HashiCorp Vault Reviews

My primary use case for HashiCorp Vault is secret management. I keep my secrets away from the cluster in Vault, which acts as my secret manager. I remotely ingest with the help of Vaulting into the cluster.

The most valuable feature of HashiCorp Vault is version control. Whenever I change any secret, I am unable to edit it; I have to create a new version, which maintains a history. Additionally, Vault keeps my secrets safe and encrypted. The integration capabilities with Kubernetes are efficient, making it easy to detect.

An improvement needed is the ability for auto-initialization. There should be an inbuilt option for automatic initialization rather than running it manually.

I have been using HashiCorp Vault for more than two years.

I find Vault stable. There have been no challenges related to its stability.

I have not tried to scale Vault. As of now, there have been no issues regarding scalability.

I have not required customer service or technical support from HashiCorp, as I am using the open-source solution, and solutions are available online.

I did not have any other secret management solution in place before using HashiCorp Vault.

The initial setup was straightforward. I used the available documentation from HashiCorp, and it guided me efficiently through the process.

If I were to set it up in AWS Secret Management, I would have to manage it, pay, and create secrets without being cloud agnostic. The advantage with Vault is that it is cloud agnostic. I can deploy it on AWS, Google Cloud, or on-premises.

I did not evaluate any other solutions before choosing HashiCorp Vault.

I would rate HashiCorp Vault eight out of ten. I would recommend anyone to use it for their secret management needs. However, if it doesn't meet their expectations, they can explore other software options, although they might not find significant differences. 

We use it for password management.

For me, the most valuable features include that it's easy to manage and maintain the password API for retrieving passwords and other things.

There is room for improvement in stability.

We have been using HashiCorp Vault, specifically SecureGuard, for a long period of time. So, we have been using this solution for over ten years.

I would rate the stability a six out of ten. There are some bugs and glitches. We are in touch with the vendor to resolve them.

I would rate the scalability a seven out of ten. 

Most of our company's automation, application security, and other teams use this solution.

I would rate my experience with the initial setup a seven out of ten, where one is difficult and ten is easy to set up.

The deployment took a few days. We also had to do a POC. Overall, it's not very complex. It depends on the use case and how you want to apply it.

Security is good, and pricing is also competitive. I would rate the solution's pricing a six out of ten, where one is low and ten is high. 

We use both Azure Key Vault and HashiCorp Vault.

I would advise doing a Proof of Concept first and then deciding accordingly because your use case might be simple. You can try out AWS Key Management or Azure Key Vault. They are different products. Do the POC and then decide what you need.

Overall, I would rate the solution a six out of ten. No solution is a ten in my opinion.

The solution's typical use case is machine-to-machine communication, particularly in environments where development teams use various tools throughout the software development lifecycle. This includes scenarios where continuous integration is crucial. For instance, developers might manage various microservices or DNS services that frequently change. The solution facilitates secure and seamless authentication and integration of services, making it easier to manage service accounts and passwords. 

The feature I find most beneficial in HashiCorp Vault is the secret engine. It integrates smoothly with many applications, making it easy to set up and implement quickly. This allows you to test it easily and see good results rapidly. When you integrate an internal API or application, it quickly manages that application's secrets. 

The access management feature in HashiCorp is great, especially if you are considering situations where users are getting onboarded. They can manage their passwords themselves, and it integrates well with Active Directory or any other directory services. This is particularly useful for user management and applications that communicate with each other without human intervention.

In my opinion, HashiCorp Vault could improve its user interface. Right now, they don't offer much in terms of a graphical interface, which means you usually have to manage things manually through API calls. I think CyberArk has a better approach because it provides a UI that integrates features across all its components, making it easier, especially for new users or those from organizations with strict licensing policies. 

I have been working with the product for five years. 

I would rate the tool's performance a seven out of ten. While the setup process is quick, some limitations exist, such as the lack of a user-friendly UI and access control features compared to other solutions like CyberArk. Its stability is generally fine, especially for machine-to-machine communication. However, there may be some issues when scaling out to different regions.

I rate the tool's scalability an eight out of ten. 

The product's technical support is good. 

Setting up HashiCorp Vault is pretty easy and quick. It only takes about 30 minutes to install, and you can begin configuring your credentials and working with it. Regarding integration, I would rate the initial setup experience a nine out of ten.

I would rate the overall solution an eight out of ten. 

I currently push secret data to our target namespaces. Before joining the company, I managed everything in HashiCorp Vault, but now I'm just a consumer.

