I know, it’s a little late, but I want to finally wrap up this report on an incredible journey that took me through two amazing events: Platmosphere in Milan and HashiDays in London.
In this post, I want to explore what I’ve learned about security without compromise, focusing on HashiCorp Vault and Terraform Cloud: two pillars for enabling secure, automated, and scalable infrastructure.
The destiny of HashiCorp Platform Vault Secret and my Presentation
Vault Secrets is no more.
On June 30th, HashiCorp officially announced the shutdown of the Vault Secrets feature within the HashiCorp Cloud Platform (HCP). The company decided to consolidate secret management under HashiCorp Vault, either through the self-managed (Community or Enterprise) version or directly through HCP Vault. (https://developer.hashicorp.com/hcp/docs/vault-secrets/end-of-sale-announcement)
At first glance, this decision felt like a punch to the heart… especially for those of us passionate about implementing Zero Trust principles in Infrastructure as Code, and who appreciated how easy it was to exchange secrets and manage security through Terraform Cloud.
But looking deeper, this is not the end: it’s an evolution. For anyone seriously implementing secure secret management in real-world environments, Vault (and cloud-native secret management solutions) remains the right way forward. It reinforces the idea that security should never be a shortcut, but an integral, well-architected part of every workflow.
My HashiDays London Presentation: Secure Authentication and Secrets-as-Code Management
At HashiDays London, I had the honor of presenting “Mastering Secure Authentication & Secret Management with Vault and Terraform.” The session explored one of the most critical and often underestimated challenges in modern infrastructure: << how to integrate your Cloud Provider with HashiCorp Platform and how to better start using Infrastructure as Code with secret and with the correct separation of duties>>.
I started by addressing a key pain point that every organization faces: static credentials, hardcoded secrets, and manual secret rotation. These practices still exist in many environments and can easily lead to security breaches or compliance issues. What’s even more concerning is that many cloud implementations still rely on static access keys and secret keys to authenticate services and users. Today, OpenID Connect (OIDC) is becoming the de facto standard for implementing secure, short-lived, and identity-based authentication in the cloud. By adopting OIDC, organizations can eliminate static credentials entirely, allowing platforms like Terraform Cloud or Vault to authenticate dynamically and securely with cloud providers.
Through HashiCorp Vault Secret and Terraform Cloud, I demonstrated how we can move towards a zero-trust model, where secrets are never manually exposed and are dynamically generated and revoked as needed. In a nutshell, I demonstrated with a real-life example some concepts like:
-
Terraform integration with Vault for automated secret retrieval
-
Dynamic secrets generated on demand, reducing exposure windows
-
IAM-based authentication to replace static credentials
-
How this approach fits naturally within Platform Engineering practices, enabling teams to automate security without slowing down delivery
While the live demo wasn’t possible due to time constraints, the session showcased real-world workflows that combined Terraform Cloud for infrastructure automation and Vault for secure secret delivery.
For me, this session wasn’t just a technical walkthrough; it represented a bridge between platform automation and security by design: a perfect reflection of what I’ve been learning and sharing through communities like VMUG, HashiCorp User Groups, and the experiences gained in my daily job.
Watch the full session here:
On-demand video: 28oGjigfPYk
What’s Next: Leveling Up with Vault and AWS Secrets Manager
Presenting at HashiDays London was not just a milestone; it was a turning point. It made me realize that secure automation is a journey, not a destination. The next step for me is to take this topic even further by implementing HashiCorp Vault and AWS Secrets Manager in real-world enterprise scenarios, showing how both can coexist and complement each other.
This “level up” will not only expand on what I presented at HashiDays but also align with what I experienced at Platmosphere Milan, where platform engineering is evolving to integrate security, automation, and collaboration into a unified ecosystem.
Artificial Intelligence is now becoming the radar that guides both technologies: influencing how we code, automate, and operate. From coding assistants to agentic AI, these innovations are helping platform teams evolve in the right direction, balancing security, velocity, and stability.
As I continue this journey, my focus remains the same: helping teams build platforms that are not only automated and scalable but also secure by default.