Research Help improve navigation and content organization by answering a short survey. Start Survey
Boundary
Boundary Home

Boundary v0.10.0

The release notes below contain information about new functionality available in the Boundary v0.10.0 release. To see a granular record of when each item was merged into the Boundary project, please refer to the Changelog. To learn about what Boundary consists of, we highly recommend you start at the Getting Started Page.

Lastly, for instructions on how to upgrade an existing Boundary deployment to v0.10.0, please review Boundary's general upgrade guide.

Boundary v0.10.0 Highlights

Credential Management of SSH Keys: Boundary 0.10 includes enhancements to credential management, including added support for management of SSH private keys.

SSH Brokering Helper Function: We’ve expanded support for the SSH brokering helper function that allows users to seamlessly connect to machines remotely without having to manually enter their brokered credentials.

Enhanced IAM Workflows in the Boundary Admin UI: Boundary 0.10 introduces enhanced IAM associations to Boundary’s Admin UI, allowing users to expand IAM associations in a project scope to resources such as group members and principals that reside in other scopes.

SSH Credential Injection via Password and Public Key Authentication: HCP Boundary now supports SSH Credential Injection, an active method of injecting credentials into an established connection, so that credentials are never exposed to users. Learn more here.

What's Changed

  • ssh Target Type With Credential Injection (HCP Boundary only): Boundary has gained a new ssh target type. Using this type, username/password or SSH private key credentials can be sourced from vault credential libraries or static credentials and injected into the SSH session between a client and end host. This allows users to securely SSH to remote hosts while never being in possession of a valid credential for that target host.
  • SSH Private Key Credentials: There is now an ssh_private_key credential type that allows submitting a username/private key (and optional passphrase) to Boundary for use with credential injection or brokering workflows.
  • boundary connect ssh Credential Brokering Enhancements: we have extended support into the boundary connect ssh helper for brokered credentials of ssh_private_key type; the command will automatically pass the credentials to the ssh process (PR).
  • boundary authenticate, boundary accounts: Enables use of env:// and file:// syntax to specify location of a password

For more detailed information of all changes since 0.9.0, please refer to the Changelog

Edit this page on GitHub