We use it to store service principal credentials for Azure provisioning. 

Before provisioning things in Azure, we use HashiCorp Vault to store service principal credentials—passwords and such. Then, we can identify if a user is authorized to provision resources. 

If not, the blueprint will throw an error saying the user isn't authorized to provision or spin up resources in Azure. Same thing with other components, except for the applications themselves. We don't store credentials for those.

On the replication side, in a high-availability setup in multiple Vault instances, secret data is accessible by other resources. Each user or technical user has their own token, and there are different tokens for dev, test, QA, and product environments. It meets all three-point authentication, authorization, and access control requirements.

The ability to store secret credentials and create policies using API calls, like allowing specific users to access certain data only after authentication. That's the strongest point for our use case.

The onboarding is a challenge. It should be more self-service, but it involves reviews and approvals.

I have been working with this solution for one year. I primarily use CLI execution.

It's stable. I would rate the stability a nine out of ten. Sometimes the issues are intermittent, but there are a lot of factors. Especially if the instances are running on-premises. 

It could be a network latency issue between your cloud provider and the on-premises environment. That's why it's intermittent. You cannot do anything in your cloud.

But if you run it on Kubernetes, you can easily scale it. We use it 24/7, as it's a critical storage for data. There are thousands of people using it. 

Basically, if Vault is down, you cannot work with the cloud synchronously. That's how critical it is.

I've never used an enterprise setup, so my experience is with the open-source HashiCorp Vault. I don't maintain it; I only use it when I have the opportunity.

The documentation is easy to follow. 

We're only using HashiCorp Vault, no other products.

The process is quite easy. You install the Vault CLI, communicate with your Vault URL, and enter secret data from the CLI, application side, or technical users executing the label.

Installation is easy because there's a containerized image, but onboarding is a manual process involving documentation. For example, a new project team needs a unique number, fills out a form, and then can use the Vault instance.

Overall, I would rate my experience an eight out of ten, where one is difficult and ten is easy because the onboarding is a challenge. It should be more self-service, but it involves reviews and approvals.

The deployment itself is easy and fast. It took me a minute to deploy HashiCorp. I used a container image, set it up manually, made sure the URL and DNS were set up, and shared it with the project team. They can access it via the Vault client from Windows or Linux machines.

Deployment can be done by two or three people. They could be DevOps, system engineers, or security engineers.

Only a few people are usually required for maintenance of HashiCorp Vault, but it depends on the size of the data, especially the secrets being stored in the vault. So, only a small group of people, five to six, can maintain it.

The enterprise version would require considering factors like the level of support needed, the amount of secret data being stored, and replication needs. 

But in my case, the open-source version works well. It's advisable for small to medium-scale organizations, but for large-scale organizations, you should go with the enterprise version.

Vault is the standard. However, there are other vaults. For example, in Azure, they have Azure Key Vault. But the main decision factor is always, "Can I integrate it into my existing landscape?" Because once you use Azure Key Vault, you need a cloud subscription. 

Whereas with HashiCorp Vault, I can spin up an instance on-premises and integrate it with other cloud providers without relying on other products.

The question is, what works for you in terms of interoperability? If you choose HashiCorp Vault, Azure Key Vault, or another product, the de facto standard is really HashiCorp Vault. It's certified, so it's better to go with that and check on both.

Go for it! It's essential for adopting a zero-trust architecture, especially in hybrid setups combining multiple cloud providers with on-premises infrastructure. You should have a centralized location for your secret data, not storing it in files that could be accidentally uploaded to versioning tools like Git. Hardcoded credentials are a no-go. Centralize with a solution like HashiCorp Vault.

Overall, I would rate the solution a ten out of ten. 

The product is free and easy to use. It is well documented with an easy implementation process.

There could be a plugin for the database to change the secret automatically. It would be an efficient feature for password security.

We have been using HashiCorp Vault for three years.

We have more than 500 HashiCorp Vault users in our organization. 

We have used CyberArk before. In comparison, HashiCorp Vault has detailed documentation and is easy to use.

I rate HashiCorp Vault a nine out of ten. It is a good product and doesn’t necessarily require using TerraForm for cloud infrastructure.

We use the solution for secret management. 

The product needs to improve its customization. It should be also more like easy to plug and play. 

I have been working with the product for three years. 

I would rate the product an eight out of ten. 

We use the solution to store and encrypt the passwords.

The solution's API feature works the best. It is user-friendly and easy to implement from any application point.

