HashiCorp Vault Reviews

In our organization, we implement HashiCorp Vault to securely manage and centralize all application and infrastructure secrets such as API tokens, database credentials, TLS certificates, and cloud IAM credentials.

Earlier, the secrets were scattered across CI/CD pipelines, environmental variables, and configurational files, but HashiCorp Vault gives us a single solution.

We mainly use HashiCorp Vault in our OpenShift cluster. In one of our OpenShift clusters, we deployed HashiCorp Vault as a sidecar injected secret provider for our microservices. Each application pod running in OpenShift had an AppRole mapped to HashiCorp Vault. We use a HashiCorp Vault Agent Injector to automatically inject the app-specific secrets such as database passwords or credentials.

We pass these as environmental variables and mount these files in the pods. HashiCorp Vault was configured to submit these passwords or secrets into our OpenShift application without any need to worry about decryption or encryption in any pod. HashiCorp Vault takes care of it, and it also reduced our secret exposure and simplified our compliance audits.

We primarily use HashiCorp Vault integrated to our OpenShift or Kubernetes clusters where we could map our secrets directly to our application without needing to retrieve these secrets manually. Before considering HashiCorp Vault, we also evaluated CyberArk Conjur. By comparing Conjur and HashiCorp Vault, we voted for HashiCorp Vault and have been using it since then.

What we valued in HashiCorp Vault is the flexibility and integration capabilities. For example, dynamic secret generation allows us to have secrets generated, and HashiCorp Vault is integrated to cloud provider platforms such as AWS and Azure. Additionally, HashiCorp Vault has very strong encryption APIs for sensitive data handling.

HashiCorp Vault Agent and Injector features greatly simplified secret retrieval inside the OpenShift pods.

HashiCorp Vault has given strong value in terms of compliance, automation, and security hygiene. It eliminated hard-coded secrets in our code and pipelines, and it simplified secret rotation via automation, so we did not need manual credential updates. It also reduced our incident risk due to secret leaks or unauthorized access. Only admins have specific privileges or permissions to access secrets. Overall, HashiCorp Vault improved our security posture and the productivity of our applications.

Using HashiCorp Vault increased our security score significantly. All of our applications fall under compliance requirements. Since we are a fintech company, we do not want our secrets exposed anywhere, so we focus on encryption. Using HashiCorp Vault has given us a positive effect on our security posture and increased our values in terms of security.

Configuring HashiCorp Vault since we are mainly using it in Kubernetes or OpenShift clusters took some time and effort to align with our deployment. The initial setup can be a little confusing and complex for someone who is newer. However, it is not impossible to achieve, but it will take some time to understand the product. The ACLs within HashiCorp Vault, such as policies and AppRole authentication, were not intuitive at first. However, we slowly became habituated to the product once we began using it. Once we moved past the learning curve of these challenges, HashiCorp Vault becomes a critical security layer of our workloads.

The only minor challenge is the initial setup complexity, especially for teams new to HashiCorp Vault's authentication methods and storage backends. Other than that, it works flawlessly.

We have been using HashiCorp Vault for more than three years.

HashiCorp Vault is stable.

HashiCorp Vault is open-source and regarding scalability, HashiCorp Vault Enterprise, which is the commercial offering, is highly scalable. We did not see any challenges in that area.

We have not reached out to customer support much, but we have reached out for a few issues in the initial setup. We have not had any further issues since then. Their support is quite responsive and they are focused on solving any issues that we are facing. It is pretty good.

Neutral

Configuring HashiCorp Vault since we are mainly using it in Kubernetes or OpenShift clusters took some time and effort to align with our deployment. The initial setup can be a little confusing and complex for someone who is newer. However, it is not impossible to achieve, but it will take some time to understand the product.

The only minor challenge is the initial setup complexity, especially for teams new to HashiCorp Vault's authentication methods and storage backends. Other than that, it works flawlessly.

The main return on investment from HashiCorp Vault is that the security level increased significantly. It increased our security score and made many of our applications follow a standard security compliance. This is a big plus for being a fintech company. It increased our core values in terms of organizational encryption, security, and data storage.

HashiCorp Vault offers different editions such as SaaS, managed, and self-hosted HashiCorp Vault. It depends on the use case based on the enterprise we are using. The self-hosted enterprise pricing is transparent. Typically, you contact sales and they can significantly scale in numbers. The initial deployment of HashiCorp Vault required some investment in infrastructure, but the cost is not only the license or subscription. It is smooth. We did not feel any hidden costs inside this HashiCorp Vault component. It is as per the enterprise standard we have gone for it. We have not had any issues with it.

