{"id":13461405,"url":"https://github.com/hashicorp/boundary","last_synced_at":"2026-04-07T17:01:07.301Z","repository":{"id":37006300,"uuid":"232630362","full_name":"hashicorp/boundary","owner":"hashicorp","description":"Boundary enables identity-based access management for dynamic infrastructure. ","archived":false,"fork":false,"pushed_at":"2025-05-09T21:48:24.000Z","size":98688,"stargazers_count":3922,"open_issues_count":162,"forks_count":291,"subscribers_count":200,"default_branch":"main","last_synced_at":"2025-05-11T13:59:37.966Z","etag":null,"topics":["hacktoberfest","hashicorp","security","zero-trust"],"latest_commit_sha":null,"homepage":"https://boundaryproject.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hashicorp.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-01-08T18:24:07.000Z","updated_at":"2025-05-11T12:52:25.000Z","dependencies_parsed_at":"2023-10-05T00:00:32.179Z","dependency_job_id":"e95c913d-1e81-40bd-8912-67012f999720","html_url":"https://github.com/hashicorp/boundary","commit_stats":{"total_commits":4330,"total_committers":176,"mean_commits":"24.602272727272727","dds":0.7884526558891455,"last_synced_commit":"e5b655b9e591220f904c4803e454e27a44d99104"},"previous_names":[],"tags_count":176,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hashicorp%2Fboundary","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hashicorp%2Fboundary/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hashicorp%2Fboundary/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hashicorp%2Fboundary/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hashicorp","download_url":"https://codeload.github.com/hashicorp/boundary/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253576264,"owners_count":21930169,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","hashicorp","security","zero-trust"],"created_at":"2024-07-31T11:00:38.040Z","updated_at":"2025-12-14T21:53:42.918Z","avatar_url":"https://github.com/hashicorp.png","language":"Go","funding_links":[],"categories":["Go","hacktoberfest","security"],"sub_categories":[],"readme":"# Boundary\n\n- What is Boundary: https://developer.hashicorp.com/boundary/docs/what-is-boundary\n- Website: https://www.developer.hashicorp.com/boundary/\n- Forums: [HashiCorp Discuss](https://discuss.hashicorp.com/c/boundary/)\n- Documentation: [https://developer.hashicorp.com/boundary/docs](https://developer.hashicorp.com/boundary/docs)\n- Tutorials: [HashiCorp's Learn Platform](https://developer.hashicorp.com/boundary/tutorials)\n\n\u003cimg alt=\"Boundary\" src=\"boundary.png\" alt=\"Image\" width=\"500px\"/\u003e\n\nBoundary is an identity-aware proxy that provides a simple, secure way to access hosts and critical systems on your network.\n\nWith Boundary you can:\n\n* Integrate with your IdP of choice using OpenID Connect, enabling users to securely sign-in to their Boundary environment\n* Provide just-in-time network access to network resources, wherever they reside\n* Manage session credentials via a native static credential store, or dynamically generate unique per-session credentials by integrating with HashiCorp Vault\n* Automate discovery of new endpoints\n* Manage privileged sessions using Boundary’s session controls\n* Standardize your team's access workflow with a consistent experience for any type of infrastructure across any provider\n\n\nBoundary is designed to be straightforward to understand, highly scalable, and\nresilient. It can run in clouds, on-prem, secure enclaves and more, and does not require\nan agent to be installed on every end host, making it suitable for access to managed/cloud services and container-based workflows in addition to traditional host systems and services.\n\n\u003cvideo controls\u003e\n  \u003csource src=\"https://www.datocms-assets.com/2885/1694719896-how-boundary-works-v3.mp4\" type=\"video/mp4\" alt=\"Watch the video\" /\u003e\n\u003c/video\u003e\n\nFor more information, refer to \"[What is Boundary?](https://developer.hashicorp.com/boundary/docs/what-is-boundary)\" on the Boundary website.\n\n## Getting Started\n\nBoundary consists of two server components:\n\n* **Controller**, which serves the API and coordinate session requests\n* **Workers**, which perform session handling\n\nA real-world Boundary installation will likely consist of one or more\ncontrollers paired with one or more workers. A single Boundary binary can act\nin either, or both, of these two modes.\n\nAdditionally, Boundary provides a Desktop client and CLI for end-users to request and establish\nauthorized sessions to resources across a network.\n\n\u003cimg src=\"boundary_desktop_example.gif\" alt=\"Boundary Desktop GIF\" width=\"66%\" height=\"66%\" loop=\"true\"\u003e\n\nBoundary does _not_ require software to be installed on your hosts and services.\n\n## Requirements\n\nBoundary has two external dependencies:\n- A SQL database\n- At least one KMS\n\n### SQL database\nThe database contains Boundary's configuration and session information. The\ncontroller nodes must be able to access the database.\n\nValues that are secrets (e.g credentials) are encrypted in the database. Currently, PostgreSQL is supported as a database and has been tested with Postgres 12 and above.\n\nBoundary uses only common extensions and both hosted and self-managed instances are supported. In most instances, all that you need is a database endpoint and the appropriate credentials.\n\n### KMS\nBoundary uses KMS keys for various purposes, such as protecting secrets, authenticating workers, recovering data, encrypting values in Boundary’s configuration, and more. Boundary uses key derivation extensively to avoid key sprawl of these high-value keys.\n\nYou can use [any cloud KMS or Vault's Transit Secrets Engine to satisfy the KMS requirement](https://developer.hashicorp.com/boundary/docs/configuration/kms).