They should include automation features for the solution's implementation process. It will make the deployment simple.

I have been using the solution for two years.

It is a stable solution.

The solution's scalability is based on the infrastructure and depends on the volume of the usage of a specific organization.

The solution's initial setup process is complicated. It requires involvement from the security team. Additionally, it is not self-service and depends on manual intervention to carry out the implementation.

The solution's cost is reasonable. Its automation features contribute to sustainability and cost-effectiveness.

I recommend the solution to others and rate it an eight out of ten.

We're a VoIP service provider, and we have a lot of particular requirements. Whatever we use must have a RESTful API. We also have very particular requirements around our backup, logging, and key lifecycle. That's because we have an American parent, who applies a lot of niche standards. My parent company is a big client of theirs. So, the overall group engages HashiCorp. It has gotten to the point where they actually reference HashiCorp as the tool of choice.

I ran a really detailed proof of concept for our business for six months. I got from HashiCorp one of their premium licenses, and we ran a test of it for six months,  but it is not in use at the moment.

We were using it for an on-prem implementation. I personally tested the HashiCorp cloud (HCP) on my personal laptop. I tested the premium version, which is the binary download, but it doesn't allow you to do clusters. It was a very limited use case, but we needed something on-prem. We are all on-prem. We don't operate in the cloud. So, we needed something to work with our on-prem setup. So, we weren't not doing a trial of the cloud version.

It was very easy to use. They've got multiple authentication methods, and because everything has a RESTful API, and my whole system is built on API, it would've worked fabulously for us.

We were using it because we have compliance requirements around secret management. Having a secure vault and encrypting data was an additional requirement. When we looked at it first, we were just looking for a vault, like a lockbox. The greatest benefit of HashiCorp is its ability to manage encryption on the fly. It provides encryption of data at rest, in use, in transit, on the fly, and linked with applications, which was really attractive. 

During the PoC, I played with every format. I played with the cloud, and I played with the small binary. I played with the enterprise license, and you can't fault it. It is seamless. The lifecycle of a key is so easy to manage in terms of rotating, revoking, and issuing. They have different auth methods, and I tried all different auth methods. It is seamless; it is beautiful, but it has got a price that matches that.

Its cost can be improved. It is really pricey, but to be fair, it did everything that we wanted it to do. Because of our requirements for high availability, redundancy, and resiliency, we needed a lot of clusters and a lot of nodes. We needed a massive architecture and the price of it was so inhibitive. It was going to cost us over a quarter of a million a year.

In terms of features, the only thing that I found a little bit hinky was that there was no revocation or deletion on the model we were using. Once in a financial year, a client interacts, and you pay for that client for the year. So, there are just little things like that in the pricing. There should be more clarity around the end of the key. I know there is no system like this. They all are the same. I tested Microsoft, Google, and some others, and none of them really want you to delete a key, which makes sense. You delete a key, and you lose everything that it has wrapped or encrypted, but it's actually just a language. Deletion isn't really deletion. It's really revocation, but overall, HashiCorp Vault ticked all the boxes for us, and I couldn't fault it.

I ran a proof of concept on HashiCorp for six months earlier this year on one of their premium licenses. We were doing a proof of concept to see whether it suited our business.

Its stability is excellent.

Its scalability is out of this world.

I never needed to contact their technical support. We were a potential client, and they were setting up meetings, and I was raising stuff with them. They were catching it beforehand. Their customer support is quite incredible, even when you're just discussing purchasing it from them. We needed to do an integration with our native apps, which are built with Python, and they were giving us people who have done integrations with Python apps. They were going to send people to us to manage it for us. They go above and beyond.

We're currently using something so basic. We're a smaller outfit, and we didn't really have the security posture of our parent company. So, it is a big rush to meet that, but currently, we're just using Ansible Vault because that's the tool used by our network and infrastructure team. We're trying to get a little bit of integration. We're trying to get secrets out of config files for now. It is a very incremental approach, and we're just taking baby steps until we get to a point where we can re-engage with someone from HashiCorp and maybe use the cloud offering or a more flexible pricing model. Ansible Vault is super basic now with a very reduced scope.

It was very straightforward. With an enterprise license, we were getting a lot of support because it was a potential big sale client. Our parent company is an important existing client of Hashicorp. They are one of their biggest clients. So, we got a lot of hand-holding, but personally,  I did a trial of the cloud on my own laptop, and it was very easy. I spun it up in 20 minutes.