We evaluated CyberArk Conjur as one of the options.

I would recommend HashiCorp Vault as a solid nine because it is a very robust and enterprise-ready solution for secret management. The encryption as a service and a policy-based access make it a nine out of ten. HashiCorp Vault has everything needed in terms of enterprise-ready solutions for secret management and encryption, and we can access secrets based on policy. However, the only minor challenge is that the initial setup can be a little complex. Additionally, their documentation is helpful, but in order to sail the ship initially, it will take some time to understand the product and their methodologies and how to properly set it up. Other than that, it is a solid nine.

If organizations want to have their security score increased and make secret management a centralized solution, and they are looking for something in the market to integrate their secrets in Kubernetes or any of their application secrets, or if they want to encrypt end-to-end without any hassle of decryption or any secret retrieval issues or exposure risks, HashiCorp Vault is a good solution they can simply opt for. It is a fine-grained enterprise-level tool where you can utilize it to the next level and you can absolutely integrate it into your key products to reduce the security exposure risks and simplify compliance audits. I have given this review a rating of nine out of ten.

My main use case for HashiCorp Vault is that I use it as a secrets management store, so rather than providing secret or sensitive information directly in code and then committing it to a codebase, I instead store it within HashiCorp Vault and then the application calls it from there.

The second thing I use it for is dynamic secrets generation, so rather than using GCP service account keys, I use HashiCorp Vault to dynamically generate those keys, which is more secure.

The way that we set up dynamic secrets generation with HashiCorp Vault is that our application, when it needs to run a pipeline and be deployed via a GitLab pipeline, the user who's running the pipeline creates a call to HashiCorp Vault and it asks for a dynamic secret to be generated for GCP service accounts. So rather than storing a JSON key directly in GCP, which is a long-lived credential, instead, the dynamic credential is provisioned. It's handed back to the application and then the application service account uses that to authenticate. Then the dynamic short-lived credential is destroyed in a short period of time, which makes it a secure workflow.

In my experience, the best features that HashiCorp Vault offers is the dynamic secrets generation feature because it lowers the blast radius if a leak was to ever occur, because the credentials would expire much more quickly than if static keys were used. Because within, for example, Google Cloud or maybe AWS, you can create a key and have it live forever. So you could be managing hundreds or maybe even thousands of keys, but they're so long-lived; if it was ever compromised, it'd be a real problem. Someone could steal it and then use it five years later technically. But if you're using dynamic secrets generation with HashiCorp Vault and you're setting the credential to expire after maybe an hour, rather than ten years or maybe never expiring directly in the cloud platforms, then your security is greatly enhanced.

I also value the auditing feature of HashiCorp Vault; every single action such as who accessed what and when is logged, so that's also a highly secure feature that I value.

The auditing feature of HashiCorp Vault has helped me and my team by allowing organizations which split developers to non-prod only access and DevOps or platform automation teams or SRE teams to production only, to very quickly identify from the auditing if anyone's access credentials are incorrectly configured. For example, if a developer is ever trying to generate access to a production environment through a dynamic credential, you could quite easily pick up on that. So that's a very good, secure feature which integrates well with an organization's own access control policies.

HashiCorp Vault has positively impacted security governance that we have by greatly reducing the risk of a leak and then a bypass, but overall, it's increased the security of our organization.

HashiCorp Vault is quite complex to use for new users and has a steep learning curve; I would consider the tool very good for highly advanced teams who manage huge numbers of credentials, but it's probably not very appropriate for smaller teams with maybe less experience using vaults such as this. Setting up a highly available cluster is a difficult task and it's also quite operationally heavy.

Another issue is although there's a free open-source version of HashiCorp Vault, the paid-for version, the Enterprise version, is very expensive, so it can be quite complex and expensive to use as a tool.

I would say that support and documentation for HashiCorp Vault are both quite good; I would say its documentation is some of the best out of any cloud tooling, but it's really just the complexity and the cost which are the drawbacks to HashiCorp Vault.

HashiCorp Vault is very stable, but also the stability is also up to the customer because you would have to manage your own cluster. So it really depends on what machines you're running on and how you're scaling that; it is very stable, and you have flexibility and customizability over how stable you want to make it as well.

