HashiCorp has released version 0.7 of their Boundary open-source project that automates secure identity-based user access to hosts and services across environments. Boundary Desktop 1.4 has also been released for Mac, Linux, and Windows. Key new features include dynamic host catalogs, plugin support (currently for internal use only), and managed groups and resource filtering in the admin console.
Boundary 0.7 includes the ability to dynamically connect to Azure and AWS in order to ensure that hosts and host catalogs are up-to-date. Future plans include support for additional clouds and platforms. The HashiCorp announcement blog post states that this release “realizes a key component of our vision for Boundary by enabling automated discovery of target hosts and services [...] the ability to dynamically update host catalogs for connecting to targets is an important differentiator from traditional access methods that rely on manual configurations”.
The dynamic host catalog functionality has been implemented using the new Boundary partner plugin integration, enabled via go-plugin. The blog post states that while this initial release of Boundary plugins is limited, “the new functionality opens the door to a future ecosystem of pluggable partner-and-community-contributed integrations across each step in the Boundary access workflow.”
Boundary 0.7 introduces the ability to create and manage “managed groups” via Boundary’s administrator console. This is in addition to the existing CLI and HashiCorp Terraform support for managed groups. Managed groups allow the population of Boundary groups based on external identity provider (IdP) metadata. This feature allows users of the Open ID Connect (OIDC) authentication method to automatically create groups based on user permissions maintained by an OIDC IdP.
To learn more about OIDC authentication methods and creating OIDC managed groups, see these two Boundary HashiCorp Learn guides: OIDC Authentication and Managing OIDC IdP Groups.
Boundary’s admin console now also supports resource filtering for sessions and auth methods, and Boundary Desktop supports resource filtering for sessions. Future releases will further enhance UI filtering capabilities for other resource types.
Alternatives to Boundary include the strongDM product suite, tailscale and the associated open source headscale, and the commercial and open source Teleport solutions.
InfoQ has previously covered the release of Boundary 0.2, which includes additional details of Boundary deployment architecture and examples of Terraform configuration.
As Boundary 0.7 introduces significant new functionality, the HashiCorp team recommends reviewing Boundary’s general upgrade guide and release notes, and upgrading and testing this release in an isolated environment. If issues are experienced they can be reported on the Boundary GitHub issue tracker or the Boundary discussion forum.