Skip to main content
TrustRadius
HashiCorp Vault

HashiCorp Vault

Overview

What is HashiCorp Vault?

HashiCorp offers Vault, an encryption tool of use in the management of secrets including credentials, passwords and other secrets, providing access control, audit trail, and support for multiple authentication methods. It is available open source, or under an enterprise license.

Read more
Recent Reviews

One of a Kind

10 out of 10
January 21, 2019
Incentivized
We have looked into HashiCorp Vault as a solution to generate, store, and manage secrets in a container-oriented production platform. …
Continue reading
Read all reviews
Return to navigation

Pricing

View all pricing

Cloud - HCP Vault

$0.03/hr

Cloud

Open Source

Free

Cloud

Enterprise

Contact sales team

Cloud

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.hashicorp.com/products/vaul…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services
Return to navigation

Product Details

What is HashiCorp Vault?

HashiCorp Vault is an identity-based secrets and encryption management system. A secret is anything that one wants to tightly control access to, such as API encryption keys, passwords, and certificates.

Vault provides encryption services that are gated by authentication and authorization methods. Using Vault’s UI, CLI, or HTTP API, access to secrets and other sensitive data can be securely stored and managed, tightly controlled (restricted), and auditable.

HashiCorp Vault Features

  • Supported: Secrets Management
  • Supported: Database Credential Rotation
  • Supported: Advanced Data Protection

HashiCorp Vault Screenshots

Screenshot of Example of writing a secret to Vault. Secrets are always encrypted and written to backend storage. To learn more: https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-first-secretScreenshot of Secrets menu to manage integrated secrets engines. Secrets Engines are components which store, generate, or encrypt data and are enabled at a path in Vault. To learn more: https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-uiScreenshot of Vault identity has support for groups. A group can contain multiple entities as its members. A group can also have subgroups. To learn more: https://developer.hashicorp.com/vault/docs/concepts/identityScreenshot of HCP Vault provides all of the power and security of Vault, without the complexity and overhead of managing it yourself. To learn more: https://cloud.hashicorp.com/products/vaultScreenshot of View entity client and non-entity client counts.Screenshot of MFA is built on top of the Identity system of Vault. To learn more: https://developer.hashicorp.com/vault/docs/auth/login-mfa

HashiCorp Vault Competitors

HashiCorp Vault Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

HashiCorp offers Vault, an encryption tool of use in the management of secrets including credentials, passwords and other secrets, providing access control, audit trail, and support for multiple authentication methods. It is available open source, or under an enterprise license.

CyberArk Privileged Access Management, ARCON PAM, and Delinea Secret Server are common alternatives for HashiCorp Vault.

Reviewers rate Support Rating highest, with a score of 6.3.

The most common users of HashiCorp Vault are from Mid-sized Companies (51-1,000 employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(19)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Users have made a few common recommendations based on their experiences with Vault.

Firstly, they recommend defining roles and policies at the beginning of the setup process. This helps save time and ensures cost-effectiveness by clearly establishing access levels and permissions.

Secondly, users advise investing time in careful planning before going into production with Vault. This includes defining paths, naming conventions, and policies to streamline the implementation process and prevent potential issues.

Lastly, users emphasize the importance of exploring learning resources such as documentation, user groups, and other knowledge-sharing platforms. These resources offer valuable insights into best practices, troubleshooting tips, and real-world use cases.

Overall, users believe that while Vault is a comprehensive and powerful tool, it may require some initial effort in terms of setup and planning. They also mention that additional user features could further improve its competitiveness. However, users encourage others to research and evaluate Vault for its affordability and data security benefits, as they believe it won't disappoint.

Attribute Ratings

Reviews

(1-4 of 4)
Companies can't remove reviews or game the system. Here's why
August 11, 2022

HashiCorp Vault - Credentials, passwords, and any kind of secrets in your environment reliably managed.

Erlon Sousa Pinheiro | TrustRadius Reviewer
Erlon Sousa Pinheiro
DevOps Engineer
Two Hat Security (Computer & Network Security, 11-50 employees)
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
We are centralizing several config data of our application into a Vault cluster spread into different regions through AWS. It is a solution which was implemented by the DevOps team initially to support the DevOps environment, going later to all production environments. What we used to handle with config files before is maintained by HashiCorp Vault.
Pros and Cons
  • A great repository for credentials and secrets.
  • Good scalability with its own clustering solution and high availability.
  • Easy to install like other Hashicorp products, it is based on just one executable.
  • Documentation could be better.
  • The multiple key unseal process can be a problem if the need arises.
  • It would make more sense if HashiCorp Vault combined with HashiCorp Consul to create a unique product.
Likelihood to Recommend
Complex environments today are delivered in an automated manner, usually based on git repository code. From a security standpoint, credentials, passwords, and secret keys cannot be stored in these repositories. A safe and reliable environment for storing this type of data is therefore required. HashiCorp Vault has proven to be an excellent choice in the environments where I inserted it.
Return on Investment
  • Allowed better access control for credentials, passwords, and important keys.
  • After we started using HashiCorp Vault, we were able to base our environment 100% as code.
  • SSH access control that is possible using HashiCorp Vault adds an extra level of security in environments where external remote access is required.
Usability
7
We spent a little more time than we imagined to conceptually understand how HashiCorp Vault operates, as well as how it is configured. This is not trivial, and keep in mind that you will need to take some time to get a thorough understanding of the tool. The documentation could be more helpful in this regard.
Support Rating
5
As with all other products provided by HashiCorp, the effort and attention that the company has in creating a complete solution ecosystem for the DevOps universe are fully apparent. Several technical lectures about products on YouTube are presented by the company's CEO.
Alternatives Considered
I already used Encrypted Hiera (which is basically YAML files encrypted with a private key scheme where this key is stored in plain text on the server, which is obviously not the best option). Another solution I also used for this purpose was AWS KMS, but with Vault I don't get stuck with a cloud provider.
Other Software Used
January 20, 2021

