Infra

Exposure of secrets such as database passwords, API tokens, and encryption keys can lead to expensive breaches. For reference, the average cost of data breach incidents between March 2023 and February 2024 was $4.88M, according to a Statista report. We know that preventing secret exposure needs to be a primary focus for security teams. Verizon's 2025 Data Breach Investigations Report makes this fact clear, finding that 88% of attacks targeting web applications involved the usage of compromised credentials. ...

There is a long list of reasons organizations need more control over hybrid cloud infrastructure and security. One of them is cyber materiality. The SEC’s cybersecurity disclosure, adopted in 2023, states: “… we are adopting amendments to require current disclosure about material cybersecurity incidents. We are also adopting rules requiring periodic disclosures about a registrant’s processes to assess, identify, and manage material cybersecurity risks, management’s role in assessing and managing material cybersecurity risks, and the board of directors’ oversight of cybersecurity risks.” ...

The Terraform AWS provider serves as the bridge between Terraform configurations and AWS, enabling users to define and manage AWS resources as code. We are excited to share that version 6.0 of the Terraform AWS provider is now generally available. Along with bugfixes, the latest update brings enhanced multi-region support and other workflow improvements. With this release, AWS and HashiCorp continue to expand their partnership — delivering new integrations that help customers move faster, adopt more AWS services and features, and deploy infrastructure with developer-friendly workflows. ...

As AI becomes increasingly integrated into business workflows, organizations are leveraging private large language models (LLMs) to automate tasks, extract insights, and streamline operations. This shift brings with it a growing reliance on sensitive and proprietary data, fueling both innovation and new security risks. One of the most overlooked threats in this new landscape is the presence of secrets embedded in the data used to train or interact with AI models. These secrets can be inadvertently exposed during model training or inference, potentially leaking access to critical systems. ...

What security practices should you keep in mind as you write and share Terraform configuration? This post discusses five important practices to ensure that your Terraform configuration remains secure. These practices range from verification of modules and providers to limiting access to state and credentials. 1. Verify modules and providers Modules and providers behave as external dependencies for a Terraform configuration, so handle them with the same attention that you’d give to software libraries or artifacts. Verifying the integrity, source, and version of providers and modules ensures that you do not download dependencies with unapproved configurations or even worse, malicious code. As a general approach, make sure you clearly define the source and version of providers and modules approved for use. ...

AWS re:Inforce is an immersive cloud security learning event kicking off Monday, June 16, in Philadelphia. HashiCorp once again has a major presence at the event, including breakout sessions, expert talks, and product demos. At re:Inforce, we are sharing the recent launches of Security Lifecycle Management (SLM) products and features that further reduce security risks and dramatically improve the user experiences in AWS for developers, SecOps, and platform teams. Recent HashiCorp/AWS security developments include: ...

Out of nearly 1,200 respondents around the world, only 8% qualified as highly mature after taking the HashiCorp State of Cloud Strategy survey. In the survey, we identified a number of practices that indicated an organization’s cloud agility and the maturity of their cloud practices. Over the past decade, we’ve seen thousands of enterprises adopt cloud and navigate their digital transformation. What we’ve found is that every organization's path to cloud adoption follows a predictable pattern. We’ve taken the learnings from those thousands of customer conversations and several years of research, and we’ve distilled our findings down to a handful of questions. ...

In today's digital landscape, enterprise organizations face significant challenges in managing cryptographic keys. The shift towards multi-cloud environments and hybrid infrastructures has introduced complexities in key management, often leading to fragmented security practices. This fragmentation is further exacerbated by the need to adapt to existing workflows to accommodate cloud adoption. The National Institute of Standards and Technology (NIST) says that the management of cryptographic keys becomes increasingly complex in cloud environments due to differences in ownership and control between cloud consumers and providers. ...

Quantum computing is fast approaching, and with it comes a serious cybersecurity challenge. The threat of quantum-enabled attacks is real and requires immediate preparation. This shift is often compared to Y2K, as both involve major updates to critical but largely hidden systems. However, unlike Y2K, there’s no set deadline — quantum risks will emerge gradually. Some, like harvest now, decrypt later attacks, are already happening, making it essential to prioritize action now. ...

You can use HCP Vault Dedicated audit log streaming to monitor and audit secure access to sensitive services and systems within your infrastructure. In production environments, every interaction with Vault, from reading secrets to generating dynamic credentials, should be tracked to meet compliance and security requirements. This post shows how HCP Vault Dedicated audit log streaming can be integrated with Amazon CloudWatch to forward detailed audit events in real time. With this setup, teams gain centralized visibility into Vault operations, detect unauthorized access patterns, and meet regulatory and operational audit needs all without the overhead of managing custom log forwarding pipelines. ...