HashiCorp Vault's scalability is highly scalable because you control the infrastructure, so you could run it on a cluster which you have numerous machines which are large sizes, making it as big as you want or as small as you want.

The customer support for HashiCorp Vault is very good, and its documentation is also very good; the documentation for other HashiCorp tools as well is very good, so I have no complaints.

I would rate the customer support of HashiCorp Vault a ten out of ten; I've not directly interacted with customer support, but my colleagues have done and they've never had any issues.

Positive

I have previously used Akeyless Secret Management, AWS Secrets Manager, and GCP Secrets Manager; they're all good tools and it just depends what the use case is. If you are specifically operating within one cloud such as GCP, you'd probably want to use GCP Secret Manager, which is quicker, easier, and probably cheaper as well. If you are using numerous clouds and numerous environments, Akeyless is probably good because it's easier to set up and probably cheaper as well. If you have a full enterprise rollout, you're multi-cloud, you have thousands and thousands of secrets, and you need the best of the best, then HashiCorp Vault is probably the best.

From a money-saved perspective regarding HashiCorp Vault, it's hard to say; I suppose for an organization which might have frequent breaches, which isn't an organization I've worked for before, but if you were in an organization that had frequent breaches, you probably would have a very quick and powerful money-saved return on investment because when a breach occurs, it could easily cost in the tens of thousands or hundreds of thousands of pounds or dollars. I don't think HashiCorp Vault saves time; it uses more time. The real benefit is the increased security. I suppose an ongoing time save, which is more of a trickle, is when you're carrying out auditing and compliance; it's a lot easier to use the data that HashiCorp Vault provides to do that. So there probably has been a time save from that perspective, but setting it up is also quite a time-consuming activity as well as the operational management.

The pricing setup cost for HashiCorp Vault is quite expensive, especially if you consider it against native, cloud-native equivalent tooling. So within GCP, I'm thinking about Secret Manager, AWS Secrets Manager as well; those tools are, from my experience, cheaper to use and also easier to set up as well. It takes less effort because they're managed by the cloud provider, whereas if you're running HashiCorp Vault, the way that I've seen it done is you would have to manage your own cluster, introducing a layer of complexity and potentially higher cost if you're doing it in a cost-inefficient manner.

I evaluated Akeyless as another option, and as I mentioned before, Akeyless is good if you have a multi-cloud deployment and you want it cheaper and easier. HashiCorp Vault is probably best if you have a full massive enterprise rollout due to the enterprise support features and because HashiCorp Vault has been in the marketplace for a long time; so there's a lot of knowledge from the support team and also in the documentation just because of how established it is in the marketplace.

I give HashiCorp Vault an eight out of ten because it's a very good tool that offers great security features, but it's very specific in its application. If you are a complex organization operating in a multi-cloud fashion and needing strict compliance standards such as SOC 2, then it would be brilliant. But if you're a small team of developers, or you have a very small budget or not very much previous history operating a vault such as HashiCorp Vault, then it probably isn't appropriate. So although it's a great tool for some use cases, it's not applicable to every scenario, which prevents me from giving it a ten out of ten.

I would advise others looking into using HashiCorp Vault to use it if their scenario is an enterprise rollout and they have a large budget. It is a great tool, but it does come with a lot of time needed to maintain it and also financial cost associated with it as well.

My main use case for HashiCorp Vault is to store secrets in HashiCorp, where in production domain or in test domain, I will vault secrets or passwords through AD protected, database protected, GCP, and other methods.

Let me explain how I use HashiCorp Vault in my daily work. When a user raises a change task request to vault secrets to HashiCorp, they provide the namespace, the environment where they need to vault, the environment secrets, car ID, application name, and which environment they need to vault in, whether AD, database, or GCP. Then we open the Airflow tool, where HashiCorp Vault is available. We click on the appropriate option. If the user has requested AD protected, then we go through the AD protected section in HashiCorp Vault, and we create and provide the passwords and secrets, then trigger that button. Once that button is triggered and the secret is vaulted, we can see that in HashiCorp Vault prod or test environment domain that the user has specified. Then we go there and verify whether the secret has been vaulted. Then we provide the API path to the user. The user can then retrieve the passwords through the API path.

