Joining the Hashicorp Vault integration program & get plugin into HCP Vault & Vault Enterprise

[iniinikoski]

Currently the plugin can only be used with the Vault open-source version, though there are more and more customers who are using managed services from Hashicorp (e.g. HCP Vault). Hence, Hashicorp has created the Vault integration program (https://developer.hashicorp.com/vault/docs/partnerships) to improve the secrets engine support through the (slowly) growing partner network. They are also ramping up the new product "Vault Secrets" (https://developer.hashicorp.com/hcp/tutorials/get-started-hcp-vault-secrets/hcp-vault-secrets-introduction) where they plan to bring more and more different secret types / engines as a ready-made/built-in support. A good example is MongoDB Inc. with their MongoDB Atlas Secrets Engine which is fully supported in all Vault installations.

It would be great if JFrog could partner (even more?) with Hashicorp on this, as the spread of Artifactory tokens is an issue for every company using Artifactory. Artifactory has been enhanced with a better token support lately, but would be great that developers would not need to interface with Artifactory at all in order to get access to it (as, they get access to everywhere else also through Vault. The situation has of course improved lately a lot by introducing the OIDC possibilities between e.g. Artifactory and GitHub, thus mostly removing the requirement for static tokens. But the issue does still persists for e.g. user access or any machine access outside of e.g. GitHub.

Unfortunately, there's no alternative to this. We know that ephemeral / dynamic secrets is the key to success and we'd need to make this easy for everyone without compromising security.

JFrog Artifactory already integrates with Hashicorp Vault (though, not HCP Vault I believe atm), so, JFrog has partnered with Hashicorp on some levels already. I hope this partnership could be taken to next level where everyone benefits.