What is HCP Packer?
HashiCorp Packer is an open source tool that enables you to create identical machine images for multiple platforms from a single source template. The most common use case is creating golden images that teams across an organization can use in cloud infrastructure.
HCP Packer stores metadata about your Packer images so that you can track updates, use the most up-to-date base images, and deploy the most up-to-date downstream images. This bridges the gap between image factories and image deployments, allowing development and security teams to work together to create, manage, and consume images in a centralized way.
Hands On: Try the Get Started with HCP Packer collection on HashiCorp Learn to set up a Packer template, push metadata to the registry, explore the registry UI, and more.
How HCP Packer Works
HCP Packer stores metadata about your images in a centralized registry, including when they were created, the associated cloud provider, and which (if any) Git commit is associated with your image build. It does not store the images themselves, so you will continue storing them in cloud platforms or other services. The HCP Packer registry helps you track information about machine images, clearly designate which images are appropriate for test and production environments, and query the right images to use in both Packer and Terraform configurations.
Both image creators and image consumers can benefit from HCP Packer. Image creators will:
Connect to the Registry: Add the
hcp_packer_registryblock to your HCL Packer template to declare where HCP Packer should store your image metadata, set custom labels, and add a description for the registry UI.
Store Image Metadata: Each time you call
packer build, Packer pushes each image's metadata to an image bucket on the HCP Packer registry. This lets you find and reference specific images from a specific builder at a specific point in time. HCP Packer automatically tracks each image's source images. If your Packer template uses image channels to reference the source images, HCP Packer can display ancestry information in the UI that warns you when images are outdated.
Manage Image Use: Create image channels to let consumers dynamically retrieve the latest image versions. For example, you can create a
productionchannel for images that pass acceptance testing and are ready for production deployment. If an image becomes outdated or a security risk, you can revoke it to prevent consumers from using it to build artifacts. You can revoke access to the image itself, and you can also revoke all of its descendant images.
Image consumers can reference images through both Packer templates and Terraform configuration files. They can use the HCP Packer data source and registry image channels to reference the latest versions of images to build image layers or provision infrastructure.
HCP Packer has a Standard tier and a paid Plus tier available. Larger teams will benefit from the Plus tier, which provides advanced image compliance checks using the Terraform Cloud image validation run task, and will continue to add new features that serve more complex organizational requirements and use cases.
Please submit questions, suggestions, and requests to HashiCorp Discuss.
Looking for Packer fundamentals?
Read core Packer documentation and tutorials, including self-hosted open source docs.