LoginSign Up
← Back to all sparks
HashiCorp logo

HashiCorp

DEVOPS
Velocity8.8

Infrastructure tools

hashicorp.com

HashiCorp under IBM is doubling down on agentic IAM and enterprise-scale Terraform.

vaultterraformibm-acquisitionagentic-iamenterprise-governancemulti-cloud
Current state
Now branded 'IBM Vault' in places, HashiCorp is rolling out its post-acquisition strategy on two fronts: native identity management for AI agents in Vault, and a coordinated Terraform refresh spanning 1.15, Enterprise 2.0, and Infragraph-powered HCP in public preview. Recent capability adds across Vault (envelope encryption for streaming workloads, Azure hub-and-spoke GA) and Terraform (cost visibility, project-level notifications) progress the existing surface while the strategic bets ship in parallel.
Where it's heading
Two arcs are clearly pulling: Vault is repositioning as the identity plane for the AI-agent era — issuing, delegating, and tracing credentials for non-human actors — and Terraform is being reorganized around enterprise-scale governance with a single-source-of-truth graph (Infragraph) underneath HCP. The 'AI operating model' marketing layer signals that IBM and HashiCorp are telling enterprise buyers AI is now an operations problem, not an experimentation problem, and HashiCorp is the substrate to operationalize it on.
Prediction
The AI-agent IAM story is the one to expand fastest — agent-policy primitives, OIDC-for-agents, tighter integration with Vault Secrets Operator and Boundary. On the Terraform side, Infragraph graduating from public preview is the next milestone to watch, and likely the moment 'HCP Terraform powered by Infragraph' replaces classic HCP Terraform as the default.

Recent moves

  1. 20h ago

    Encrypting large artifacts and streaming workloads with Vault

    Adds Vault Transit envelope encryption for large artifacts and streaming workloads, removing the requirement to send full payloads through Vault. Pragmatic capability gap closed — relevant for data-heavy pipelines and large model artifacts that previously couldn't be protected via Transit at all.

    View source ↗
  2. 1d ago

    Azure hub-and-spoke generally available for HCP Vault Dedicated

    HCP Vault Dedicated gets GA Azure hub-and-spoke networking, bringing the managed offering's connectivity story closer to AWS-side parity. Useful for Azure-anchored enterprises but a routine GA — incremental progress on the cloud-native managed Vault footprint.

    View source ↗
  3. 6d ago

    The great AI divide: Why early leaders embrace an AI operating model

    Thought-leadership post framing AI as an operations problem rather than an experimentation problem. No product change, but it telegraphs the messaging IBM and HashiCorp will use to position the recent agentic-IAM and Terraform Enterprise 2.0 launches to enterprise buyers.

    View source ↗
  4. 7d ago

    New in Terraform 1.15: Dynamic sources, variable deprecation, and more

    Terraform 1.15 lands meaningful authoring improvements — dynamic module sources, variable deprecation, inline type conversion — plus Windows ARM64 builds and S3 AWS login. A solid incremental release that quietly removes long-standing friction without breaking the module ecosystem.

    View source ↗
  5. 8d ago

    Terraform Enterprise 2.0: Evolving infrastructure operations for scale

    ⚡ SPARK

    Major version of self-hosted Terraform Enterprise targeting scaled operations, governance, and operational complexity — landing the same week as Terraform 1.15 and the Infragraph-powered HCP preview, reading as a coordinated franchise refresh under new ownership.

    View source ↗
  6. 8d ago

    Announcing native AI agent support in HashiCorp Vault

    ⚡ SPARK

    Vault gets a first-party identity model for AI agents — trusted identities, delegated authorization, fine-grained controls, and end-to-end tracing. This is the new strategic vector for Vault under IBM, and reframes the product from 'secrets store' to 'control plane for non-human actors'.

    View source ↗