DEV Community

Alex Spinov
Alex Spinov

Posted on

HashiCorp Boundary Has a Free API: Secure Remote Access Without VPNs

#security #devops #networking #cloudnative

Boundary provides simple and secure remote access to dynamic hosts and services. It replaces traditional VPNs with identity-based access management that integrates with your identity provider.

What Is Boundary?

Boundary by HashiCorp provides secure access to hosts and critical systems without managing credentials or exposing the network. Users authenticate through their identity provider (Okta, Azure AD, etc.) and Boundary handles credential injection.

Key Features:

  • Identity-based access (no static creds)
  • Session recording and audit
  • Dynamic host catalogs (AWS, Azure)
  • Credential injection (Vault integration)
  • Just-in-time access
  • No VPN client needed
  • REST API and CLI
  • Multi-hop sessions

Quick Start 

# Install
brew install boundary

# Start dev server
boundary dev

# Authenticate
boundary authenticate password \
  -login-name admin -password password \
  -auth-method-id ampw_1234567890
Enter fullscreen mode Exit fullscreen mode

Boundary API 

import requests

BOUNDARY = "http://localhost:9200/v1"
TOKEN = "your-auth-token"
HEADERS = {"Authorization": f"Bearer {TOKEN}"}

# List scopes (organizations and projects)
scopes = requests.get(f"{BOUNDARY}/scopes", headers=HEADERS, params={
    "scope_id": "global", "recursive": True
}).json()
for scope in scopes.get("items", []):
    print(f"Scope: {scope['name']} ({scope['type']})")

# List targets
targets = requests.get(f"{BOUNDARY}/targets", headers=HEADERS, params={
    "scope_id": "p_1234567890"
}).json()
for target in targets.get("items", []):
    print(f"Target: {target['name']}, Address: {target.get('address', 'dynamic')}")

# Create a target
requests.post(f"{BOUNDARY}/targets", headers=HEADERS, json={
    "scope_id": "p_1234567890",
    "name": "prod-database",
    "type": "tcp",
    "attributes": {
        "default_port": 5432
    },
    "address": "prod-db.internal"
})

# Connect to target
session = requests.post(f"{BOUNDARY}/targets/{target_id}:authorize-session",
    headers=HEADERS
).json()
print(f"Session: {session['item']['session_id']}")
print(f"Connect via: boundary connect -session-id {session['item']['session_id']}")
Enter fullscreen mode Exit fullscreen mode

Connect via CLI 

# SSH to a server
boundary connect ssh -target-id ttcp_1234567890

# PostgreSQL
boundary connect postgres -target-id ttcp_db -dbname myapp

# HTTP (any TCP service)
boundary connect -target-id ttcp_web -listen-port 8080
# Now access http://localhost:8080

# RDP
boundary connect rdp -target-id ttcp_windows
Enter fullscreen mode Exit fullscreen mode

Resources

Need to scrape web data securely? Check out my web scraping tools on Apify — production-ready actors for Reddit, Google Maps, and more. Questions? Email me at spinov001@gmail.com

Top comments (0)