Infrastructure automation software company HashiCorp has announced a limited beta phase for HCP Vault Radar, a Software-as-a-Service (SaaS) based secrets discovery product. HCP Vault Radar is a secret scanning product that focuses on the proactive discovery of unmanaged or leaked secrets, allowing organizations to take swift action if secret information is exposed.
Following an alpha stage that began in October 2023, this beta release showcases new capabilities and integrations designed to bolster security for organizations managing sensitive information. The beta release adds role and attribute-based access controls (RBAC/ABAC). RBAC allows organizations to grant access by roles, while ABAC offers highly granular controls governing access based on user and object characteristics, action types, and more. These features enhance the ability to manage permissions, audit privileges, and comply with regulatory requirements efficiently.
HCP Vault Radar supports secret scanning from both a command line interface (CLI) and the HCP portal. The beta release expands on the data sources that can be used, now including Git-based version control systems, AWS Parameter Store, Confluence, Docker images, and Terraform Cloud and Terraform Enterprise. This addition enables users to scan a broader range of platforms than before.
Radar categorizes and ranks exposed data based on its level of risk, and as well as secrets also looks for PII (personally identifiable information) and non-inclusive language, scoring these risks appropriately. This allows DevOps and Security teams to prioritize remediation efforts effectively.
HCP Vault Radar also integrates with HashiCorp Vault to allow Radar to scan supported data sources for leaked secrets actively in use within Vault. By cross-referencing with either Vault Enterprise or Vault Community, HCP Vault Radar provides an enhanced risk rating for discovered secrets. This prioritization ensures that organizations can address the most critical issues promptly.
HCP Vault Radar builds on HashiCorp Vault's secrets lifecycle management functionality. Its automated scanning and ongoing detection capabilities empower organizations to be proactive in identifying and remediating unmanaged secrets before they pose a security risk. The product is currently in a private beta program, and organizations interested in participating can sign up for updates to be considered for inclusion.