Mitchell Hashimoto has been writing software since he was 12 years old. Since he cofounded HashiCorp in 2012, however, he’s been focused on automation software, such as that created by his company. HashiCorp now offers a host of products to automate the software development life cycle, and those products do everything from managing security between services to provisioning environments in the cloud.
We spoke with Hashimoto about his company’s past, present and future, and to discuss the impact of Vagrant on his life and work.
SD Times: HashiCorp’s tools require a certain way of thinking about software development and deployment. Can you describe that?
Hashimoto: We have something we published called the Tao of HashiCorp. One of our core beliefs is how we think software and infrastructure automation should work. Those tenets are infrastructure as code, and really everything as code.
We believe human memory is fallible, and you want a source of truth for accountability and history. The only way to get automation on top of that is to write something down in a very literal way, which is code.
(Related: Automation is the key to DevOps)
We favor declarative versus imperative. We believe everything should be declarative at a certain scale and complexity. If you’re writing down how to do something, it becomes too complex versus saying what you want to happen and letting things get there.
It’s scarier because you have a lack of control getting to your desired state, but as something matures, when you use a declarative system really well, it’s indistinguishable from magic.
From an organizational perspective, you should be striving to automate as much as possible. When I look at people, I think what makes us special is being creative and creative problem solving: adapting to things we haven’t seen before. Whenever I found myself doing something that wasn’t creative, like a repetitive task, it felt like a waste to me.
The gift we have is this creativity, and it’s great when that’s focused on software or marketing or whatever. We should be striving to automate as many rote tasks as possible so we can do creative things. We want employees to focus on business problems and not the mundane.
This all got started with Vagrant. What does that tool mean to you now?
Vagrant in a lot of ways is the first thing I think anybody does. There’s a lot of times where I didn’t realize the decisions I was making, but Vagrant caught a lot of them. We solved a smaller-scope problem really well, versus trying to do everything at once. It also embodied the problem set I described. I found myself doing this rote task whenever I hopped into new client work. I had to re-set up my laptop, reading a readme [and] doing what the readme said. I looked at it and said there’s no reason a human should do this.
Did developing Vagrant awaken you to the need for more automation tooling in the life cycle?
It was all kind of in parallel. When I was working on Vagrant with Armon Dadgar, my cofounder, we were working on a large-scale research system. We had all these other problems. In hindsight, we were experiencing the pains of microservices and multi-cloud and problems in that space, and we just couldn’t manage that scale for that application delivery life cycle. We couldn’t manage it with the tools we had. We were pretty young.
We were writing down the challenges we were facing. As Vagrant grew in popularity and we got more involved in the DevOps movement, I started seeing that this movement, these problems and this academic research all line up to solve these problems.
What made you build out more tools and found HashiCorp?
Vagrant hit a limit. How do I actually deploy this thing? And there was no good answer. We started looking at what additional software we could make. When I announced HashiCorp, we came out with Packer, but over a two-year period we released a lot.
It was more intentional. When you release a puzzle piece and you haven’t given out all the pieces, it adds more confusion. There were a number of pieces we wanted to get out there, so it was a semblance of a puzzle. We needed the first five to be out there to give a decent end-to-end story: to give major key frame story for getting from development to production.
What’s next for HashiCorp?
In the future, there are a few trends we find interesting. One in particular we’re really latching onto is shifting this infrastructure as code to more categories. Our two biggest growth drivers in the past 18 months have been Terraform and Vault. Terraform is for creating infrastructure as code, and Vault is our security tool that provides certificate management and key management. They are both seeing the same level of growth: multi-100% growth every quarter. They are related in where they are heading, in that our road map revolves around pushing those even further.
Let’s describe more things as code. But also, let’s bring security as code into Vault. Right now, Vault is very imperative. It’s, “This person can access this secret;” it’s very much old school. You have to do that with security so they feel comfortable.
As we gain heavy adoption of Vault, we’re starting to look into what is the next step in security. How do we jump security to make it more manageable. There’s a real problem we’re seeing in microservices. It’s so difficult to reason about security. You’re in the cloud, there are no end points or out points; it’s just sort of the Internet. What you really want is to secure every connection with every service really fast.
We think that when we see that complexity, when I look at it, you need a declarative system. You need to trust the security systems, and that’s a big leap. But I don’t see a future where you have a thousand microservices and you’re connecting every tube together. I don’t see a future where a security engineer is reasonably doing that. You need more automation there.
What do you find interesting in technology these days?
I am paying attention to the serverless stuff popping up. None of it says to me this is the way to do it, but I do think if I had a lot more free time, I would be playing a lot more with serverless. It’s really unknown what the business value is, but that unknown is really intriguing to me. Anything that pops us as serverless, I take a look at it. It can be fun, but I see a lot of challenges scaling that up to real business uses, like business analytics. But I think there’s something there.