Summary
HashiCorp Packer is a tool for building machine images as code, distributed by HashiCorp under the Business Source License (BSL). From a single template it produces identical images for many targets—AWS AMIs, Azure and GCP images, VMware or vSphere artifacts, and container images—so that the same hardened, pre-configured base is used everywhere.
What is Packer?
Packer defines image builds declaratively in HCL templates. A build launches a temporary instance, runs one or more provisioners (shell scripts, Ansible, Chef, or others) to install and configure software, and then captures the result as a reusable image. This is the foundation of a "golden image" strategy: security hardening, packages, and compliance tooling are baked in at build time rather than configured repeatedly at runtime.
Packer fits naturally into a CI/CD pipeline—validate, build, test (for example with InSpec or goss), scan for vulnerabilities, then promote and tag the image—after which a tool like Terraform deploys it. Moving work from runtime to build time produces more predictable, immutable infrastructure and a smaller, faster runtime configuration step. Image security scanning can even run during the build itself.
Why is Packer relevant?
- Immutable infrastructure: Bake configuration into images so every deployment starts from an identical, known-good base
- Multi-platform: One template produces images for all major clouds and virtualization platforms
- Shift-left hardening: Apply security, compliance, and patching at build time, not in production
- Pipeline-native: Integrates cleanly with Terraform, scanners, and artifact registries in CI/CD