Boundary
Deploy HCP Boundary and log in
HCP Boundary provides secure access to remote hosts and infrastructure endpoints. Boundary enables secure connectivity to cloud service catalogs, on-premise infrastructure, and Kubernetes clusters without needing to manage any of the underlying systems or operations.
Requirements
The Getting Started section uses HCP Boundary, a HashiCorp hosted and fully-managed version of the Boundary product.
To get started with HCP Boundary, users need:
- A HashiCorp Cloud Platform account
- Installation of the Boundary CLI
- A Boundary binary in your
$PATH
- Optionally, an installation of Boundary Desktop
If you prefer to get started on your local machine, refer to Run and Login in Dev Mode. For more information on Boundary Community Edition and self-managed installations, refer to Boundary Community Edition.
Deploy an HCP Boundary cluster
To deploy an HCP Boundary instance:
Navigate to HashiCorp Cloud Platform and login using your credentials.
Click the Boundary tab, and then and click Deploy Boundary on the right-hand pane.
Fill out the following form details:
- Instance Name
- Administrator Username
- Administrator Password
Store the administrator username and password in a safe location. These credentials will be used when authenticating using the Admin Console, CLI, or Terraform.
Click Deploy after completing the form. It may take a few minutes to initialize the HCP Boundary instance.
Log in to HCP Boundary
Once the deployment is complete, the HCP Boundary instance can be accessed directly from the HCP Boundary portal using the credentials created during setup.
From the HCP Boundary portal page, click the Open Admin UI button.
Enter the admin username and password you created when you deployed the new instance, and click Authenticate.
The Welcome to Boundary setup wizard will launch automatically.
There are two options for Boundary’s initial setup:
- Quick setup
- Manual
The Quick setup is recommended for new users, and generates a set of initial resources to assist in connecting to your first target.
The Manual setup drops the user directly into Boundary, without any provisioned resources.
Upon completion of the setup wizard, you will be logged into your HCP Boundary instance's Global scope via the web UI. This is the default scope for all new Boundary clusters.
In the HCP Boundary portal, open the Boundary Overview page, and click the copy icon in the Copy this into Boundary Desktop section. This copies your environment’s Boundary Cluster URL.
Open a terminal session and set the
BOUNDARY_ADDR
environment variable to the copied Cluster URL.$ export BOUNDARY_ADDR=<boundary-cluster-url>
Log in with the administrator credentials you created when you deployed the HCP Boundary instance.
$ boundary authenticate Please enter the login name (it will be hidden): Please enter the password (it will be hidden): Authentication information: Account ID: acctpw_VOeNSFX8pQ Auth Method ID: ampw_wxzojlKJLN Expiration Time: Mon, 13 Feb 2023 12:35:32 MST User ID: u_1vUkf5fPs9 The token was successfully stored in the chosen keyring and is not displayed here.
You are now logged into your HCP Boundary instance's Global scope via the CLI. This is the default scope for all new Boundary clusters.
If you are on Windows or macOS, the system password store will be used to store
the new token. On any other operating system, you may get an error indicating
that the token could not be stored. Boundary defaults to using
pass on these machines, which uses GNU
Privacy Guard to encrypt values. If it is not available,
the token will be displayed and can be stored in a system of your choice and
passed in via the BOUNDARY_TOKEN
environment variable.
It is recommended to make use of pass
or another alternative (such as any
implementation of the freedesktop.org Secret Service feature). Installation and
configuration of pass
or other alternatives is beyond the scope of this
article; consult the documentation for pass
or your specific OS distribution
help pages.
Note that if -format json
is used on this command, Boundary will not save the
token to the system password store. In this case, the authentication information
will only be printed to your terminal in JSON format. You can use the
BOUNDARY_TOKEN
environment variable or -token
flag to provide the token in
subsequent commands.
Tutorial
- Refer to the Create a Boundary Instance on HCP tutorial to learn how to deploy a Boundary instance.
- Refer to the Install Boundary Desktop tutorial to learn how to use the Boundary desktop to connect to a running HCP Boundary instance.
Next steps
See connecting to your first target for how to use HCP Boundary to run your first SSH session.