Because when the organization hires production teams, they run some applications beyond working hours. At that time, they need some servers or applications to be logged in. For that, some passwords or secrets will be altered in CyberArk or HashiCorp Vault. They need to retrieve the password or secrets from HashiCorp Vault, which means they need some API paths or they can retrieve them directly. This will take less time and save more money because every time you want to raise a ticket, it takes time and that person needs to provide the secret, which takes more time. Once it is vaulted, the secret will remain statically in HashiCorp Vault until you rotate or delete it. Whenever you want, whether one year, one month, two months, or three months later, you can retrieve that secret. This will save time and money, and more than one employee can retrieve that secret. It will be more beneficial for us.

The best feature HashiCorp Vault offers is that it provides metadata, API path, and API path information, which makes it easier for users to get passwords through API calls using any websites or Postman tool. They can retrieve the password through that API path. This is an easier way to retrieve passwords.

I would rate HashiCorp Vault an 8 on a scale of 1 to 10. Overall, I will round up to 8.

It impacts our organizations more positively because previously, we used to vault passwords in CyberArk. When a user needed to retrieve passwords, every day the user would need to raise a request, then we would rotate the password and provide it for the user. With HashiCorp Vault, once we retrieve the password from CyberArk and vault it in HashiCorp Vault, the user no longer needs to raise any other request for every daily task for their applications. They can retrieve the password through API calls whenever they want. This is an easier and more user-friendly case for HashiCorp Vault users.

It will reduce more time because previously, as I mentioned before, we used to take the password from CyberArk and then vault it in HashiCorp Vault. Previously, this was not automatic; there was more manual work while vaulting in CyberArk. However, with HashiCorp Vault, it is more user-friendly. You can retrieve the password whenever you want from the API path or, if you have entitlement to log in to HashiCorp Vault, you can go through that and copy-paste the password easily for your daily application logins. We used to get fewer tickets with HashiCorp Vault because daily tasks that were manual will be less, and everything will be automatic and take no time.

HashiCorp Vault can be improved more because it has provided only metadata and API paths. However, if it had provided more protected or secret folders, that would be helpful. Now the generation has come for AD merging for the LDAP engine. If such features come in the future for AD, GCP, and everything, it will be mainly automated. If you put any namespace or anything specified, it should automatically be triggered based on that request. This would be useful for HashiCorp Vault. It would be more user-friendly, and manual work would be less.

I have been using HashiCorp Vault for more than two plus years.

HashiCorp Vault is stable.

HashiCorp Vault has more scalability because we vault secrets more efficiently and with more reliability. HashiCorp Vault is structured for large organizations. If you use more scalability for that, it will increase the volumes of work, such as more users, machines, authentications, or any requests relevant to that, it will be maintaining more cost or more efficiency for the users.

I have not interacted with any customer support team.

Before we used HashiCorp Vault, we were using CyberArk where we used to vault passwords, rotate secrets, and everything. Then we used to provide access, or we used to enter manually or we used to buy Automatron, we used to enter for the user and they can access their applications.

Our project works only on triggering and vaulting secrets. We are not calculating anything with regards to price or cost about licensing. This will be confirmed or worked under an L3 team. I am from an L2 team, so we do not consider much of the pricing, setup cost, or licensing issues.

I will give advice that most people should go for HashiCorp Vault because compared to some other vaulting secrets solutions, you can go for HashiCorp Vault because it is a vault that can protect all of your data, all of your application secrets, and domain. Those who have access can retrieve the secret or delete the secret. It is more time-saving and more money-saving, and it does not have any manual work; it is all automatic work, and through API path, we can retrieve any of our secrets. Nothing takes more time. It is more helpful, and organizations should go for HashiCorp Vault in the future. It is more beneficial for them. Every organization needs to use HashiCorp Vault.

HashiCorp Vault will be more helpful because most automatic work will be done, and it will take less time for users to retrieve everything. It is a time-saving tool. If you vault any secrets, it will be protected and through the link, through the API path, or any metadata path, we can retrieve the password easily. It is okay to improve and it is okay to use for me. I am more confident about it because I have worked more extensively with this solution. Out of 10, I rate HashiCorp Vault an 8, which is good for me.

My main use case for HashiCorp Vault involves a real-time example where I have an image. In the Dockerfile, I created the dependencies for what my application needs. I created a Dockerfile, built it locally, and needed to push the artifact. The image is already stored in JFrog Artifactory. For this, in HashiCorp Vault, we use two tokens: one is a CI user and a CI token. Using this CI user as a username and the CI token as a password, we first retrieve that secret from HashiCorp Vault via a pipeline. After we retrieve that from HashiCorp Vault, we can easily pull the image from Artifactory and push it to ACR. Sometimes for Azure authentication purposes, we are also using HashiCorp Vault. It is a very secure solution compared to Azure Key Vault.

