Prometheus vs HashiCorp
Side-by-side trajectory, velocity, and editorial themes.
Prometheus enters 3.12 RC while running a coordinated security backport across the 3.5 LTS line.
Prometheus published a 3.12.0 release candidate with PromQL and Service Discovery additions, TSDB performance work, and security fixes for a remote-write denial-of-service and a STAC secret leak. In the same window, 3.11.3 and 3.5.3 shipped coordinated security fixes for snappy decoding, AzureAD client_secret handling, and an old-UI XSS, and the prior 3.11.2/3.5.2 pair fixed a metric-name XSS in the web UI. The project is clearly maintaining 3.5 as a long-term branch alongside the active 3.x line.
Cadence is dominated by responsible-disclosure security work, with feature additions concentrated in the upcoming 3.12 release. The fact that 3.5 keeps receiving coordinated backports months after 3.11 suggests Prometheus is informally treating 3.5 as a stable LTS for environments that cannot upgrade quickly.
Expect 3.12.0 to ship final within a few weeks given the RC has already landed, and a 3.5.4 backport to follow the next security disclosure rather than the next feature batch.
HashiCorp under IBM is doubling down on agentic IAM and enterprise-scale Terraform.
Now branded 'IBM Vault' in places, HashiCorp is rolling out its post-acquisition strategy on two fronts: native identity management for AI agents in Vault, and a coordinated Terraform refresh spanning 1.15, Enterprise 2.0, and Infragraph-powered HCP in public preview. Recent capability adds across Vault (envelope encryption for streaming workloads, Azure hub-and-spoke GA) and Terraform (cost visibility, project-level notifications) progress the existing surface while the strategic bets ship in parallel.
Two arcs are clearly pulling: Vault is repositioning as the identity plane for the AI-agent era — issuing, delegating, and tracing credentials for non-human actors — and Terraform is being reorganized around enterprise-scale governance with a single-source-of-truth graph (Infragraph) underneath HCP. The 'AI operating model' marketing layer signals that IBM and HashiCorp are telling enterprise buyers AI is now an operations problem, not an experimentation problem, and HashiCorp is the substrate to operationalize it on.
The AI-agent IAM story is the one to expand fastest — agent-policy primitives, OIDC-for-agents, tighter integration with Vault Secrets Operator and Boundary. On the Terraform side, Infragraph graduating from public preview is the next milestone to watch, and likely the moment 'HCP Terraform powered by Infragraph' replaces classic HCP Terraform as the default.
See more alternatives to Prometheus →
See more alternatives to HashiCorp →