HashiCorp Vault
Manage secrets and protect sensitive data across your applications and infrastructure.
Open Source Edition
Available
Cloud Platform
HCP Vault
Integrations
Extensible Plugin System
About HashiCorp Vault
Vault provides a unified interface to any secret, while enabling tight access control and recording a detailed audit log. It handles leasing, key revocation, key rolling, and auditing. Through its comprehensive plugin system, Vault supports a wide variety of secret engines for different backends like cloud providers (AWS, Azure, GCP), databases, and SSH. It also integrates with multiple authentication mechanisms including cloud IAM, LDAP, and Active Directory. This allows developers and operators to automate secrets management, reduce secret sprawl, and mitigate the risk of data breaches.
Core Features
Secrets Engines
Securely store and manage static secrets, and generate dynamic, on-demand secrets for databases, cloud providers, and more.
Data Encryption
Encrypt and decrypt data without storing it. Provides 'encryption as a service' to applications.
Key Management
Offers features like key rolling (versioning) and revocation to manage the lifecycle of secrets.
Audit Logging
Maintains detailed audit logs of all requests and responses, providing a clear record of secret access.
Access Management
Authentication Methods
Supports a wide range of methods including Tokens, Cloud IAM (AWS, Azure, GCP), Kubernetes, LDAP, and AppRole.
Policies
Uses policies to codify and control which users, applications, and systems can access which secrets.
Identity & Access
Integrates with identity providers to manage access based on both human and machine identities.