June 20-22 Announcing HashiConf Europe full schedule: keynotes, sessions, labs & more Register Now
  • Infrastructure
    • terraform
    • packer
  • Networking
    • consul
  • Security
    • vault
    • boundary
  • Applications
    • nomad
    • waypoint
    • vagrant
  • HashiCorp Cloud Platform

    A fully managed platform to automate infrastructure on any cloud with HashiCorp products.

    • consul
    • terraform
    • vault
    • packerbeta
    Visit cloud.hashicorp.com
  • Overview
  • Tutorials
  • Docs
  • API
  • Community
GitHub—Stars on GitHub
Download
    • v0.8.x (latest)
    • v0.7.x
    • v0.6.x
    • v0.5.x
    • v0.4.x
    • v0.3.x
    • v0.2.x
    • v0.1.x
  • What is Boundary?
    • Overview
      • Overview
      • Production
    • Run and Login
    • Connect to Target
    • Overview
    • Non-Dev Environments
    • Systemd Install
    • Postgres Install
    • High Availability Install
    • Reference Architectures
    • Overview
    • API
    • CLI
    • Go SDK
    • Desktop
    • Desktop
    • Overview
    • Service Discovery
      • Overview
        • Overview
        • Assignable Permissions
        • Permission Grant Formats
        • Resource Table
      • Data Encryption
      • Connections/TLS
      • Overview
      • Accounts
      • Auth Methods
      • Credentials
      • Credential Libraries
      • Credential Stores
      • Groups
      • Hosts
      • Host Catalogs
      • Host Sets
      • Managed Groups
      • Scopes
      • Sessions
      • Session Connections
      • Targets
      • Roles
      • Users
      • Overview
      • OIDC Managed Groups
      • Resource Listing
      • Worker Tags
      • Events
    • Overview
    • Building
    • Developing the UI

    • Overview
      • Overview
      • TCP
      • Unix
      • Overview
      • AEAD
      • AWS KMS
      • AliCloud KMS
      • Azure Key Vault
      • GCP Cloud KMS
      • OCI KMS
      • Vault Transit
    • controller
    • worker
      • Overview
      • Common Sink Parameters
      • File Sink
      • Stderr Sink
    • plugins
    • Overview
    • Metrics
    • Health Endpoint
  • Common Workflows
    • Overview
    • Manage Roles
    • Manage Scopes
    • Manage Sessions
    • Manage Targets
    • Manage Users and Groups
    • Workflow SSH Proxy

  • Roadmap
    • Overview
    • v0.8.0
    • v0.7.0
    • v0.6.0
    • v0.5.0
    • v0.4.0
    • v0.3.0
    • v0.2.0
    • v0.1.0
Type '/' to Search

»Overview

Boundary has a rich domain model consisting of resources that represent IAM principals, infrastructure, and the means to tie them together. This section contains information about the various resources within the domain and how they relate to each other.

»Resources

A resource is any element in Boundary to which principals may be granted permissions. All resources have an ID which is unique within Boundary.

»Summary of Resources

  • Account : An account is a resource that represents a unique set of credentials issued from a configured authentication method which can be used to establish the identity of a user.

  • Credential : A credential is a data structure containing one or more secrets that binds an identity to a set of permissions or capabilities on a host for a session.

  • Credential Library : A credential library is a resource that provides credentials of the same type and same access level from a single credential store.

  • Credential Store : A credential store is a resource that can retrieve, store, and potentially generate credentials of differing types and differing access levels. It may also contain credential libraries.

  • Authentication Method : An authentication method is a resource that provides a mechanism for users to authenticate to Boundary.

  • Group : A group is a resource that represents a collection of users which can be treated equally for the purposes of access control.

  • Host : A host is a resource that represents a computing element with a network address reachable from Boundary.

  • Host Catalog : A host catalog is a resource that contains hosts and host sets.

  • Host Set : A host set is a resource that represents a collection of hosts which are considered equivalent for the purposes of access control.

  • Managed Group : A managed group is a resource that groups accounts based on criteria established by a third-party service backing the authentication method. It can be used as a principal in roles.

  • Role : A role is a resource that contains a collection of permissions which are granted to any principal assigned to the role.

  • Session : A session is a set of related connections between a user and a host. A session may include a set of credentials which define the permissions granted to the user on the host for the duration of the session.

  • Scope : A scope is a permission boundary modeled as a container.

  • Target : A target is a resource that represents a networked service with an associated set of permissions a user can connect to and interact with through Boundary by way of a session.

  • User : A user is a resource that represents an individual person or entity for the purposes of access control.

»Next Steps

When getting started with Boundary, the first resource to look at should probably be Scopes. Every other resources is either contained within a scope, or contained within another resource that is itself contained within a scope. That page can help you understand the structure of resources within Boundary.

github logoEdit this page
DocsLearnPrivacySecurityPress KitConsent Manager