HashiCorp Cloud Platform
Configure self-managed workers for session recording
Enterprise
This feature requires HCP Boundary or Boundary Enterprise
Session recording in HCP Boundary requires at least one self-managed worker with access to local and remote storage. You must configure any self-managed workers that you want to use for session recording. HCP Boundary managed workers cannot be used for session recording.
Session recording requires that you define an accessible directory as therecording_storage_path
for storing in-progress session recordings.
On session closure, Boundary moves the local session recording to remote storage and deletes the local copy.
Refer to the following self-managed worker configuration example:
disable_mlock = true
hcp_boundary_cluster_id = "1a2b3c4c5-1a2b3c-4a5b6c-7713-1a3bc5"
listener "tcp" {
address = "0.0.0.0:9202"
purpose = "proxy"
}
worker {
public_addr = "<worker_public_addr>"
auth_storage_path = "/var/lib/boundary"
tags {
type = ["worker", "worker-session-recording"]
}
recording_storage_path = "/local/storage/directory"
}
Update the self-managed worker configuration with the following values:
cluster_id
- The HCP Boundary cluster ID. You can obtain the cluster ID from the HCP Boundary cluster URL. For example, in the URLhttps://1a2b3c4c5-1a2b3c-4a5b6c-7713-1a3bc5.boundary.hashicorp.cloud
, the cluster ID is1a2b3c4c5-1a2b3c-4a5b6c-7713-1a3bc5
.public_addr
- The public IP address or DNS name of the self-managed worker instance you want to configure for session recording.auth_storage_path
- The local path where the worker stores its credentials. You should not share storage between workers.tags
- Any key-value pairs that targets use to determine where to route connections.recording_storage_path
- The local path for storing session recordings that are in progress. When the session is closed, the recording is moved to remote storage and Boundary deletes the local copy.
Next steps
- Register the self-managed worker, if it is not already registered.
- Create a storage bucket.
- Enable session recording on a target.