Summary
HashiCorp Boundary is an open-source access management tool that enables secure, identity-based remote access to hosts and services without requiring direct network access or managing individual SSH keys.
What is Boundary?
Boundary sits between users and infrastructure, acting as a proxy that authenticates users through identity providers (Active Directory, Okta, GitHub) and authorises access to specific targets based on roles. Users never need VPN access to a private network or credentials for individual hosts.
The core concepts are organisations, projects, hosts, and targets. Targets define what can be accessed (e.g., a database or SSH host) and which credentials to inject. Boundary can dynamically fetch short-lived credentials from HashiCorp Vault and inject them into sessions, so users never see raw secrets.
Session recording is available in the enterprise version, creating an audit trail of every interactive session. HCP Boundary is the managed cloud offering that removes the need to operate Boundary infrastructure.
Why is Boundary relevant?
- Zero-trust access: Access is identity-driven rather than network-perimeter-driven
- Credential injection: Users access systems without ever seeing passwords or private keys
- Auditability: All access events are logged with user identity, time, and target
- Simplified operations: Eliminates VPN management and static SSH key distribution