aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fb0e5ea1ce'
${ noResults }
boundary/website/content/docs/roadmap.mdx

37 lines
3.3 KiB
Raw Blame History Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

---
layout: docs
page_title: Roadmap
description: Boundary Roadmap
---
# Boundary Roadmap
This page introduces the Boundary vision and how we plan to build toward it in the coming year.
## Problem
Today digital organizations are experiencing a paradigm shift away from traditional, perimeter-focused access models. Organizations need security controls that can adapt to their ever-changing landscape of virtual and physical application infrastructure. Traditional access controls--private networks, firewalls, and static credentials--assume a world where credentials and IP addresses for resources dont change frequently, making them tedious to manage at scale in dynamic environments.
## Vision
Boundarys vision is to enable an ephemeral access model that follows the principle of least privilege. To this end:
- Administrators can define granular, identity-based policies that manage and monitor how their infrastructure is accessed.
- Target hosts and services are discovered dynamically so that access policies are enforced even as infrastructure is provisioned just-in-time.
- Access is granted just-in-time at multiple levels - from ephemeral credentials minted by [Vault](https://www.vaultproject.io/) or your preferred secrets management solution to just-in-time role elevations in Boundary that govern what access a user is given.
- Policies can be configured and automated as code.
## Next Steps
For Boundary's upcoming releases, we have a few key product themes that will guide what we'll be delivering:
1. **Automated Target Discovery:** To manage dynamic infrastructure, users will need a way to discover and add newly provisioned hosts to targets while enforcing existing access policies on new instances. Administrators already have the ability to define dynamic host catalogs to discover new hosts based on predefined rules or tags for [AWS](https://learn.hashicorp.com/tutorials/boundary/aws-host-catalogs?in=boundary/configuration) and [Azure](https://learn.hashicorp.com/tutorials/boundary/azure-host-catalogs?in=boundary/configuration). Upcoming releases will provide native integrations for [Consul](https://www.consul.io/) and [Kubernetes](https://kubernetes.io/). As Boundary is built to be plugin-friendly, administrators will also be able to write their own custom plugins for additional dynamic host catalogs.
2. **Credential Management:** Boundarys SSH credential brokering integration with [Vault](https://www.vaultproject.io/) enables users to access targets with just-in-time, ephemeral secrets. On the roadmap is support for SSH signed certificates, a more secure method of SSH authentication using certificates. With this feature, Vault acts as the Certificate Authority and issues the signed certificates, which Boundary will broker back to the user and to the target.
3. **Observability:** To measure the health of the internal states of a system by examining the outputs, Boundary will provide a secure method by which Boundary operators and administrators can consume the critical health metrics and export its observability data to Prometheus metrics.
## Give Feedback
This roadmap is built based on where we see needs based on feedback from our customers. If you have an unaddressed need in this roadmap then let us know! You can [provide feedback](https://github.com/hashicorp/boundary/issues/new/choose) on Boundarys repo.
Reference in new issue View Git Blame Copy Permalink