The process of using HashiCorp Vault impacts my team's workflow and security positively compared to what we were doing before. In my team, we have almost ten DevOps teams, and each one has different requirements and daily activities. For my requirement, I need to pull the image from JFrog and push it to ACR. Some are using it for Azure authentication purposes, and some are using the certificate user. A client provided a PFX file, and we will also create a PFX format. After creating the PFX, we convert it to text. Once it is text, we can store it in HashiCorp Vault under that engine in a new version. Different teams and different colleagues have used it for different purposes. HashiCorp Vault serves as central secret and credential management that can be used in parallel for all to retrieve that secret, and we can access it via a pipeline.

The best features that HashiCorp Vault offers, based on my experience, include the HashiCorp Secret Engine. The Secret Engine stands out as a particularly valuable feature. Under the Secret Engine, we can create different folders, such as folders for Azure authentication purposes, certificate management purposes, and other purposes based on requirements. The main feature we use most is the HashiCorp Engine feature.

HashiCorp Vault has positively impacted my organization by maintaining secrets, which is essential due to the amount of hacking happening nowadays. A secret is a very important key-value pair. Without a secret and without credentials, something as simple as a Facebook account can be compromised if that secret becomes public. For that purpose, we are using HashiCorp Vault, which is a very secure way to maintain that secret. We can easily retrieve that secret via the GitLab CI/CD pipeline.

Based on my experience with four years of knowledge, HashiCorp Vault is adequate as it currently exists.

I have been using HashiCorp Vault for the last three years in my current project, which is a migration project from AWS to Azure, and some applications from on-premises to Azure.

HashiCorp Vault has proven stable in my experience, showing no downtime or reliability issues. It is a highly available solution.

The scalability of HashiCorp Vault is good, and as our organization has grown, it has effectively met our needs. Our choice of HashiCorp Vault allows us to use it anywhere, anytime. If ten colleagues out of ten have access to HashiCorp Vault, we can use it in parallel with no downtime and high productivity, reflecting its scalability.

I have not interacted with customer support for HashiCorp Vault because I have not encountered any issues that required raising concerns or any RITM.

I have not previously used a different solution before HashiCorp Vault; I have only utilized HashiCorp Vault to maintain secrets and credentials.

Before choosing HashiCorp Vault, my team did evaluate other options, including Azure Key Vault.

HashiCorp Vault is currently deployed in my organization in two cloud setups. One is on-premises, and another one is in the public cloud with a focus on using Azure.

I set up HashiCorp Vault separately via the client-side rather than purchasing it through the Azure Marketplace.

Using HashiCorp Vault has led to measurable changes, particularly in secret management and cost optimizations. For the overall organization, it is very helpful to use the secret because the UI is very simple. The simplicity of the UI is the first thing; there is nothing complex. We can easily create folders under the Secret Engine, create new versions, and easily mention keys and values. The second benefit is that we can easily retrieve and use the secret. After Azure authentication, we can also perform that easily. Overall, HashiCorp Vault is good for maintaining secrets, credentials, and certificates without any complexity.

The experience with pricing, setup costs, and licensing for HashiCorp Vault is generally managed by the client. They take care of all those aspects, and after onboarding HashiCorp Vault for our application, a higher director approves our RITM before providing us access to HashiCorp Vault based on the application.

I have not seen specific metrics showing saved money from using HashiCorp Vault, as I am not informed about the current price our organization pays. However, I can rate the time saved at an overall ten out of ten.

My advice for others looking into using HashiCorp Vault is to use it because it is a very secure and trustworthy product. We can easily manage HashiCorp Vault and retrieve secrets to use in various stages within the pipeline.

I have additional thoughts about my main use case for HashiCorp Vault, focusing on the management of secrets, credentials, and certificates. The main purpose is secret management and credential management, which serves as a very secure layer. We trust HashiCorp Vault, which is why we are using it. We still have not faced any issues retrieving the secret from HashiCorp Vault and using our CI/CD pipeline because we are not using hard-coded values, which can create vulnerabilities. For security purposes, that is why we use HashiCorp Vault. It is an easy way, and the UI is very friendly with no complex features.

