HashiCorp has released version 0.7 of its open-source Boundary project that automates identity-based secure user access to hosts and services across all environments. Boundary Desktop 1.4 is also available for Mac, Linux and Windows. Key new features include dynamic host catalogs, plugin support (currently for internal use only), managed groups, and resource filtering in the admin console.
Boundary 0.7 includes the ability to dynamically connect to Azure and AWS to ensure hosts and host catalogs are up to date. Future plans include support for additional clouds and platforms. HashiCorp’s announcement blog post states that this release “realizes a key part of our vision for Boundary by enabling automated discovery of target hosts and services.” […] the ability to dynamically update host catalogs to connect to targets is an important differentiator from traditional access methods that rely on manual configurations.”
The Dynamic Host Catalog feature has been implemented using the new Boundary partner plugin integration, enabled via go-plugin. The blog post states that while this initial release of Boundary plugins is limited, “the new functionality opens the door to a future ecosystem of pluggable integrations provided by partners and the community at every stage of the Boundary access workflow. “.
Boundary 0.7 introduces the ability to create and manage “managed groups” through the Boundary admin console. This is in addition to existing CLI and HashiCorp Terraform support for managed groups. Managed groups are used to populate boundary groups based on external identity provider (IdP) metadata. This feature allows users of the Open ID Connect (OIDC) authentication method to automatically create groups based on user permissions managed by an OIDC identity provider.
To learn more about OIDC authentication methods and creating OIDC managed groups, check out these two Boundary HashiCorp Learn guides: OIDC Authentication and Managing OIDC IdP Groups.
The Boundary Admin Console now also supports resource filtering for sessions and authentication methods, and Boundary Desktop supports resource filtering for sessions. Future releases will further improve the UI filtering capabilities for other resource types.
Alternatives to Boundary include the strongDM product suite, tailscale and related open-source headscale, as well as commercial and open-source Teleport solutions.
InfoQ has already covered the Boundary 0.2 release, which includes additional details on the Boundary deployment architecture and Terraform configuration examples.
As Boundary 0.7 introduces important new features, the HashiCorp team recommends reviewing the general upgrade guide and release notes for Boundary, and upgrading and testing this release in an isolated environment. If any issues are encountered, they can be reported on the GitHub Boundary issue tracker or the Boundary discussion forum.