BlogHashiCorp ConsulHashiCorp VaultHashiCorp TerraformHashiCorpInfrastructure AutomationAutomation
Blog8 minute read

HashiConf '25

HashiConf 2025 heralds a new era in infrastructure automation, emphasizing full lifecycle management, AI-driven operations and embedded security. With innovations like Terraform Stacks and Project Infragraph, and integrations into IBM's software portfolio, HashiCorp redefines infrastructure as interconnected systems, paving the way for agentic infrastructure. Is your organization primed to embrace this shift?

In this blog

  1. HashiConf 2025: Beyond provisioning to full lifecycle automation
  2. AI-powered infrastructure: Building for agentic operations
  3. Security as infrastructure, not a layer
  4. The IBM integration opportunity
  5. What infrastructure teams should do now
  6. Looking ahead

 HashiConf 2025: Beyond provisioning to full lifecycle automation

HashiConf returned to the West Coast for 2025 and was hosted at San Francisco's Fort Mason Center. This celebrated the 10th anniversary of the conference and kicked off a new era for HashiCorp, as it was their first conference as part of IBM Software.

HashiConf's theme this year was three-fold:

  1. Accelerating application delivery.
  2. Strengthening security and governance.
  3. Optimizing cloud operations and ROI.

These pillars reflect how infrastructure automation must address the complete system lifecycle—from initial provisioning through ongoing operations and security—to provide any measurable value to organizations.

The major announcements revealed three critical shifts: 

  1. Infrastructure automation extends beyond provisioning; it encompasses full lifecycle management.
  2. AI-powered operations require contextual information to manage infrastructure.
  3. Integration with IBM's broader ecosystem extends the scale and performance of automation and its integration with AI.

Infrastructure teams have spent the last decade perfecting provisioning. Terraform became the industry standard because it made Day 0 and Day 1 predictable and repeatable. Yet provisioning is only about 20% of the infrastructure's lifetime. The other 80%—patching, scaling, troubleshooting, compliance checks, and cost optimization—still happen through a patchwork of scripts, runbooks and manual processes.

At HashiConf 2025, HashiCorp made clear its intentions to close this gap. The scope of infrastructure automation is expanding, and infrastructure teams can expect to see transformative changes to the way they work.

 Completing the infrastructure lifecycle

Organizations automated the process of creating resources, but not the management of them over time. The result is infrastructure that is "cattle" during provisioning but immediately becomes "pets" in production. HashiConf introduced three solutions that work together to address this issue.

Terraform Stacks (now generally available) manages related configurations across multiple environments as cohesive units. Teams can split configurations into components and deploy them across staging, QA, and production with cross-stack dependencies that automatically retrigger downstream stacks when upstream changes occur. This matters because modern infrastructure isn't deployed as isolated resources, but as interconnected systems that need coordinated lifecycle management. For platform teams, Stacks enables packaging complete infrastructure patterns that can be consistently provisioned despite having varied inputs.

Terraform Search addresses the practical barrier to IaC adoption: existing infrastructure. With bulk discovery and import capabilities, teams can locate cloud resources across environments and bring them under Terraform management without manual work. The feature acknowledges that most production infrastructure wasn't provisioned with IaC and is challenging to fully import, while dramatically reducing onboarding time and closing the gap between deployed infrastructure and IaC coverage.

Terraform Actions treats Day 2 operations as first-class citizens within Terraform. Teams define and execute operational workflows—patching, scaling, compliance checks—directly in infrastructure code, bringing post-deployment automation into the same version-controlled, policy-governed workflow as provisioning. The Ansible integration demonstrates this practically: organizations can now invoke Ansible playbooks directly from Terraform configurations, eliminating the custom orchestration many teams built between these tools. Actions fundamentally change what Terraform is—from a provisioning tool to an infrastructure automation platform. 

Together, these announcements paint a compelling picture: Stacks codifies infrastructure relationships, Search acknowledges the reality of existing infrastructure, and Actions extends automation into Day 2 operations. This is how HashiCorp is enabling the transition from infrastructure as (initial) code to full lifecycle automation.

 AI-powered infrastructure: Building for agentic operations

The most strategically significant announcement was Project Infragraph, HashiCorp's foundation for agentic infrastructure—infrastructure that can observe, reason, and act with AI assistance.

Current infrastructure automation operates on explicit instructions: an engineer writes code and Terraform executes it. Agentic infrastructure operates on intent and context: an AI agent understands what infrastructure exists, how components relate, and autonomously determines the safest way to achieve outcomes. The missing piece is a comprehensive, real-time infrastructure context.

Project Infragraph is a real-time infrastructure knowledge graph connecting infrastructure, applications, services, and ownership across hybrid cloud environments. It serves as a system of record for infrastructure and security data, providing the foundation for AI agents to observe, reason, and act safely. For agentic infrastructure to work safely, AI needs to understand not just what servers exist, but what applications run on them, who owns them, what compliance requirements apply, what systems depend on them, and what impact changes would have.