I can tell you more about how I use the Secret Engine feature in my daily workflows. We store the secret credentials, certificates, and SSL/TLS certificates under HashiCorp Vault only. If we want to store any certificate in SSL/TLS format, I create one folder under HashiCorp Vault with a secret name such as 'certificate.' We are using three environments: dev, pre-prod, and production, so based on the environment, we create those folders under the Secret Engine. It is very helpful for tracking and managing the secrets and certificates.

My reason for choosing a ten out of ten rating is because it is for secret management; it is high-level secret management where no one can easily access the secrets. If I store my PFX or PFX format certificate, or an SSL/TLS certificate for my application, someone cannot easily retrieve that secret from HashiCorp Vault. This level of security is very important, especially considering vulnerabilities and security concerns today. I have no additional thoughts about HashiCorp Vault, as all aspects have been covered.

My main use case for HashiCorp Vault is secret management, and we have CIs that retrieve secrets from HashiCorp Vault to run specific pipelines. An example of this would be an APK signing process where we store secrets in HashiCorp Vault.

When running the APK signing process, HashiCorp Vault fits into my workflow as it is fully automated. We have configured GitHub Actions with the relevant variables which communicate with HashiCorp Vault where the APK setup is stored.

In my workflows, we also manage a DB connection setup using HashiCorp Vault where we give short-lived access to our employees. Within this particular case, we leverage GitHub accounts, and through that, we are able to give them limited access to databases that we have hosted on the cloud.

HashiCorp Vault offers excellent features including the ability to break down the IAM functionality around it, which makes it easier for me to give either read-only or read-write permissions.

The way the functionality is broken down for permissions helps my team day-to-day by making it easier to group various teams in such a way that we are able to grant access to specific database resources. One team is able to access only the resources that they need and not others.

HashiCorp Vault has positively impacted my organization by streamlining access and secret management. HashiCorp Vault has streamlined these aspects for my team, resulting in improved compliance, and for the APK process, it has saved time in terms of ensuring that it is done securely.

At the moment, there is no way HashiCorp Vault can be improved, as we have a limited use case for it. Based on the integrations that are available, that should work out because there are a number of projects that we have not leveraged well for which we are planning to use them.

I do not have anything to add about needed improvements at the moment, taking into account it is a niche within our ecosystem, and not many people utilize secret management. Probably many people would resort to GitHub secrets for such purposes, especially within the CI. For us, it is more of a niche.

I have been using HashiCorp Vault for the fourth year, but it has been more of an on-and-off project.

In my experience, HashiCorp Vault is stable. One of the challenges we had was that we used a really old version, so part of what we plan for this year is to migrate it to at least a supported version.

HashiCorp Vault's scalability for our needs is sufficient; we have not reached a point where we needed to scale it up based on the current setup that we deployed.

I have not had any interactions with customer support for HashiCorp Vault, but I appreciate the level of effort that has gone towards documentation, which makes it easier for us to manage any issues that come up around it.

I did not previously use a different solution for secret management; this was the solution that we used for this particular case.

My experience with pricing, setup cost, and licensing is acceptable. Based on our current setup, we manage it within our licensing agreement. We have not reached a point where we needed to buy additional licenses for the use cases that we have. At the moment, we are using the free tier.

I have seen a return on investment regarding time saved for the APK signing because the main issue we faced was we were looking for a solution that standardizes it within one repository and allows us to generate different APK artifacts from the same repository. Since most of the projects were using the same APK template, it made it easier to achieve that in the shortest time possible, in conjunction with GitHub Actions, which saved us time.

Before choosing HashiCorp Vault, I did not evaluate other options. We utilized what was available because we had used HashiCorp for a long time.

HashiCorp Vault is a good tool for managing any workflows around secret management. I would rate this review an eight out of ten.

My main use case for HashiCorp Vault is that it provides storage for secrets across multiple clouds. It stores the secrets securely, allowing controlled access through various measures such as ciphers and identity-based access controls.

In my opinion, the best features with HashiCorp Vault are that it works as one solution providing security across all the clouds. I can have a cipher that's inside of HashiCorp Vault, and I can also have a separate secret inside of my cloud Vault, depending on which cloud it is. You can't get to the second secret without the first secret. This provides better protection because an employee of the cloud provider can't hack your system. We also use it for encryption. We use it to store encryption keys.

Regarding HashiCorp Vault's identity-based access controls, I believe it's sufficient for managing and mitigating risk. It has multi-factor authentication and everything that we'd expect.

