at the bucket level? So many questions that can now be addressed.

For more information:

• HCP Packer CI/CD pipeline metadata
• HCP Packer bucket-level RBAC

HashiCorp Nomad

Nomad has been updated to version 1.9 and offers several new features, some of which are enterprise and others community.

On the Community side:

• Improved IPv6 support: Several issues related to IPv6 have been resolved, allowing for better use of Nomad, particularly with other services over IPv6, such as Consul, Vault, Docker driver, etc.
• exec2 task driver (GA): Already present in version 1.8 in Beta, this new exec2 (aiming to replace exec) brings several improvements in CPU, disk, memory, execution time, and more.
• libvirt task driver (Beta): A new driver that allows managing Virtual Machines (VMs) through KVM, Xen, VMware ESXi, etc.
• Golden job versions: The ability to tag a job version and keep a history of job versions. To do this, the command nomad job tag has been introduced.
• NVIDIA device driver for Multi-Instance GPU support: The addition of support for NVIDIA Multi-Instance GPU. I encourage those unfamiliar with NVIDIA Multi-Instance GPU to refer to the official documentation.

On the Enterprise side:

• Quotas for device resource: Quotas were already supported in Nomad for CPU, memory, network, etc. With this feature, quotas now apply to device resources.
• NUMA awareness for device resources: Since version 1.7, non-uniform memory access (NUMA) has been introduced for multi-core CPUs for latency-sensitive workloads. In version 1.9, this applies to devices memory nodes.

For more information:

• Nomad v1.9 releases notes

Security Lifecycle Management (SLM)

he second day mainly focused on products related to Security Lifecycle Management (SLM). These products include Vault, Boundary and Consul.

In summary, the new features are presented through this slide:

HashiCorp Vault

Vault has been the star in recent years around Security Lifecycle Management (SLM), and it’s no surprise that we find numerous new features related to the product.

A major new feature: HCP Vault Radar public Beta. Vault Radar allows you to scan code, documentation, and container images to identify secrets that match specific patterns (regular expressions, dictionaries, etc.) or are associated with a secret in Vault. Beyond detection, Vault Radar provides resolution priorities and a remediation guide. All of this is operated through a Vault Radar agent.

Another new feature from this HashiConf is HCP Vault Secrets, with three highlighted functionalities:

• Auto-rotation: The auto-rotation allows HCP Vault Secrets to automatically change secrets on a specific frequency (e.g., every 30 days). The auto-rotation is supported for: AWS IAM user access keys, Google Cloud service account keys, MongoDB username/password, and Twilio API keys. More secret rotation supports will be added later.
• On demand dynamic secrets public Beta: In line with auto-rotation, dynamic secrets are temporary secrets. Currently, the service supports: AWS STS and Google Cloud.
• Dynamic provider credentials in HCP Terraform: You can now use Vault Secrets through HCP Terraform to use dynamic credentials for provider configuration.

Finally, the release v1.18 brings a host of new features such as:

• Raft library updates: Improves network resilience with a pre-vote system.
• UI support for AWS WIF & KVv2 secrets path management: Addition of AWS WIF and KVv2 path management in the UI.
• CMPv2 PKI support (Enterprise): Support for the CMPv2 PKI protocol.
• Adaptive overload protection (Enterprise): Enhances High Availability (HA).
• Password rotation for static PostgreSQL database accounts (Enterprise): Auto-rotation of database account credentials.
• IPv6 compliance (Enterprise): IPv6 compliant with OMB Mandate M-21-07 and Federal IPv6 policy

For more information:

• Vault Radar
• Vault Radar remediation
• Vault Radar demonstration
• Vault auto-rotating demonstration
• Vault dynamic secrets
• Vault rotation & dynamic secrets
• Vault v1.18 releases blog

HashiCorp Boundary

A highly anticipated new feature, but only available via HCP Boundary (therefore paid), is transparent sessions in its version 0.18. As the name suggests, transparent sessions aim to intercept DNS calls and redirect traffic through Boundary to the targets. That’s it! The usage is therefore completely transparent. I encourage you to watch the demonstration of Transparent Sessions to see how simple it is.

