Strengthening security and consistency in the cloud with Red Hat and HashiCorp

Over the last year, Red Hat and HashiCorp have collaborated to create integrations that bring together infrastructure automation and secrets management. Our existing Red Hat Ansible Certified Content Collections have enabled organizations to use HashiCorp Vault, HashiCorp Terraform, and Red Hat Ansible Automation Platform for infrastructure automation and secrets management.

HashiCorp Vault integration for secrets management

The Red Hat Ansible Certified Content Collection for HashiCorp Vault has enhanced how teams handle sensitive credentials in automated workflows. With version 1.0 and beyond, organizations can dynamically access secrets from playbooks, create and manage Key/Value Version 2 (KV2) secrets, and take advantage of Vault's powerful capabilities for secret rotation and time-bound access. This integration addresses one of the most critical challenges in modern infrastructure automation: helping to keep credentials from becoming a security liability. Building on this foundation, Red Hat plans to further enhance the hashicorp.vault collection, focusing on creating and managing secrets and certificates.

HashiCorp Terraform integration for infrastructure lifecycle

Our Red Hat Ansible Certified Content Collection for HashiCorp Terraform enables integrated infrastructure-as-code (IaC) workflows, supporting both Terraform Enterprise and HashiCorp Cloud Platform (HCP) Terraform. Organizations use this integration to orchestrate the complete infrastructure lifecycle, with Terraform handling declarative provisioning and Ansible Automation Platform managing ongoing configuration and operational tasks. The bidirectional integration includes the official Ansible Automation Platform provider for Terraform, allowing Terraform to trigger Ansible workflows for comprehensive infrastructure automation.

The power of combined automation

These integrations have enabled organizations to build end-to-end automation workflows that are both powerful and security-focused. Teams can provision infrastructure with Terraform, configure and manage it with Ansible Automation Platform, and help secure the entire workflow with Vault, all working together in a unified workflow.

Next evolution: OIDC-based authentication for enhanced security and zero trust

While our existing integrations have delivered significant value, there is an opportunity to further strengthen security and simplify authentication workflows, aligning with zero trust principles. At Red Hat Summit, we are unveiling Ansible Automation Platform 2.7's new capability to serve as an OpenID Connect (OIDC) Identity Provider using HashiCorp Vault. Ansible Automation Platform will act as an OIDC Identity Provider (IdP), establishing a trust relationship with HashiCorp Vault. This architectural shift helps simplify security management by making Ansible Automation Platform the single source of authentication and access control, reinforcing the "never trust, always verify" model inherent in zero trust.

Here's how it works:

1. Ansible Automation Platform as the trust anchor: Ansible Automation Platform becomes the central identity provider, issuing JWT (JSON web token) tokens for authenticated workflows.
2. Streamlined authentication: Instead of managing separate credentials for Vault access, Ansible Automation Platform workflows use their native JWT tokens to authenticate directly to Vault.
3. Short-lived token exchange: Vault validates the Ansible Automation Platform JWT and issues short-lived, scoped tokens specifically for secret retrieval.
4. Automatic credential lifecycle: Tokens expire automatically, reducing the risk of long-lived credentials and the attack surface.

The security advantage

This OIDC integration delivers an opportunity for the following improvements:

• Time-limited credentials: Every interaction with Vault uses ephemeral tokens that expire quickly, reducing exposure if credentials are compromised.
• Centralized identity management: Ansible Automation Platform serves as the single source of truth for access control, simplifying audit trails and access reviews.
• Reduced credential sprawl: Eliminating the need for separate Vault authentication credentials means fewer secrets to manage, rotate, and secure.
• Zero standing privileges: Automation workflows receive only the permissions they need, only when they need them, for as long as required.
• Enhanced compliance: The OIDC authentication flow creates detailed audit logs that map every secret access back to specific Ansible Automation Platform workflows and users.

For organizations operating in regulated industries or maintaining strict security postures, this integration provides the foundation for zero trust automation architectures. Automation no longer requires permanent credentials. Instead, secret access is authenticated, authorized, and time-bound.

The OIDC integration represents our continued commitment to making enterprise automation both powerful and security-enhanced by default. By combining Ansible Automation Platform's workflow orchestration, HashiCorp Terraform's infrastructure provisioning, and HashiCorp Vault's secrets management, all connected through standards-based OIDC authentication, organizations are enabled to build automation platforms that scale safely across hybrid cloud environments.

We're excited to demonstrate this capability in a session at Red Hat Summit 2026 in Atlanta.

If you can’t make it to Red Hat Summit, we’ll be reviewing these integrations in a webinar. Register here.

Learn more:

• Streamline secrets management with Red Hat and HashiCorp solution page
• Automate infrastructure lifecycle management with Red Hat and HashiCorp Terraform solution page