HashiCorp Vault's auditing features meet my compliance needs. By having the secret, or at least the access secret outside of the cloud provider's access, they cannot access it. If you think about it from an encryption standpoint, if I encrypt the data before it ever hits the cloud provider's network using the encryption key that's stored inside of HashiCorp Vault, then the cloud provider encrypts it again. Now it's dual-encrypted. It's actually encrypted more than that, but we'll just say dual-encrypted. Neither HashiCorp nor the cloud provider can decrypt it without having both secrets.

I think HashiCorp Vault could improve by being a little bit more accommodating to startup companies for providing access and helping them understand the value of the tools. I think it's a really great product overall. The pricing is good for an enterprise especially.

I've never used HashiCorp Vault's support, so I won't be able to rate it accurately. I would say it's probably a 10, but I never had to use it.

Positive

The documentation for HashiCorp Vault is good. All the materials around it are sufficient.

We deploy HashiCorp Vault mainly with AWS, but we use it for four clouds. I use AWS as an example to explain, but we use it for AWS, Azure, Google, and IBM Cloud. These are our four major clouds. When HashiCorp Vault first came out, it wasn't available through the AWS Marketplace, so we acquired it from HashiCorp the way you'd acquire Thales from Thales. Now it is part of the AWS Marketplace, so it depends on the acquisition time.

I would rate this product a 10 overall.

My main use case for HashiCorp Vault is to store secrets in order to automate the process. For example, we use GitHub Actions to pull secrets in order to authenticate with Azure. This is a very typical process regarding my main use case with HashiCorp Vault.

HashiCorp Vault has positively impacted my organization because several teams use it in the same way for an automated process with GitHub Actions or other pipeline tools. I was looking for some examples and I have a couple of them about how HashiCorp Vault has benefited my teams and automated processes.

In my opinion, one of the best features HashiCorp Vault offers is the cluster installation. I like the cluster installation because when a maintenance task is scheduled, then this maintenance can be done instance per instance without causing an outage to the service. It can be run even on production during business hours without outages.

I think HashiCorp Vault is a good product, but I have had hard times trying to find secrets that different teams own. For example, several teams use HashiCorp Vault to store secrets, but sometimes they don't remember where they have stored their secrets or where the secrets are located. It is hard to find those secrets.

A search function would make it easier for teams to locate and manage their secrets in HashiCorp Vault. I believe this search feature would be valuable, as HashiCorp Vault does not currently have it.

I have been using HashiCorp Vault for four to five years.

I found performance issues with HashiCorp Vault, but there are reasons for it. The performance issues I experienced were not a HashiCorp Vault issue; it was an issue with a team that was not using it properly. They were doing some kind of attack without being aware of that, and the capacity of the server was at capacity at that time.

I do not have any additional features to suggest about HashiCorp Vault. I would rate this product a seven out of ten.

We use HashiCorp Vault for managing secrets.

One of our use cases for managing secrets with HashiCorp Vault is an LLM use case where we utilize the KV Vault, which is our primary use case, as well as the KV secret engine for storing our static secrets. This is one of the most common use cases, but besides this, we also use other secret engines, such as the LDAP secret engine to remediate some of the issues concerning service accounts.

One of the important things about our main use cases for HashiCorp Vault is that it scales well compared to other secret solutions we were using, such as Google Secret Manager. We ran into scaling issues with those solutions, but with HashiCorp Vault, we can scale well and it serves our use cases better than Secret Manager for our company.

The specific features that stand out to me in HashiCorp Vault are audit logging, which works well, the dynamic secret functionality, which is also pretty good, and the high availability and stability of the service.

HashiCorp Vault has positively impacted our organization by providing a central way to manage all the secrets.

A positive impact from using HashiCorp Vault is that we now have a central way of managing all the secrets and we are using HashiCorp Vault as the go-to service for secrets management.

While not a missing feature, I feel that the enterprise license is expensive, especially for some of the smaller use cases.

If HashiCorp could simplify the license model and move away from the client-based license usage to something simpler, then I would definitely give it a ten.

I have been using HashiCorp Vault for the last four years.

From an integration point of view, HashiCorp Vault integrates well with some of our use cases, especially with the authentication methods.

Having a central way to manage all our secrets has helped us by making it easier to manage them, as we do not have to worry about rotating the secrets since they are in a single place. This single place for managing secrets simplifies the rotation process.

