On July 31, 2025, HashiCorp launched Hold Your Own Key (HYOK) support for HCP Terraform, allowing customers to manage encryption for Terraform artifacts. ARTIFACTS often contain sensitive data, but with HYOK, encryption occurs using the customer’s keys before leaving their network. This protects data sovereignty and compliance. A lightweight network agent facilitates operations while ensuring sensitive plaintext secrets do not travel through HashiCorp systems. The workflow produces an encrypted file and a sanitized version for policy checks, significantly enhancing security and compliance.
HashiCorp's Hold Your Own Key (HYOK) support for HCP Terraform allows customers to fully control the encryption keys for sensitive Terraform artifacts, enhancing security.
With HYOK, encryption occurs before artifacts leave the customer's network, utilizing customer-controlled keys from services like AWS KMS or Google Cloud KMS.
The HYOK workflow uses a lightweight agent that requests cryptographic tokens and encrypts artifacts with the customer's key, ensuring plaintext secrets don't exit customer environments.
HYOK improves compliance and security by preventing plaintext secrets from traversing HashiCorp infrastructure, resulting in a sanitized version of files for policy checks.
Collection
[
|
...
]