[mitchellh]

Hello, I'm a founder of HashiCorp and I'd like to explain this.

First, this document only applies to enterprise evaluation software. This doesn't apply to our OSS software and this shouldn't be linked anywhere near our OSS except in the context of signing up for an enterprise eval.

Most importantly: why is this here? This is NOT a political statement. This is a legal requirement. The encryption we use in Vault is subject to Chinese export control laws and it is illegal for us (by Chinese law) to sell in China.

To be able to sell Vault within China we'd have to restrict the encryption that could be used within Vault to government-acceptable versions.

We don't do this, therefore it is illegal for us to sell in China. We have to include this line in our enterprise terms.

EDIT: Our legal team has updated the copy in our terms to be more explicit. You can read the updated copy in the second paragraph here: https://www.hashicorp.com/terms-of-evaluation

[TechBro8615]

It's interesting to me that it's Chinese export control laws that affect you. Normally when you hear about this kind of thing, it's the US export restrictions causing the issue. Does that not apply in this case? And wouldn't you be importing into China? (IANAL, genuinely asking)

[jldugger]

It's not export controls in the case of China afaik. It's literally 'the party would like to read your data in the name of social harmony'

[itsspring]

Ya, the word “export” was incorrect in OP’s post

[myopenid]

Or inversely they want to make sure the ciphers they use are reviewed and not backdoorable by adversaries (in this case the US).

[jhanschoo]

Perhaps they're referring to the Encryption Law https://www.cov.com/-/media/files/corporate/publications/201... in effect this year that discusses both the import and export of encryption.

[OzzyB]

Exactly, which is why OP's clarification is welcomed. I too made the same assumption as you did, or rather thought it was some political statement based on our current geopolitical climate.

But no, it's the Chinese looking to force a US company to use their pre-approved encryption for reasons that should be obvious.

Bravo.

[parliament32]

Thanks for clarifying. It sounded a lot like a political statement at first, but this makes more sense.

[stunt]

That's clear now. Maybe add this explanation somewhere and link to it from your terms-of-evaluation.

[ferest]

Which encryption is it?

[dude3]

Exactly just laws of the United States.

[zaphirplane]

you can request the title changed to be closer to your clearer explanation