Hashicorp and the Real Path to AI-Driven IT Operations

AI has rapidly transitioned from being a novelty to an expected component in infrastructure and platform engineering. Across conferences, vendor updates, and architecture diagrams, everyone now highlights agents, copilots, and autonomous workflows.

However, in actual operational settings, teams face a tougher reality: while AI is potent, it is not yet mature enough for blind trust. Organizations seek automation that alleviates operational burden, not systems that could cause new outages or security issues.

IBM’s integration of HashiCorp technologies focuses on  AI, being operationally safe while focusing on integrating automation with workflow discipline, implementing least-privilege security, and maintaining a trustworthy system state.

In a recent Software Plaza webinar, Kerim Satirli, Senior Developer Advocate at IBM talks about major developments happening across the HashiCorp ecosystem.

New updates from Terraform that support orchestrating ‘real’ environment 

Terraform has traditionally been efficient at managing infrastructure through provider APIs for creating, reading, updating, and deleting resources. Nonetheless, enterprise infrastructure rarely remains simple or entirely new. It is intricate, multi-layered, and often includes shared networks, inherited permissions, legacy buckets, outdated clusters, drifting resources, and collaborative teams that need to coordinate without conflicts.

That context is why Terraform Stacks is such a meaningful update. Stacks are used to deploy complex, interdependent environments with clearer, more manageable units and a more explicit dependency model. 

Consider multi-step environment buildouts that seem straightforward at first but quickly become complicated. The dependency graph for these setups grows increasingly complex, especially when scaled across development, testing, staging, and production, and across multiple business units. HashiCorp’s stacks address this scaling challenge by introducing more structure to multi-stage, multi-environment deployments, helping teams avoid fragile glue code and manual sequencing.

How Terraform Search helps brownfield adoption

While Terraform Stacks focuses on “how to build complex environments cleanly,” Terraform Search tackles a similar challenge: “how can I migrate my existing infrastructure into Terraform without weeks of struggle?”

Importing resources has traditionally been a major challenge for Terraform at an enterprise level. While feasible, the process is often tedious and prone to errors. For example, even a basic S3 bucket involves aspects like location, identity, policies, and lifecycle rules. When scaled across thousands of resources, this complexity turns into a migration project that many teams postpone indefinitely.

Terraform Search is evolving into a more automated system: users can identify existing infrastructure, choose what to manage, and import it through a codified process. This shift aims to make Terraform adoption more feasible for large organizations already heavily engaged in cloud services.

Features of Terraform Actions

Provisioning infrastructure is often only half the job. The rest is operational reality: invalidating caches, calling a function after a resource update, triggering configuration management, or running an integration step that historically lived in scripts and duct tape.

Terraform Actions provides a method to incorporate conditional operations, such as “do X when Y occurs,” directly within Terraform workflows. This approach removes the necessity for local provisioners or external scripts. For instance, when deploying assets behind a CDN and subsequently invalidating a CloudFront cache or triggering a Lambda, teams used to depend on AWS CLI commands or custom scripts. Actions simplify and formalize this workflow.

How Infragraph builds infrastructure relationships 

Terraform Graph has long offered a reactive visualization, useful but limited. Infragraph is positioned as a more interactive, context-rich view of infrastructure relationships that goes beyond what Terraform alone “sees.” 

It’s meant to help answer the questions that matter during incidents and operational change. Conceptually, Infragraph is about making the infrastructure family tree legible, not only after something fails, but proactively, so teams can reason about blast radius and relationships earlier.

Using Vault Radar for secrets detection

If Terraform updates focus on scale and workflow, Vault Radar emphasizes risk and inevitability. Karim explained straightforwardly: teams often don’t realize how many secrets they handle until they assess it. The discussion mentioned a study showing that the average application interacts with dozens of secrets, including API keys, analytics tokens, license keys, and SDK credentials, many of which are managed less carefully than cloud root credentials.

Vault Radar detects and identifies secrets by scanning Git repositories and tools like Slack and Jira for known secret patterns, alerting you to unmanaged secrets not stored in Vault that appear in multiple locations, increasing exposure.

Industry trends to look for

MCP (Model Context Protocol) servers and agent-driven automation are common subjects. The potential is high because agents can do more than just “RAG over docs”; they can interact with APIs and perform actions across various systems. When implemented correctly, this can greatly boost productivity. For example, an “incident scribe” agent can collect precise, API-driven information, prepare notes, and minimize dashboard switching, which often causes delays in responses.

The main challenge is that many teams once viewed agents as all-knowing helpers, granting them “keys to the kingdom,” root tokens, broad access, and powerful credentials to simplify demos and achieve quick wins. However, this approach now conflicts with a more mature outlook: autonomous systems require strict permissions, minimal privileges, and clear workflow guidelines, or they may lead to outages and security risks.

HashiCorp’s recent updates, including Terraform Stacks, Search, Actions, Infragraph, and Vault Radar, are not just isolated feature releases. They address a common truth: infrastructure has become more interconnected, automation more autonomous, and the attack surface more resembling a supply chain. The successful teams will be those that modernize both their workflows and security strategies simultaneously.

This blog is based on a webinar with Kerim Satirli, Senior Developer Advocate at IBM. You can watch the full video here.