Other notable features in version 0.18:

• AWS dynamic host catalogs AssumeRole authentication support
• Dynamic host catalogs worker filter support (Enterprise)

For more information:

• Transparent Sessions
• Transparent Sessions demonstration
• Boundary release note v0.18

HashiCorp Consul

During HashiConf, we didn’t hear much about Consul. There was only a discreet slide and a brief mention at the end of the summary slide.

The new features around Consul focus on version 1.20, which includes:

• DNS views (Enterprise): Allows limiting service discovery between tenants and restricting it by tenants.
• Improved Consul catalog sync metrics: The Consul catalog sync is a feature that automatically registers Kubernetes services in the Consul Catalog. It is now possible to obtain information such as status, performance metrics, etc.
• Hardened OpenShift integration
• Service dashboards for Grafana: t is now possible to use SON templates for Grafana dashboards.

For more information:

• DNS views
• Consul release note v1.20

HCP (HashiCorp Cloud Platform)

To wrap up this overview, some improvements have been made to HCP, such as:

• HCP Audit Log Streaming public Beta: Now with the ability to stream logs to an external platform for security information and event management (SIEM) like Splunk or AWS CloudWatch.
• Application level RBAC: A RBAC system has been implemented at the application level in HCP via roles (viewer, admin, etc.).

For more information:

• HCP Access Management
• HCP audit log

What about Vagrant?

Vagrant has been put on the back burner for several years, considered stable in terms of features and other aspects. Moreover, it is still not on the list of products under HCP, so it will not be presented anytime soon.

To complete your journey into the HashiCorp world, I invite you to learn more about other new features through the following resources:

• HashiCorp blog
• HashiCorp documentation
• GitHub changelogs for the various products
• HashiCorp Events
• The Replay of HashiConf 2024

HashiConf Boston 2024 In-Person Feedback!

Will the in-person event in Boston be worth repeating in 2025?

We already know that the next HashiConf will take place in San Francisco from September 24 to 26, 2025. In my opinion, the event was unforgettable, from the HashiCorp User Group (HUG) in Boston on a boat (yes, a boat!), the post-HashiConf party, the opportunity to take HashiCorp certifications for free, workshops, the Escape Game, the talks, and so much more. I even had the chance, despite the distance, to meet again with an old classmate I hadn’t seen in seven years. Beyond all that, I got to meet extraordinary people from all continents and diverse cultures. If we set aside the travel distance, the experience is definitely worth repeating in 2025!

Here’s a glimpse of the view from the HashiCorp User Group (HUG) in Boston on the boat:

What was the experience like as a HashiCorp Ambassador at this type of event?

It was an opportunity to meet other HashiCorp Ambassador, HashiCorp User Group Co-Org and HashiCorp Core Contributor. Beyond the networking aspect, the HashiCorp Ambassador had the chance to participate in a feedback and exchange day on the products with the HashiCorp teams on Monday (day 0). As a cherry on top, the HashiCorp Ambassador were privileged to receive several goodies, VIP access to the after-work event, and special attention from the HashiCorp teams.

For those who want to learn more or join the program, feel free to visit the official page.

What about the talks?

The sessions were conducted in several formats:

1. Keynote (morning) covering key moments and new features.
2. Cloud Engineering Tracks 1 & 2, providing a choice of technical topics.
3. Business Track aimed at more business-oriented profiles.
4. Hallway Track talks, 15-minute discussions on various but specific topics.
5. Certification testing, demos, and Learn Labs.

Overall, the program was very good, and all the areas for improvement raised during previous conferences were addressed and corrected. It’s clear that HashiConf sets a high bar compared to its predecessors.

Any final words?

As we have known for a few years now, HashiConf is the place for those who use HashiCorp Cloud Platform (HCP) or the Enterprise versions of HashiCorp products. The venue offers valuable experience feedback, experts from HashiCorp, and, most importantly, a network of enthusiasts. For those who already have a relatively advanced level in HashiCorp products and are limited to open-source products, you may find yourself somewhat unsatisfied, except for the networking time and the Hallway Track talks that provide technical discussions and deep dives, albeit with limited time.

To wrap up, here are some bonuses:

• HashiCorp Twitch
• HashiCorp Community
• HashiCorp Learn

And a big thank you to the “Mousquetaires HashiCorp Ambassadors” : Nathanael Frappart and François Dexemple!

Photo Credit: Nathanael Frappart