HashiCorp Vault for the win!

Marco Urrea | TrustRadius Reviewer
Marco Urrea
DevOps Engineer
DigitalOnUs (Computer Software, 201-500 employees)
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
It is used to manage secrets, credentials and other sensitive data among the company and our clients. It's a centralized secret management solution which mitigates security breaches and improves code development
Pros and Cons
  • Credentials generation
  • Secret management
  • Preventing secret sprawling
  • UI can improve
Likelihood to Recommend
It is a very useful tool when implemented in a company, it addresses lots of security issues, and it's very easy to implement because it is API driven.
Return on Investment
  • API driven
  • Versatile
  • Very useful because sensitive data doesn't exist before reading
Alternatives Considered
HashiCorp Vault is way better than Azure Key Vault; it has more features and it goes beyond a key-value secret store.
Other Software Used
September 18, 2019

Vault is a flexible and safe secrets managment solution.

Jeffrey Severance | TrustRadius Reviewer
Jeffrey Severance
Senior Solutions Engineer
Erie Insurance Group (Insurance, 5001-10,000 employees)
Score 7 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope

We use Hashicorp Vault to protect secrets used by our application teams such as database connection strings, passwords that run jobs, and meta-data about the environment around the application. This tool helps us ensure that our accounts are secure, passwords are private and our data can't be accessed by anyone that shouldn't have access to the system.


Pros and Cons
  • The HTTP API you use to write and read secrets is open and can be used by any application.
  • It keeps our sensitive data/credentials out of our Gitlab repositories.
  • Sealing and unsealing the Vault on demand adds an additional layer of security.
  • Vault requires a complex setup when getting started.
  • Vault requires decisions around the backend type to be made up front.
  • Vault tokens appear to be managed manually in most cases.
Likelihood to Recommend
Vault is a reliable and resilient as the Key Management System. It is not for the novice user that does not have a background in information security. It requires a significant time investment into the different key engines that the solution offers to get started. It works very well once implemented and is very flexible in general.
Return on Investment
  • Vault protects our application data from incidents.
  • Vault has decreased the time it takes to provide access to sensitive data.
  • Vault has provided great vault to our information security goals for this year.
Alternatives Considered
We evaluated Symantec as an existing partner within our enterprise. We found that the API provided by Vault is superior and that was a critical use case in our organization. We also found that Vault has more engine types which allow different types of data to be stored. This helped us make our decision.
Support Rating
8
Hashicorp has been very responsive to our questions and inquiries up to this point. We are currently working on them to develop a more granular permissions model within Vault. We are very close to achieving our objectives with the help of their support team. We do not seem to be in the same time zone which makes it hard for escalated issues.
Other Software Used
January 21, 2019

One of a Kind

Verified User
Engineer in Information Technology
Computer Software Company, 51-200 employees
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
We have looked into HashiCorp Vault as a solution to generate, store, and manage secrets in a container-oriented production platform. Currently, our systems rely on Vault to store TLS certificates and credentials to stateful services in our customer-facing applications. We are also using Vault to store application-level credentials for some of our products.
Pros and Cons
  • Automated revocation of credentials via leases
  • Provides many plugins for federated authorization through different platforms
  • Dynamic credential generation
  • Documentation for the API moves slower than changes in the API itself
  • The database secret engine's API design isn't as elegant as it could be
  • No support for revocation of all secrets under one path
Likelihood to Recommend
I believe that HashiCorp Vault is a unique product for security engineers with a lot of features that can help automate the secret management tasks from end to end. For automation purposes, it does require a reasonable amount of backing infrastructure, so only consider that option if you can get a good ROI. Otherwise, it's a perfectly serviceable tool as a secret store, if you never need to stash credentials in plaintext somewhere, for example, if you're running an application that logs into another service on behalf of other clients and OAuth2 is not an option.
Return on Investment
  • Helped us reach our security compliance goals.
  • Helped us strengthen our security position in our infrastructure by improving on poor secret management practices.
Return to navigation