OpenBao strides forward in the enterprise
This is a guest post for Computer Weekly Open Source Insider written by Aiman Alsari, in his role as head of Asia Pacific for cloud-native security at ControlPlane.
Alsari write in full as follows…
When HashiCorp shifted its licensing model to the Business Source License (BUSL) a couple of years ago, it sent undeniable ripples through the open source pond.
In response, IBM helped spearhead a spirited fork, launching OpenBao (an open source, community-driven secrets manager and fork of Vault managed by the Linux Foundation’s OpenSSF)into the wild alongside other notable open source rebellions like OpenTofu.
Then came the plot twist: in a rather fascinating turn of events, IBM went ahead and bought HashiCorp outright.
Observers might be forgiven for thinking such a corporate manoeuvre would take the wind out of OpenBao’s sails. Not so. The community has simply kept trucking away over the last couple of years, keeping heads down and consistently shipping robust releases.
Sovereignty and support
In the early days, the industry witnessed a massive surge of interest emanating primarily from central Europe.
Driven by a pressing enterprise need for digital sovereignty, big players like SAP were quick to look at what OpenBao had to offer. Fast forward to today, and that interest has grown rapidly worldwide. Just recently, heavyweights including Nvidia, Broadcom, and GitLab have publicly announced their support and adoption of the project.
A number of open source security specialist vendors, such as ControlPlane, have also come to the table to provide more affordable enterprise support and have hired core maintainers.
Roadmap reality
So what is the roadmap here?
Alsari: Have events taken the wind out of OpenBao’s sails? No… the community has kept trucking over the last couple of years with heads down, consistently shipping robust releases.
One of the project’s primary goals is to achieve true enterprise feature parity with upstream – encompassing high availability and disaster recovery (HA/DR), multi-tenant namespacing, Hardware Security Module (HSM) support and more – while keeping it all free and completely open.
While maintaining API compatibility remains a core objective, the development team has realised that without the rigid constraints of formal backwards compatibility, innovation can happen at a substantially faster pace.
With a healthy contingent of ex-HashiCorp developers, partners, and resellers now fully on board, the project’s brain trust knows exactly where the enterprise pain points are and where the real market demand lies.
New innovations
A case in point is OpenBao version 2.6, but why is this so?
One of the standout features landing in v2.6 is the introduction of server-side workflows. This function is specifically designed to allow platform teams to implement their own organisation-governed, self-service models.
In many real-world enterprise scenarios, strict organisational security policy dictates that secrets must be rotated within a specific time period or perhaps annotated with highly specific metadata for audit and reporting purposes. Server-side workflows directly address this, allowing platform engineering teams to seamlessly customise OpenBao to their specific organisational needs using a number of modular building blocks.
As Alex Scheel, a core OpenBao maintainer, puts it, “By introducing server-side workflows, the project provides platform teams with the exact building blocks needed to enforce compliance without becoming a bottleneck. It is fundamentally about customising the security platform to fit complex organisational needs, rather than forcing an organisation to bend to the limitations of the tool.”
With strong community backing, a suite of enterprise-grade features, and an increasingly global footprint, OpenBao appears to be proving that sometimes the best way to predict a project’s future is to fork it and build it independently.
