HashiCorp today launched a series of tools to address everything from streamlining the way infrastructure is managed and applications are delivered to how secrets are kept.

Announced at the HashiConf Global conference, these latest offerings extend the Terraform and Vault portfolio to enable DevOps teams to programmatically automate DevSecOps workflows.

Specific capabilities added to HashiCorp Terraform and Terraform Cloud include a test framework to, for example, reduce misconfigurations along with, in beta, tools for generating tests, tools for launching tests across integrated Terraform modules and a private preview of tools for provisioning infrastructure at scale. In addition, the company is generally making available an enhanced editor for finding and resolving errors in code created using Visual Studio Code.

In terms of costs, Hashicorp is also making generally available an ephemeral workspaces capability to limit the amount of infrastructure resources consumed by Terraform itself.

At the same time, HashiCorp has extended Waypoint on the HashiCorp Cloud Platform (HCP) to define golden paths and workflows for application delivery using templates and add-on modules that make it simpler to identify dependencies. Waypoint was previously announced and is still in beta.

Finally, Hashicorp is adding an alpha edition of HCP Vault Radar, a tool to scan, identify and remediate secrets inadvertently stored in software, in addition to making HCP Vault Secrets generally available and adding a secrets synchronization capability, available in beta for Vault Enterprise and HashiCorp Vault 1.15. HCP Vault Radar is based on technology that HashiCorp gained with the acquisition of BluBracket. HCP Vault Radar will be available in beta in early 2024.

Chris Van Wesep, senior director for product marketing for HashiCorp, said, in general, the company is committed to making it easier to securely manage IT infrastructure and applications at scale across multiple IT environments.

While infrastructure-as-code (IaC) tools such as Terraform have been a boon to productivity, the developers that typically employ these tools have little to no cybersecurity expertise so it’s not uncommon for mistakes to be made. The issue organizations are struggling with today is cybercriminals have become more adept at exploiting those vulnerabilities.

At the same time, secrets management has become a significant issue because many developers will store secrets in plain text to streamline workflows while building an application. Unfortunately, many of these secrets wind up being exposed in a production environment simply because no one remembered to remove them.

It’s not clear to what degree organizations are centralizing the provisioning of IT infrastructure to improve cybersecurity. As forthcoming regulations increasingly require them to lock down their software supply chains, however, it’s only a matter of time before most organizations that build software will need to revisit their DevSecOps workflows.

In the meantime, the hope is those goals can be achieved without adversely impacting developer productivity. The level of cognitive load on developers today is already too high, so the more processes are automated, the less time developers should have to spend managing infrastructure. The challenge, as always, is achieving that goal in a way developers will actually embrace.