June 20-22 Announcing HashiConf Europe full schedule: keynotes, sessions, labs & more Register Now
  • Infrastructure
    • terraform
    • packer
  • Networking
    • consul
  • Security
    • vault
    • boundary
  • Applications
    • nomad
    • waypoint
    • vagrant
  • HashiCorp Cloud Platform

    A fully managed platform to automate infrastructure on any cloud with HashiCorp products.

    • consul
    • terraform
    • vault
    • packerbeta
    Visit cloud.hashicorp.com
  • Overview
  • Tutorials
  • Docs
  • API
  • Community
GitHub—Stars on GitHub
Download
    • v0.8.x (latest)
    • v0.7.x
    • v0.6.x
    • v0.5.x
    • v0.4.x
    • v0.3.x
    • v0.2.x
    • v0.1.x
  • What is Boundary?
    • Overview
      • Overview
      • Production
    • Run and Login
    • Connect to Target
    • Overview
    • Non-Dev Environments
    • Systemd Install
    • Postgres Install
    • High Availability Install
    • Reference Architectures
    • Overview
    • API
    • CLI
    • Go SDK
    • Desktop
    • Desktop
    • Overview
    • Service Discovery
      • Overview
        • Overview
        • Assignable Permissions
        • Permission Grant Formats
        • Resource Table
      • Data Encryption
      • Connections/TLS
      • Overview
      • Accounts
      • Auth Methods
      • Credentials
      • Credential Libraries
      • Credential Stores
      • Groups
      • Hosts
      • Host Catalogs
      • Host Sets
      • Managed Groups
      • Scopes
      • Sessions
      • Session Connections
      • Targets
      • Roles
      • Users
      • Overview
      • OIDC Managed Groups
      • Resource Listing
      • Worker Tags
      • Events
    • Overview
    • Building
    • Developing the UI

    • Overview
      • Overview
      • TCP
      • Unix
      • Overview
      • AEAD
      • AWS KMS
      • AliCloud KMS
      • Azure Key Vault
      • GCP Cloud KMS
      • OCI KMS
      • Vault Transit
    • controller
    • worker
      • Overview
      • Common Sink Parameters
      • File Sink
      • Stderr Sink
    • plugins
    • Overview
    • Metrics
    • Health Endpoint
  • Common Workflows
    • Overview
    • Manage Roles
    • Manage Scopes
    • Manage Sessions
    • Manage Targets
    • Manage Users and Groups
    • Workflow SSH Proxy

  • Roadmap
    • Overview
    • v0.8.0
    • v0.7.0
    • v0.6.0
    • v0.5.0
    • v0.4.0
    • v0.3.0
    • v0.2.0
    • v0.1.0
Type '/' to Search

»Sessions

A session is a set of related connections between a user and a host. A session may include a set of credentials which define the permissions granted to the user on the host for the duration of the session.

A user initiates a session by requesting access to a target. If a user has the proper permissions, a session is created and the expiration time and connection limit are set based on the target's attributes. If the target is associated with credential libraries, credentials are retrieved and returned from each credential library. A snapshot of the data relevant to authorizing the session is also captured and stored in the Boundary data warehouse when the session is created.

Sessions are created in the project of the corresponding target. Deleting a project will terminate all of the active sessions in the project but will not effect any session data in the data warehouse. Historical data in the data warehouse is never deleted.

»Termination

A session is forcefully terminated when one of the following occurs:

  • The session reaches the time limit and expires.

  • An authorized user manually cancels the session.

  • Any resource associated with the session is deleted or removed from the target. This includes: the host, the host set, the host catalog, a credential, a credential library, a credential store, the target itself, the project, the organization, the user, the user's account, or the account's authentication method.

In addition to the above, a session terminates non-forcefully when the user closes all connections and no additional connections are allowed because of a connection limit.

Any credentials associated with the session are revoked when the session is terminated.

Permissions are only evaluated at session establishment. Changes to a user's permissions do not effect existing sessions.

»Referenced By

  • Project
  • Credential
  • Host Set
  • Target

»Service API Docs

The following services are relevant to this resource:

  • Session Service
github logoEdit this page
DocsLearnPrivacySecurityPress KitConsent Manager