\n\n## Trying out Boundary\n\nRunning Boundary in a more permanent context requires a few more steps, such\nas writing some simple configuration files to tell the nodes how to reach their\ndatabase and KMS. The steps below, along with the extra information needed\nfor permanent installations, are detailed in our [Installation Guide](https://developer.hashicorp.com/boundary/docs/deploy/self-managed/install).\n\n\u003e ⚠️  Do _not_ use the `main` branch except for dev or test cases. Boundary 0.10 introduced release branches which should be safe to track, however, migrations in `main` may be renumbered if needed. The Boundary team will not be able to provide assistance if running `main` over the long term results in migration breakages or other bugs.\n\n### Download and Run from Release Page\n\nDownload the latest release of the server binary and appropriate desktop\nclient(s) from our [downloads page](https://developer.hashicorp.com/boundary/downloads)\n\n## Quickstart with Boundary Dev\n\nBoundary has a `dev` mode that you can use for testing. In `dev` mode, you can start both a\ncontroller and worker with a single command, and they have the\nfollowing properties:\n\n* The controller starts a PostgreSQL Docker container to use as storage.\n  This container will be shut down and removed, if possible, when the\n  controller is shut down gracefully.\n* The controller uses an internal KMS with ephemeral keys\n\n### Building from Source\nIf you meet the following local requirements, you can quickly get up and running with Boundary:\n- Go v1.21 or greater\n- Docker\n- Either the [Boundary UI dependencies](https://github.com/hashicorp/boundary-ui#prerequisites)\n  for locally building the ui assets\n  or [gh cli](https://cli.github.com) for downloading pre-built ui assets.\n\nSimply run:\n\n  ```make install```\n\nThis will build Boundary. (The first time this is run it will fetch and compile\nUI assets; which will take a few extra minutes.) Once complete, run Boundary in\n`dev` mode:\n\n  ```$GOPATH/bin/boundary dev```\n\nPlease note that development may require other tools; to install the set of\ntools at the versions used by the Boundary team, run:\n\n  ```make tools```\n\nWithout doing so, you may encounter errors while running `make install`. It is important\nto also note that using `make tools` will install various tools used for Boundary\ndevelopment to the normal Go binary directory; this may overwrite or take precedence\nover tools that might already be installed on the system.\n\n### Start Boundary\n\nStart the server binary with:\n\n  ```boundary dev```\n\nThis will start a Controller service listening on `http://127.0.0.1:9200` for\nincoming API requests and a Worker service listening on `http://127.0.0.1:9202`\nfor incoming session requests. It will also create various default resources and\ndisplay various useful pieces of information, such as a login name and password\nthat can be used to authenticate.\n\n### Configuring Resources\n\nFor a simple test of Boundary in `dev` mode you don't generally need to\nconfigure any resources at all! But it's useful to understand what `dev` mode\ndid for you so you can then take further steps. By default, `dev` mode will\ncreate:\n\n* The `global` Scope for initial authentication, containing a Password-type\n  Auth Method, along with an Account for login.\n* An organization Scope under `global`, and a project Scope inside the\n  organization.\n* A Host Catalog with a default Host Set, which itself contains a Host with the\n  address of the local machine (`127.0.0.1`)\n* A Target mapping the Host Set to a set of connection parameters, with a\n  default port of `22` (e.g. SSH)\n\nYou can go into Boundary's web UI or use its API to change these\ndefault values, for instance if you want to connect to a different host or need\nto modify the port on which to connect.\n\n### Making the Connection\n\nNext, let's actually make a connection to your local SSH daemon via Boundary:\n\n1. Authenticate to Boundary; using default `dev` values, this would be `boundary\n   authenticate password -auth-method-id ampw_1234567890 -login-name admin\n   -password password`. (Note that if you do not include the `password` flag you\n   will be prompted for it.)\n2. Run `boundary connect ssh -target-id ttcp_1234567890`. If you want to adjust\n   the username, pass `-username \u003cname\u003e` to the command.\n\nCheck out the possibilities for target configuration to test out limiting (or increasing) the\nnumber of connections per session or setting a maximum time limit; try canceling\nan active session from the sessions page or via `boundary sessions`, make your\nown commands with `boundary connect -exec`, and so on.\n\n### Going Further\n\nThis example is a simple way to get started but omits several key steps that\ncould be taken in a production context:\n\n* Using a firewall or other means to restrict the set of hosts allowed to\n  connect to a local service to only Boundary Worker nodes, thereby making\n  Boundary the _only_ means of ingress to a host\n* Using the [Boundary Terraform provider](https://registry.terraform.io/providers/hashicorp/boundary/latest) to easily integrate Boundary with your\n  existing code-based infrastructure\n* Pointing a BI tool (PowerBI, Tableau, etc.) at Boundary's data warehouse to\n  generate insights and look for anomalies with respect to session access\n\n----\n\n**Please note**: We take Boundary's security and our users' trust very\nseriously. If you believe you have found a security issue in Boundary,\n_please responsibly disclose_ by contacting us at\n[security@hashicorp.com](mailto:security@hashicorp.com).\n\n----\n\n## Contributing\n\nThank you for your interest in contributing! Please refer to\n[CONTRIBUTING.md](https://github.com/hashicorp/boundary/blob/main/CONTRIBUTING.md) for guidance.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhashicorp%2Fboundary","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhashicorp%2Fboundary","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhashicorp%2Fboundary/lists"}