HashiCorp Boundary

Session broker from HashiCorp, pairs with Vault for JIT credential injection

ToolPrivileged Access ManagementOpen SourceCloudSelf-hosted

Pricing: Free (OSS); HCP Boundary from $0.024/session/hr

Updated February 2026.

What is HashiCorp Boundary?

HashiCorp Boundary is an identity-aware session broker for remote access to infrastructure. It pairs naturally with HashiCorp Vault to provide just-in-time credential brokering: users authenticate with Boundary using their identity provider, Boundary requests short-lived credentials from Vault, and injects them into the session without exposing them. Boundary is open source (MPL 2.0) with a commercial HCP Boundary cloud offering.

Best for: Teams already invested in HashiCorp tooling who want unified secrets + session access
Pros
  • Natural fit for teams already running HashiCorp Vault
  • Open source core with no license cost
  • Terraform-native workflow for declarative access policies
  • HCP option removes operational overhead
Cons
  • Younger product; smaller community than Teleport
  • Session recording requires Enterprise tier
  • Best value comes bundled with Vault. Less compelling standalone
  • Fewer enterprise integrations than legacy PAM

Key Features

Identity-aware session brokering for SSH, RDP, databases
Credential injection via HashiCorp Vault integration
Targets and host catalogs for dynamic discovery
Role-based access with SSO integration
Session recording (Enterprise/HCP tier)
Works across multi-cloud and on-premises
Terraform provider for infrastructure-as-code auth policies
HCP Boundary managed cloud offering
Ingress workers for private network access
Audit events and session telemetry

HashiCorp Boundary Comparisons

HashiCorp Boundary vs CyberArkHashiCorp Boundary vs BeyondTrustHashiCorp Boundary vs StrongDMHashiCorp Boundary vs TeleportHashiCorp Boundary vs One IdentityHashiCorp Boundary vs DelineaHashiCorp Boundary vs ManageEngine PAM360HashiCorp Boundary vs SailPoint

What People Are Saying

Real discussions and resources from the community.

Boundary on r/devops
Reddit
Boundary GitHub repository
GitHub
Quick Info
PricingFree (OSS); HCP Boundary from $0.024/session/hr
ModelOpen Source + HCP cloud tiers
Founded2020
CloudYes
Self-HostedYes
Open SourceYes
Visit Website →View on GitHub →

Last updated: Feb 20, 2026

HashiCorp Boundary Alternatives
View All Alternatives
Teleport
Modern identity-aware access for SSH, Kubernetes, databases,...StrongDM
Infrastructure access proxy with credential injection and se...HashiCorp Vault
Industry-standard open-source secrets management platform...CyberArk Privilege Cloud
Market-leading enterprise PAM delivered as a SaaS...
Certifications
SOC 2 Type 2