All HashiCorp products and configuration files contain data about secrets, identity, access, infrastructure state, and policy compliance. Infragraph captures and formalizes this data in a central location. Infragraph's roadmap includes integration with IBM's broader ecosystem—Red Hat Ansible, OpenShift, IBM Watsonx, Turbonomic and Cloudability—along with connectors for AWS, Azure, GCP, and third-party systems.

Complementing Infragraph, HashiCorp released three Model Context Protocol (MCP) servers for Terraform, Vault, and HCP Vault Radar. These act as bridges between AI agents and infrastructure tools, enabling natural language interaction while ensuring auditable interactions. The vision for agentic infrastructure is clear: MCP servers provide the human-centric interface, Infragraph provides the infrastructure context, and together they enable AI agents that can safely understand and act on infrastructure autonomously.

Private beta applications for Project Infragraph will open in December 2025.

 Security as infrastructure, not a layer

As infrastructure becomes automated and ephemeral, security must be embedded in provisioning workflows rather than bolted on afterward. The security announcements at HashiConf reflect this strategy.

Vault Enterprise's protected secrets (public beta) mounts secrets directly to Kubernetes pods without persistent storage, eliminating a significant attack surface. Native SPIFFE support automates cryptographically verifiable workload identity issuance at machine speed, critical for dynamic environments and AI infrastructure at scale. 

Vault Radar's VSCode plugin (public beta) provides real-time secrets scanning within the development environment, creating a feedback loop that influences developer behavior before secrets leak—addressing secrets management as a behavior problem, not just a tooling problem. 

Boundary's RDP credential injection (public beta) extends passwordless access to Windows hosts, completing the zero-trust story across infrastructure.

The pattern is clear: successful security in automated environments isn't about adding more security tools—it's making security invisible by embedding it in infrastructure workflows.

 The IBM integration opportunity

The Terraform-Ansible integration demonstrates the potential of HashiCorp and Red Hat working together under IBM. Many organizations built custom orchestration between these tools, and native integration eliminates this complexity. The integration addresses a real pain point while preserving the strengths of both platforms—a promising sign of IBM's approach to bringing these ecosystems together.

IBM's commitment to HashiCorp's continued development is evident throughout the conference announcements. While the integrations between Terraform and Ansible, OpenShift and Vault, and Turbonomic, Watsonx and Cloudability are the headlining acts, additional integrations with other IBM portfolio products create opportunities for unified infrastructure and application management across hybrid cloud environments.

This "better together" vision offers significant value: infrastructure provisioning through Terraform, configuration management through Ansible, application platforms through OpenShift, AI capabilities through Watsonx, and cost optimization through Turbonomic—all working from a unified data model. For organizations already invested in multiple parts of this ecosystem, the integration roadmap represents meaningful operational improvements. As the broader ecosystem integrations materialize over the coming years, organizations using HashiCorp products can expect continued innovation.

 What infrastructure teams should do now

These announcements have practical implications for infrastructure teams at any maturity level.

Audit your Day 2 operations. Identify what happens after provisioning: patching, scaling, troubleshooting, cost management. How much is automated versus manual? Terraform Actions makes operational workflows codifiable—start building that catalog.

Think in lifecycle units, not resources. Stop organizing infrastructure as individual resources. Start designing around complete patterns with explicit dependencies. Even without adopting Stacks, this conceptual shift prepares you for lifecycle automation.

Build for AI readiness now. Well-organized infrastructure will be AI-ready when AI infrastructure management matures. Focus on clear relationships between components, accurately maintained metadata, and operational context exposed through APIs. Don't wait for AI tools to mature—build the foundation now.

Invest in platform engineering. Build self-service infrastructure capabilities with pre-built patterns that embed security and automated Day 2 operations from the start. Start small: one team, one application pattern, iterate based on feedback.

Rethink your metrics. If your metrics only cover provisioning speed, it's time to broaden the horizons. Consider metrics such as percentage of operational work codified versus manual, mean time to remediate (not just mean time to deploy), policy compliance across the lifecycle, and self-service adoption rates if you're building platforms.

 Looking ahead

HashiConf 2025 marked a transition point: Infrastructure automation is more than provisioning—it's lifecycle management, operational intelligence, and embedded security working together. The gap between infrastructure provisioning and infrastructure operations has been the missing piece, and HashiCorp is addressing it comprehensively.

The vision is compelling: unified lifecycle management where provisioning, operations, and security converge; agentic infrastructure with comprehensive operational context enabling AI-powered decision-making; platform engineering as the delivery model; and humans empowered by AI-driven automation, managing systems too complex for either to handle alone.

For infrastructure teams, the opportunity isn't choosing between provisioning and operations, between infrastructure and security, or between tools and platforms. It's recognizing that these concerns are converging and building systems that treat them as integrated rather than separate.

The next phase of infrastructure automation will not be about better provisioning but complete lifecycle management, intelligent operations, and embedded security. The organizations that recognize this shift and act on it will define the next era of infrastructure excellence.

 

What are your thoughts on Hashicorp's direction? Did you attend HashiConf, and if so, what were your key takeaways? Let's continue this conversation in the comments below! 

Remember, in the world of infrastructure, the only constant is change – so stay curious, keep learning and happy terraforming! 

Want to discuss how these insights apply to your organization? Reach out to WWT's Infrastructure Automation team.

Technologies