It could do everything we wanted it to do and it is brilliant, but it is super pricey. To be fair to HashiCorp, we drove the price up with our requirements around resiliency. Because of the nature of our company, we don't really operate in the cloud. Our cloud presence is a couple of VMs. We're not even a hybrid. We don't have a public cloud. As we mature and as we're moving in the cloud direction, it would possibly be a lot cheaper because we'd just be paying for what we're using. That price was for a future-proofed quote of where we will need to be in three years. What we were looking for was colossal. We wanted redundancy clusters, multiple nodes, and multiple validations. It was a global reach, and it was a lot. It was going to cost us over a quarter of a million a year. I was quite frankly shocked. It is a lot of money. I know that we drove it up, and we were getting a lot for that. If we had more flexibility to go into the cloud, it would probably be a lot cheaper.

My parent company did say that the pricing model changed this year and the price went up. They seem to be bringing themselves in line with general Microsoft pricing. Because HashiCorp has a free version, a lot of people were just using the free version and getting by on it, but if you want to have clusters and the scalability to have more clusters, you will have to upgrade.

They do have different licenses, but they are very closed about their pricing. I was three months into the PoC before I could get a price. They don't offer it, and they don't lead with it. It is probably because it is very bespoke.

We wanted it to do so many things, and that's why it was so pricey, but even to take it down, they have some confusing terms. They've got fixed costs, but there is a cost per client, and I found the definition of client fuzzy. So, you pay a certain price for every client that interacts with the vault or with HashiCorp, but what they call a client is quite loose. You could get up to a lot of clients very quickly. There are some elements of the pricing that I wouldn't be super keen on.

We did a lot of trialing across. I did a big piece of work and went through a lot of literature reviews and looked for all the available offerings. I looked at over 60 offerings in the market and whittled them down by my specific requirements. I got down to a list of four and applied more requirements to that, and HashiCorp was a clear standout. That's why we went into a PoC with them, and they didn't disappoint. It is the best in the market. It is just the price, but I know that we were pushing up the price because our requirements were possibly a little bit dated. If I had more cloud presence and used their cloud version, it would probably make a lot more sense for us as a business. We're going through a big change at the moment. So, maybe in a year's time, we'll go back to them and take their cloud offering.

I would rate it a nine out of ten.

One of our primary use cases of HashiCorp Vault is security, to keep things secret. Instead of going for any particular cloud-based solution, this is cloud agnostic. We can go for any cloud solution when we have a hybrid solution in place, so Vault is always recommended for it. 

This solution is cloud-based. 

The most valuable feature of HashiCorp Vault is that it's an open source solution. Second, it's cloud agnostic, so it's very easy to maintain and control, which is why we prefer HashiCorp. 

I don't think there are any major improvements required—so far, so good. However, I think that having more training materials, such as videos, and documentation available would be helpful. I would prefer to have more videos available either on the official site or on YouTube. 

I have been using this solution for less than a year. 

This solution is stable. 

This solution is scalable. 

There are less than 10 people in our organization using HashiCorp Vault. We have plans to increase our usage. 

I have never contacted HashiCorp support directly because, so far, I haven't had to. 

We have also used similar cloud-based solutions. AWS and Azure are promoting their own solutions, which we have used before. 

The installation was very straightforward. It didn't take more than one hour. We did it ourselves and the documents are very clear and helpful, so it was fine. For deployment and maintenance, we had a team of five engineers. 

We implemented this solution through an in-house team. 

I rate HashiCorp Vault a nine out of ten. 

The goal is to move towards open source, so it's always good to have a cloud agnostic-based solution. This is why our organization is always goes with a hybrid solution, which doesn't depend on any single cloud provider—it's always good to look for cloud agnostic solutions. In that view, I think that HashiCorp solutions are very, very acceptable. 

We use HashiCorp Vault to manage and keep all secrets and configurations in SQL. It works as central storage, securing different environments.

The product is complicated to install. It could be easier. Additionally, its pricing model needs improvement.

We have been using HashiCorp Vault for the last three years.

It is a stable product.

We have 10 HashiCorp Vault users in our organization.

The initial setup is complicated compared to AWS. We use Ansible for script automation. It takes one week and requires one senior DevOps engineer to execute the process.

We implemented the product in-house.

The product is expensive. However, we use the open-source version.

I rate HashiCorp Vault an eight out of ten. It is a good product to consider for companies who are looking to build on-premise or hybrid infrastructure.