Open source forkers stick an OpenBao in the oven
HashiCorp software faces challenge after licensing change
The rebellion against HashiCorp for adopting a competition-limiting license for its Terraform software expanded this week, with word that The Linux Foundation aims to help hatch an open source alternative to Vault, the company's secrets management project.
At the Open Source Summit in Tokyo, Japan, this week, Sebastian Stadil, co-founder and CEO of DevOps automation biz Scalr and one of the organizers of OpenTofu, a fork of Terraform, revealed details about the project, dubbed OpenBao.
OpenBao is a fork of Vault, which helps developers manage secrets like passwords, tokens, certificates, API keys, and the like.
Vault, like HashiCorp's Boundary, Consul, Nomad, Packer, Terraform, Vagrant, and Waypoint, has been put under the Business Source License, which disallows other cloud companies from offering the software as a competitive product. And so rivals have forked the Vault code under an OSI-compliant license – Mozilla PLv2 – to ensure continued access to the technology.
"If there are two projects that are identical and one's open source and one's not, I personally believe that the moral choice is to use the open source project and help in some manner," Stadil told the conference.
Stadil explained to The Register that later this month an OpenTofu release candidate is planned and that OpenBao will start accepting new contributions.
OpenBao is being incubated by the Linux Foundation, led by IBM developers through LF Edge, an edge computing initiative. The project is not (yet) officially endorsed by IBM. Before it graduates in the eyes of the Linux Foundation, it needs to meet certain criteria to demonstrate that it's likely to last.
Project viability and longevity were among the concerns voiced by those attending Stadil's presentation, given that OpenTofu and OpenBao are recent projects.
Stadil declined to speak for other companies, and in fact had been told not to make any announcements about other organizations endorsing the projects. But he recommended visiting the project repos and making note of where those contributing to the two projects work as a proxy for corporate support.
Asked by a conference attendee about HashiCorp's rationale for relicensing its software, Stadil said the official party line is that Terraform is vital to the internet and there's long been a desire to have it under the oversight of The Linux Foundation.
"If HashiCorp in the future wants to join us at OpenTofu we'd be thrilled to see that happen," he said.
Stadil said he can't speculate on HashiCorp's internal decision making process.
Hashicorp, he said, had been burning cash and with interest rates rising it would not be surprising to see the software firm taking steps to generate greater revenue. HashiCorp did not immediately respond to a request for comment.
On Thursday, the software biz reported revenue of $146.1 million for its third fiscal quarter of 2024, representing a 17 percent increase year-on-year. That amounted to a GAAP net loss of $39.5 million, which is down from $72 million in the same period last year. ®