rangizzz - stock.adobe.com
As enterprise DevOps evolves to focus on internal developer platforms delivered by platform engineers, vendors are burnishing their wares to keep pace.
Development platforms emerged as a mainstream trend a year ago around the same time as KubeCon + CloudNativeCon. Presenters from enterprise IT organizations such as Intuit spoke about the ways DevOps, which previously focused on full-stack engineers managing both infrastructure and applications, had morphed into platform engineering teams serving internal developer customers with pre-configured platforms.
An October 2022 IDC report predicted that 60% of organizations looking to scale DevOps would adopt an internal developer platform (IDP) to provide self-service infrastructure, deployment pipelines and other internal services by 2025. A Gartner study put that prediction at 80% by 2026.
Thus, developer platforms, sometimes called IDPs, have been the focus of a fresh vendor gold rush in IT automation. It was a trend anticipated by vendors such as VMware in 2021 with its Tanzu Application Platform, which was built with platform engineers and developer self-service in mind. This year, to cater to the developer platform trend, Red Hat added the Red Hat Developer Hub, based on the open source project Backstage, in May. The open source Crossplane project has also gained momentum by expanding the Kubernetes API to encompass non-container infrastructure management with platform engineers in mind.
HashiCorp made its first foray into platform engineering with a public beta release of its Waypoint tool a year ago, while Pulumi rolled out a GitOps-as-a-service beta product called Pulumi Deployments. This week, both companies, which began as infrastructure as code (IaC) competitors, expanded security automation features for platform engineers that preserve choice for their developer users.
Furthermore, HashiCorp shipped a fresh beta release and revealed a strategy pivot for Waypoint this week, while Pulumi made a product package named Pulumi for Platform Teams generally available. Both updates place Pulumi and HashiCorp in direct competition in new markets beyond IaC.
"HashiCorp and Pulumi are attacking the same opportunity with different approaches," said Donnie Berkholz, chief analyst at Platify Insights, a tech industry analysis firm. "They're both going after multi-cloud secrets management … in distinct ways that leverage their existing positions [and] aim to leverage the growing trends of IDPs and platform engineering."
Pulumi ESC vs. HashiCorp Vault Secrets sync
While Pulumi's Environments, Secrets and Configurations (ESC) management tool and HashiCorp's Vault Secrets sync feature -- both released this week -- are scoped differently, each product represents a significant expansion for its respective vendor in security automation.
Vault Secrets sync functionality, introduced with HashiCorp Cloud Platform Vault Secrets in June, was released in beta for the self-managed Vault Enterprise 1.15 this week. Platform engineers can use it to define secrets -- bits of data used to broker access to IT resources, such as passwords and encryption keys -- in HashiCorp Vault but allow developers to consume them in third-party secrets management products, including AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, GitHub Actions, and Vercel.
"The goal and, I think, the realization is that, ultimately, you might have platform-native capabilities that only understand the local secret manager," HashiCorp co-founder and CTO Armon Dadgar said during a keynote presentation at HashiConf this week. "But you don't want to have to define and manage the secret in multiple places, do rotation in multiple places, have to audit that, and do change management. What this lets you do is define everything in one place and treat Vault as your system of record."
Pulumi's ESC doesn't rely on one secrets manager, instead creating a centralized interface to manage secrets across combinations of tools that may include HashiCorp Vault. ESC also encompasses configuration management for developer platform environments, such as network settings and deployment environment variables. This puts ESC's scope well beyond Vault Secrets sync, although HashiCorp has similar features in products such as Terraform and Boundary. Finally, Pulumi ESC is separate from Pulumi's IaC and associated platform tools. It could theoretically also be used with Terraform.
"As a dominant modern vendor, HashiCorp is using its gravity to pull customers into its platform as the sole solution for secrets management across clouds and on premises," Berkholz said. "Pulumi, however, is going to where its potential customers are. It's taking a federated approach with secrets that allows customers to continue using their existing solutions, rather than centralizing them like HashiCorp."
Both companies' updates this week turned heads among existing customers.
"Secrets management is the one last manual process that we're dealing with" at one large airline client, said Rob Lazzurs, director of technology at Amach Software, a digital transformation consultancy in Dublin, Ireland. "We still have experts going in and taking secrets from third parties and so on and putting them in [secrets management systems from AWS]. And the access controls around those [other services] are not as fine grained as we would like them to be or have with Vault."
Pulumi ESC could offer that "single source of truth" for data that isn't just limited to secrets, said Dennis Sauve, DevOps engineer at Washington Trust Bank, which has used Pulumi tools since March 2022.
"With one line [of code], we can import that environment in the cloud and bring it into the project, [but] we can override specific variables," Sauve said. "And it's one place to look for those values instead of having to hunt and peck between [application stacks]."
Developer platform competition heats up with Waypoint pivot
Both companies are also vying to expand their reach with new platform engineering product strategies. HashiCorp said this week it will pivot Waypoint from a focus on continuous deployment for developers to encompass more parts of the application delivery lifecycle for platform engineers.
To accompany this news, HashiCorp rolled out public beta releases of Waypoint templates and add-ons for its other products, along with Backstage, that are "designed to help platform teams standardize application patterns in their organizations and provide golden workflows to their development teams."
Donnie BerkholzAnalyst, Platify Insights
At the same time, Pulumi released Pulumi for Platform Teams, a pre-packaged infrastructure platform that includes a Developer Portal with a Backstage plugin; Pulumi Deployments with new support for ephemeral environments, Slack and Teams notifications and self-hosted automation runners; Pulumi Compliance-Ready Policies as code; and automated policy remediation.
Contrasting approaches to open source software can't be overlooked as a factor in the broadening competition between these two vendors, said Larry Carvalho, an independent analyst at Robust Cloud.
"The fact that HashiCorp pulled out of the open source movement and is now supporting Backstage gives them less relevance than Pulumi supporting Backstage, which is gaining momentum in open source," Carvalho said.
Both companies face several developer platform competitors. HashiCorp, founded in 2012 and a publicly traded company since 2021, remains a much larger and more established vendor than Pulumi, founded in 2017 and privately funded. However, Pulumi's funding recently increased substantially with a $41 million Series C round announced earlier this month.
"Getting funding in this [macroeconomic] environment is pretty good," Carvalho said. "[Investors are] willing to put some money behind them. That's a big, big deal."
Beth Pariseau, senior news writer at TechTarget, is an award-winning veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.