Reviews (1-4 of 4)
We use Hashicorp Vault to protect secrets used by our application teams such as database connection strings, passwords that run jobs, and meta-data about the environment around the application. This tool helps us ensure that our accounts are secure, passwords are private and our data can't be accessed by anyone that shouldn't have access to the system.
- The HTTP API you use to write and read secrets is open and can be used by any application.
- It keeps our sensitive data/credentials out of our Gitlab repositories.
- Sealing and unsealing the Vault on demand adds an additional layer of security.
- Vault requires a complex setup when getting started.
- Vault requires decisions around the backend type to be made up front.
- Vault tokens appear to be managed manually in most cases.
HashiCorp Vault - Credentials, passwords, and any kind of secrets in your environment reliably managed.
- A great repository for credentials and secrets.
- Good scalability with its own clustering solution and high availability.
- Easy to install like other Hashicorp products, it is based on just one executable.
- Documentation could be better.
- The multiple key unseal process can be a problem if the need arises.
- It would make more sense if HashiCorp Vault combined with HashiCorp Consul to create a unique product.
- HashiCorp Vault manages secrets extremely well.
- It works well as a cloud-agnostic or multi-cloud solution.
- HashiCorp Vault works extremely well with other HashiCorp products.
- Vault integrates with other systems very well because everything is API driven.
- It doesn't have an interface. This isn't entirely bad because of the purpose it serves, but it does make the barrier to entry a little difficult.
- Unlike many other HashiCorp products, the documentation feels like it leaves some steps out. Step by step documentation lowers the barriers to entry a little bit, and going through even the installation documentation and setup leaves a little bit of the caveats out.
- It needs a fair bit of supporting infrastructure. You cannot just have a Vault instance. Having a HashiCorp Vault instance means also having a consul cluster for the backend.
- Automated revocation of credentials via leases
- Provides many plugins for federated authorization through different platforms
- Dynamic credential generation
- Documentation for the API moves slower than changes in the API itself
- The database secret engine's API design isn't as elegant as it could be
- No support for revocation of all secrets under one path
HashiCorp Vault Scorecard Summary
About HashiCorp Vault
HashiCorp Vault Technical Details