HashiCorp Consul is a tool for discovering and configuring services in the IT infrastructure. It provides service discovery, health checking, key/value stores and support for multiple data centers out of the box.
$0
always free
HashiCorp Vault
Score 8.9 out of 10
N/A
HashiCorp offers Vault, an encryption tool of use in the management of secrets including credentials, passwords and other secrets, providing access control, audit trail, and support for multiple authentication methods. It is available open source, or under an enterprise license.
Consul can provide a light-weight, lightning-fast and robust solution for the following:
Network mesh
Service DNS
Global key-value store (values can be complex objects as well)
Utility for blue-green deployments
Service health checking
Consul can be used in any or a combination of these scenarios. Regardless if you are a network administrator or a regular software engineer, Consul can add value to your work.
HashiCorp Vault, in my opinion, is a defacto standard for any cloud or automation implementation. They're the best of the best as far as products for secrets management and the ability to use it against relatively any service you have is unheard of for other products. HashiCorp has really taken out all the stops when it comes to creating a nice, extensible tool that people can use to suit their needs.
The GUI: The GUI interface for Consul has gotten a lot better over the years. Since Consul is so easy to interact with via API, this isn't a showstopper, but for those that are less command line inclined it's always nice to be able to refer them to an easy to use and understand web interface
It's chatty: Consul is extremely chatty. Sometimes it's particularly chatty at 2am with no indication as to why and eats up quite a bit of resources. Just be sure to provision your systems that typically take a heavy load with a little extra for Consul
HashiCorp Vault is the best there is out there, and it has become critical to our secret management use cases. It would be difficult to find anything that would suit our needs better and that would be beneficial for us to switch over to.
Consul's API is extremely user friendly. While their web interface isn't quite as "mature", it's still pretty easily navigated for the average person. Together they make a pretty easy to pick up and use tool.
We spent a little more time than we imagined to conceptually understand how HashiCorp Vault operates, as well as how it is configured. This is not trivial, and keep in mind that you will need to take some time to get a thorough understanding of the tool. The documentation could be more helpful in this regard.
I've never used paid support from HashiCorp, but I consider its support a good one, since they provide a lot of free resources for the community and there are good user groups supporting you on several sorts of issues. Also, HashiCorp is known as a company with a strong relationship with the community, that is easily noticed by the events HashiCorp promotes over the world.
Hashicorp has been very responsive to our questions and inquiries up to this point. We are currently working on them to develop a more granular permissions model within Vault. We are very close to achieving our objectives with the help of their support team. We do not seem to be in the same time zone which makes it hard for escalated issues.
Consul was easier to configure out of the box than Serf and gave us more initial options. Its easy to use tools and support were by far superior to Serf in many ways. Support alone was one of those areas that Serf could take an example from Consul to keep its customers happy.
It contains a native web UI, which in contrast to its counterparts, is handy, very intuitive and - most importantly - very informative. It leaves no room for doubt about your services "forest" health. So, for that purpose, the learning curve was almost down to non-existent. Our team managed to work seamlessly with Consul being our services API
Our management staff had a difficult time understanding what Consul was really all about. For technical staff it is pretty simple to understand the huge value such a tool can pose to our suite of solutions, but once our management staff took the grasp of its valuable handy set of tools, we didn't take long to start using it and keeping track of our Swarm overall health, with was a constant concern for the entire company before.
For load balancing purposes, we were relying pretty much on guesses before we decided to use Consul. One would check a certain node overall health and decide if we would need to spring a new instance at AWS or Digital Ocean.
