Secure Access. Simplified.

HCP Boundary automates remote access workflows with granular authorization based on trusted identities—no SSH keys, VPN, or complex privileged access management controls to manage.

What is HCP Boundary?

HashiCorp Boundary provides an easy way to securely access  critical systems with fine-grained authorizations based on trusted identities. Boundary on the HashiCorp Cloud Platform provides a fully managed, single workflow to securely connect to hosts and critical systems across Kubernetes clusters, cloud service catalogs, and on-premises infrastructure.

Learn how to use HCP Boundary
  • Identity-based access controls for dynamic environments

    Use SSO to manage on- and off-boarding users and IDP integrations to streamline access controls

  • Secure remote access beyond the traditional network perimeter

    Automated workflows to discover targets and proxy access and broker credentials to infrastructure wherever it resides

  • Compliance without the overhead

    Ensures access control, visibility, and session control capabilities regardless of user or operators’ infrastructure

How it works

Authenticate & authorize based on trusted identities

Authenticate into Boundary with any trusted identity provider and authorize access based on granular, logical roles and services.

  • Scale secure remote access in minutes with Terraform

    Get up and running quickly with Boundary Terraform provider to configure logical permission boundaries, users, and targets.

Securely connect to infrastructure targets no matter where they reside

Manage dynamic infrastructure and integrate service registries so hosts and service catalogs are kept up-to-date.

  • Manage host catalogs and targets across clouds for users to access

    At runtime, Boundary ensures that all targets are updated from configured providers or service registries and then serves as a proxy for users.

Access targets without exposing the network or secrets

Reduce risk of leaking credentials with dynamic secrets and just-in-time credentials for credential brokering via Vault. 

  • Short-lived credentials for sessions through Boundary with Vault

    Integrate with Vault to check out short-lived credentials, revoke them once a session is terminated, and rotate dynamic secrets.

Why HCP Boundary

  • Fully-managed secure access made easy

    Get up and running on HCP Boundary on day 1 and leave hosting, software updates, resiliency, and on-call support, to us.

  • Scale secure access in dynamic environments

    Automate and scale secure remote access by defining access controls around logical services instead of IP-based access policies.

  • Best-in-class developer experience

    Standardized access workflows, streamlined user experience, automated target discovery, and integration with Vault.

Access critical infrastructure without exposing the network

Boundary is an identity-aware proxy so that users can authenticate into Boundary to access critical target systems without needing to expose credentials or the network

How Boundary works graphic

Integrate with your existing workflows

GithubawsMicrosoftGCPoktaPing Identity

Integrate with IDP of Choice

Integrate with your IDP, including Azure AD, Okta, and many others that support OIDC.

Learn more

Integrate with Vault Secrets Management

Leverage Vault to broker short-lived secrets to Boundary targets for use in sessions.

Learn more

Get started with HCP Boundary

Get started with Boundary on the HashiCorp Cloud Platform and simplify secure access