Glossary

This page collects brief definitions of some of the technical terms used in the documentation for HCP, HCP Consul, HCP Vault, and HCP Packer product families.

Ancestors

Upstream artifacts that an HCP Packer bucket depends on directly or indirectly as source artifacts.

Ancestry

In HCP Packer, ancestry refers to the relationship between source artifacts (parents) and their downstream child artifacts. The HCP Packer UI can display ancestry statuses that warn you when an artifact was built from an old version of one or more ancestors. Refer to the Ancestry documentation.

Audit Device Log

Audit devices are the components in Vault that keep a detailed log of all requests and response to Vault. Because every operation with Vault is an API request/response, the audit log contains every authenticated interaction with Vault, including errors.

To learn more, go through the Access the audit log for troubleshooting section of the Vault Operation Tasks tutorial.

Base Artifact

Base artifact refers to the artifact that other artifacts are built upon. For example, security teams may publish a base artifact that other teams in the organization must use as a starting point for their projects. This can also be referred to as a source artifact or parent artifact.

Bucket

A bucket is a container within the HCP Packer registry that stores artifact metadata from a single Packer template. Buckets contain one or more version. Reference the bucket documentation for more details.

Build

A build refers to the artifact metadata stored on the HCP Packer registry from all artifacts produced by a single builder. Each artifact has a creation date and an ID that references the remote location of the artifact. Refer to the metadata documentation for more details.

Channel

Channels assign HCP Packer registry version to human-readable names that consumers can reference in Packer templates and Terraform configurations. They allow consumers to automatically reference the correct artifact version on the registry without having to update their code. Refer to the channels documentation for more details.

Child

In HCP Packer, child artifact refer to downstream ancestors that Packer builds directly from one or more parent artifact.

Descendants

Descendants are downstream artifact that Packer built directly or indirectly from a common ancestor. For example, this includes all artifacts Packer built from the ancestor’s direct children.

Downstream artifact

Downstream artifact refers to an artifact that is built from a specific source artifact, For example, an artifact containing specific application software may be built on top of a security golden image. This is often also called a child artifact.

Downstream build

Downstream build refers to an individual build that is based on artifacts from a specific, pre-existing build.

Entity

Entity represents a Vault client which has one or more aliases mapped. For example, a single user who has accounts in both GitHub and LDAP can be mapped to a single entity in Vault that has 2 aliases, one of type GitHub and one of type LDAP.

To learn more about entities, go through the Identity: Entities and Groups tutorial.

Golden image

Golden image refers to a pre-configured image that should be used as the source for instance creation in infrastructure.

HCP Packer registry

The HCP Packer registry is a service that stores metadata about your artifacts, including when they were created, where the artifacts exists in the cloud, and what (if any) git commit is associated with your image build. This bridges the gap between image factories and image deployments, allowing development and security teams to work together to create, manage, and consume golden images in a centralized way. Reference the HCP Packer registry docs for more details.

In the HCP Packer UI, the Registry is where you can view all of the buckets in your organization.

HCP Packer registry data source

The HCP Packer registry data source enables you to query the HCP Packer registry for an artifact to use as the source for a Packer build. Data sources are new to Packer as of last year, and only available in HCL templates. Refer to the Metadata documentation for more details.

HCP Terraform provider

The HCP Terraform provider is the Terraform provider for HashiCorp Cloud Platform. Providers are plugins that allow Terraform to communicate with external APIs. The HCP Terraform provider includes the hcp_packer_version and hcp_packer_artifact data sources that you can use to query the HCP Packer registry for an artifact to use in a Terraform configuration. Refer to the reference metadata documentation for more details.

HVN

HashiCorp Virtual Networks. It delegates an IPv4 CIDR (classless inter-domain routing) range to HCP which is then reflected on the cloud provider's virtual network CIDR range.

Intra Region

The resources are all located within the same cloud provider region.

Inter Region

The resources are located across the different cloud provider regions.

Major Version

Vault releases major functionality and features in their major version releases. Examples of Vault major versions are 1.6, 1.7, etc.

Minor Version

Minor versions releases of Vault contain bug fixes and small enhancements that do not have an impact on backward compatibility. Minor versions are released more frequently than major releases and provide a safe upgrade path for users. Examples of minor versions include 1.6.0, 1.6.1, 1.7.0, etc.

Namespaces

Namespaces is a set of features within Vault Enterprise that allows Vault environments to support secure multi-tenancy within a Vault deployment.

To learn more, go through the following tutorials:

Organization

An organization is an entity in HCP that contains your resources, including HashiCorp Virtual Networks (HVN), registries, and server clusters. Organizations may also be referred to as tenants.

Parent

In HCP Packer, parent artifacts refer to upstream ancestors that Packer uses as a direct source for one or more child artifacts.

Seal

When a Vault server is started, it starts in a sealed state. In this state, Vault is configured to know where and how to access the physical storage, but doesn't know how to decrypt any of it. There is also an API to seal the Vault. This will throw away the master key in memory and require another unseal process to restore it. Sealing only requires a single operator with root privileges.

To learn more, go through the Seal the cluster section of the Vault Operation Tasks tutorial.

Service API

API server connected to the public internet.

Snapshots

Vault enables users to take a snapshot of all Vault data. The snapshot can be used to restore Vault to the point in time when a snapshot was taken.

To learn more about snapshots, go through the Data snapshots section of the Vault Operation Tasks tutorial.

Tokenization service

Isolated encryption and decryption service.

Tokens

Tokens are the core method for authenticating with Vault. Within Vault, tokens map to information. The most important information mapped to a token is the policies. Vault policies control access to secrets.

To learn more about Vault tokens, go through the Vault Tokens tutorials.

Unseal

Unsealing is the process of obtaining the plaintext master key necessary to read the decryption key to decrypt the data, allowing access to the Vault. Prior to unsealing, almost no operations are possible with Vault.

To learn more, go through the Unseal the cluster section of the Vault Operation Tasks tutorial.

Version

A version is an immutable record of each successful packer build for a single template, stored on the HCP Packer registry. Each version may contain multiple builds, depending on how you configured sources in your template. Refer to the Metadata documentation for more details.

Version Fingerprint

A version fingerprint is a unique identifier for each version stored on the HCP Packer registry. Refer to the template configuration documentation for more details.