IBM Vault vs. OpenSSL

HashiCorp Vault, in my opinion, is a defacto standard for any cloud or automation implementation. They're the best of the best as far as products for secrets management and the ability to use it against relatively any service you have is unheard of for other products. HashiCorp has really taken out all the stops when it comes to creating a nice, extensible tool that people can use to suit their needs.

Incentivized

I would recommend OpenSSL for just about any kind of cryptographic operations that you may need. I can't think of a particular situation where it would not be appropriate to use OpenSSL for a cryptographic function of some sort or another. If you are going to provide some sort of encryption service in a product, OpenSSL is probably the best way to get it off the ground and going. With other competitors, you may get it working, but I fear long term support and interoperability will be an issue.

Incentivized

• The HTTP API you use to write and read secrets is open and can be used by any application.
• It keeps our sensitive data/credentials out of our GitLab repositories.
• Sealing and unsealing the Vault on demand adds an additional layer of security.

Incentivized

• integrates into just about everything
• codebase is well managed and follows predictable paths
• although there are alternatives, OpenSSL is vastly better supported

Incentivized

• Session Management is terrible to manage
• Monitoring is hard and not enough information
• User management
• Configuration is too complex
• More user friendly UI

• the entire project could be completely refactored while preserving the library apis
• the documentation on command line usage is not usually the best
• code examples are not very well explained

Incentivized

HashiCorp Vault is the best there is out there, and it has become critical to our secret management use cases. It would be difficult to find anything that would suit our needs better and that would be beneficial for us to switch over to.

Incentivized

We spent a little more time than we imagined to conceptually understand how HashiCorp Vault operates, as well as how it is configured. This is not trivial, and keep in mind that you will need to take some time to get a thorough understanding of the tool. The documentation could be more helpful in this regard.

Incentivized

Hashicorp has been very responsive to our questions and inquiries up to this point. We are currently working on them to develop a more granular permissions model within Vault. We are very close to achieving our objectives with the help of their support team. We do not seem to be in the same time zone which makes it hard for escalated issues.

Incentivized

HashiCorp Vault is way better than Azure Key Vault; it has more features and it goes beyond a key-value secret store.

Incentivized

LibreSSL is another option to OpenSSL, however, the sheer volume of other applications using OpenSSL and the wide support for it makes OpenSSL a compelling product.

Incentivized

• Helped us reach our security compliance goals.
• Helped us strengthen our security position in our infrastructure by improving on poor secret management practices.

Incentivized

• roi is hard to measure for openssl. It's not that it doesn't provide a significant roi, but it is in the background of an application, not the foreground.

Incentivized