HashiCorp Vault - Credentials, passwords, and any kind of secrets in your environment reliably managed.
Overall Satisfaction with HashiCorp Vault
We are centralizing several config data of our application into a Vault cluster spread into different regions through AWS. It is a solution which was implemented by the DevOps team initially to support the DevOps environment, going later to all production environments. What we used to handle with config files before is maintained by HashiCorp Vault.
Pros
- A great repository for credentials and secrets.
- Good scalability with its own clustering solution and high availability.
- Easy to install like other Hashicorp products, it is based on just one executable.
Cons
- Documentation could be better.
- The multiple key unseal process can be a problem if the need arises.
- It would make more sense if HashiCorp Vault combined with HashiCorp Consul to create a unique product.
- Allowed better access control for credentials, passwords, and important keys.
- After we started using HashiCorp Vault, we were able to base our environment 100% as code.
- SSH access control that is possible using HashiCorp Vault adds an extra level of security in environments where external remote access is required.
I already used Encrypted Hiera (which is basically YAML files encrypted with a private key scheme where this key is stored in plain text on the server, which is obviously not the best option). Another solution I also used for this purpose was AWS KMS, but with Vault I don't get stuck with a cloud provider.
Comments
Please log in to join the conversation