OpenBao logo
In the Open Source Summit Japan, Sebastian Stadil, co-founder and CEO of DevOps automation business Scalr and one of the organizers of OpenTofu, a fork of Terraform, revealed details about the project, called OpenBao.
The work of this new project goes hand in hand with IBM engineers who work on Open Horizon within the Linux Foundation and are mentioned to have started working last month on an open source alternative to HashiCorp Vault in response to HashiCorp's move to a commercial source license in August (HashiCorp moved its products to a proprietary BSL 1.1 license, which restricts the use of code in cloud systems that compete with HashiCorp products and services).
"OpenBao" is the new project, which is a fork of Vault which will continue development of the Hashicorp Vault storage codebase under the MPLv2 license (Mozilla Public License) and will be under the auspices of the Linux Foundation.
The OpenBao community intends to provide this software under an OSI-approved open source license, run by a community governed under open governance principles.
For those who are unaware of Hashicorp Vault, you should know that it provides tools to manage, store and distribute certificates, keys, API tokens, passwords and other confidential information, as well as to organize access to secret data, maintain an audit trail, generate passwords and tokens. Hashicorp announced that it will no longer release patches for MPL-licensed versions of Hashicorp Vault after December 31, 2023.
The license change is explained by the desire to maintain financing for its developments in the face of the inability of classic licensing models to resist the parasitism of companies using ready-made open source codes from HashiCorp developments to create their own commercial cloud products without participating in joint development.
According to a report released a few days ago, Hashicorp's revenue for the fiscal third quarter ending October 31, 2023 reached $146,1 million, a year-over-year increase of 17%. The company's losses decreased from $72 million to $39,5 million.
“Open Horizon's goal is not to compete with Hashicorp Vault and, in fact, they have created a great product that we would like to continue supporting,” Pearson said in an email to TechTarget Editorial this week. “Unfortunately, Linux Foundation projects cannot incorporate BSL-licensed code. Therefore, we have found ourselves in a situation where our alternatives are to switch to a competing product with an open source compatible license or fork an older branch of Vault with an MPL license. and continue to maintain it in the future.
It is mentioned that the Creators of the OpenBao project intend to continue the development of the Hashicorp Vault fork with the participation of a community made up of companies and enthusiasts interested in the project, and using an open governance model. The fork will be derived from the Hashicorp Vault 1.14.x branch and will include all changes released under the MPL 2.0 license.
In addition to this, it is mentioned that The first phase of the OpenBao roadmap focuses on consolidating and improving legacy Vault features, including secure secret storage, dynamic rotation, and fine-grained access control. The goal is to ensure a solid and reliable foundation for current and future users. OpenBao plans to enrich its auditing and compliance capabilities, making it easier for organizations to meet regulatory requirements and security standards.
Then OpenBao aims to expand its support for various cloud platforms and distributed architectures, thus facilitating their integration into complex ecosystems. Special attention will be paid to the development of robust APIs and plugins, allowing easy integration with other tools and systems, thus providing greater flexibility to users.
Finally if you are interested in knowing more about it, you can check the details in the following link