I was not directly involved with the procurement of the contract agreement, but we do find it hard to justify the cost to the end-users. I would rate this product eight out of ten.

HashiCorp Vault is used mainly to store secrets and for dynamic injection, primarily for all microservices exclusively in the Kubernetes field.

Microservices are deployed as Kubernetes pods, and the pods need to access secrets. Kubernetes secrets cannot be relied upon as anyone can decode them. HashiCorp Vault is used to store all the secrets, and the pod accesses HashiCorp Vault using a service account. The secrets are dynamically injected whenever there is a requirement.

Both the open-source and enterprise versions of HashiCorp Vault are used to handle all secrets as a secrets manager. HashiCorp Vault has been integrated with Terraform and Consul for some POCs.

HashiCorp Vault offers excellent features including secrets management, secret rotation, and managing all types of secrets. The product is cloud-agnostic.

The secret rotation feature falls under the audit policy. Managing audits requires rotating secrets on a respective basis. HashiCorp Vault is used to perform secret rotation automatically, which has made the work significantly easier.

HashiCorp Vault has reduced the workload regarding rotating secrets and securely managing them. Only people who have access can retrieve the secrets.

The current setup is good as is.

HashiCorp Vault has been used for the past eight years.

HashiCorp Vault's scalability is based on the on-premises setup that is in place.

The customer support for HashiCorp Vault is good.

AWS Secrets Manager was used previously, but the switch was made to HashiCorp Vault.

The main reason for switching from AWS Secrets Manager to HashiCorp Vault was to manage cloud-agnostic solutions.

The recommendation to others looking into using HashiCorp Vault is to follow the documentation clearly and also the best practices mentioned in the documentation site. HashiCorp Vault is a good product. This review has been given a rating of 9.

The main use cases for HashiCorp Vault are dynamic secrets and certificate management, which provide security, such as securing banking systems from the application side, giving them appropriate control access, and dynamic access to privilege systems. This encompasses complete secret lifecycle management. Additional key use-case is on dynamic data encryption/decryption.

It improves the overall security posture by eliminating/mitigating the risks of secret/data leaks.

The best features in HashiCorp Vault are its dynamic certificate management and dynamic secret management, which are the key features that use data effectively. These are very targeted use cases that cut across multiple solutions.

I have utilized Vault's encryption capabilities for securing data in transit and at rest, especially for dynamically consuming database encryption, which covers the requirements of various scenarios where databases do not have encryption capability. HashiCorp Vault provides security by rotating the keys and taking all the burden of securing the data from the database. These are key core features that many users employ in this solution.

Vault's audit logs provide insights into access patterns and help ensure compliance. These facilities are configurable, and the logs are encrypted, ensuring that anything recorded in the logs is secure. We could use systems that comply with specific standards for audit logging and scanning, especially when working with them.

The benefits from HashiCorp Vault include significant advantages in security lifecycle management itself. The value becomes apparent when security incidents occur. It has substantial value in proactively protecting from adverse situations, providing resilience and appreciation by customers in complete security lifecycle management solutions for core infrastructure applications.

The UI could be improved to better handle complex operations like policy management, dynamic secret creation, and audit log analysis

My experience working with HashiCorp Vault spans approximately one and a half years.

HashiCorp Vault is a highly stable solution. I can add other nodes if requirements increase or more applications need to interact with the Vault at runtime, making it a consistently stable solution.

HashiCorp Vault is open source, and regarding scalability, the Vault Enterprise, which is the commercial offering, is highly scalable. I do not see any challenges in that area.

I have experience working with other solutions, mostly with IBM and Red Hat, specifically with Ansible and HashiCorp Terraform, rather than Microsoft tools.

The initial setup of HashiCorp Vault has a quick learning curve. Anyone with a background in security who understands security threats and vulnerabilities finds it easy to implement.

I am part of IBM tech sales and tech presales, as IBM has acquired HashiCorp. I am not an IBM end customer but rather sell the solution.

My primary cloud provider for this solution operates on a mostly hybrid platform. It is cloud agnostic and works across all platforms and on-premise as well. The solution is available through the HCP, which is called HashiCorp Cloud Platform.

I have used it directly through AWS. I haven't looked closely at pricing yet because this is IBM's recent acquisition, and I'm focused on the presales side, mostly learning the technical solutions and capabilities rather than working with pricing.

On a scale of 1-10, I rate HashiCorp Vault a 10.