Overview
Hashicorp Vault’s binary has grown substantially, making upgrades less desirable and deployments more cumbersome.
The team has set a 3-year vision to transition from today's model where most plugins are bundled with Vault to a future outlook where plugins are externalized in a registry, to allow scalability and enable better UX workflows.
MY Role
Lead Designer | Team: 1 Designer, 2 PMs, 6 Devs
Research, Ideation, Interaction, Visual design, Prototyping
Research, Ideation, Interaction, Visual design, Prototyping
Duration
Mar, 2022 - Sep, 2024
The Problem
Vault's binary size is ever growing. With all the plugins bundled into the binary, it's reaching 500 MB+ and slowing down container pulls, CLI startup, and CI/CD jobs. Customers need to upgrade the whole binary, even only a small update is made in one of the plugins.
Moreover, the current solution is hindering Vault from deepening its ecosystem capabilities. Developers can't directly build and publish plugins with Vault's binary, and they lack the ability to have more granular control over the plugins.
User Research
1. Customer insights
I started off by drafting a research plan, aiming to interview a few customers to dive more into the pains and their desire for slimmer Vault and plugin management requirements.
Large vault size
“It took over 30 seconds just to run vault --version on AWS.” — Sayrus
“I only need Vault to sign SSH certs; packing the whole server binary seems silly.” — jk464
Registry concept
“We use Azure, but there’s a bunch of plugins we do not.” — franciscoabsampaio
“I’d prefer all plugins were external, similar to Terraform providers.” — 111a5ab1
2. Data analysis
From the earlier findings, we formed a general idea about user's desire to move all plugins outside of the Vault binary. This should make vault deployment and upgrade much easier. At the same time, moving all the plugins to a registry would allow more possibilities in plugin management and the whole marketplace idea.
What's not so easy here is to determine which plugins go external. So I went through some reports to identify the plugin usage.
From here, we can easily see that we'd like to keep the top 3 used plugins within the binary.
Forming the vision
How might we help the Platform engineers to securely run Vault deployments and achieve faster server start up?
How might we simplify the plugin management experience so Vault and be easily integrated and extensible?
Journey map
1. Before minimal Vault
2. After minimal Vault
Final Outcome
Two views with percentage to indicate the usage/inventory of the sponsorship products. As well as filtering capabilities on various criteria.
Landing page of the registry
Installed plugins
Read plugin details
See plugin deployment
Monitor plugin health
