What is HashiCorp Boundary?
HashiCorp Boundary is a secure access management tool. It lets you connect to databases, servers, and Kubernetes clusters without exposing network credentials. Instead of passing static keys or storing kubeconfigs, Boundary brokers the session in real time. You define policies, map targets, and issue ephemeral credentials. Attack surface shrinks. Compliance improves.
Where K9S Fits In
K9S is the CLI UI for Kubernetes. It gives a faster, more visual way to explore resources, view logs, and manage workloads without leaving the terminal. By pairing K9S with HashiCorp Boundary, you can run K9S on protected clusters without exposing your kubeconfig or opening firewall holes.
How to Use HashiCorp Boundary with K9S
- Deploy HashiCorp Boundary in your environment or use a managed service.
- Create a Kubernetes target in Boundary that points to your API server.
- Configure Boundary to deliver short-lived kubeconfig credentials.
- Launch a Boundary session with the CLI:
boundary connect kube -target-id <target> - Pipe the temporary kubeconfig into K9S:
boundary connect kube -target-id <target> -- kubeconfig | KUBECONFIG=/dev/stdin k9s
This keeps credentials ephemeral. No residue files. Every session is authorized, logged, and auditable.
Why This Matters
Without Boundary, K9S connects using static kubeconfigs—often copied to laptops and CI pipelines. Each one is a leak risk. Boundary eliminates static secrets. It enforces identity-based access, logs every session, and integrates easily into existing workflows. The combination gives speed to dev teams and compliance to security teams—without slowing down cluster operations.
See it run live with managed infrastructure access at hoop.dev. You can be connected and exploring Kubernetes securely in minutes.