HashiCorp Vault Reviews

Capability of encrypting files and handling loads is commendable. The ability to create sections tailored for document types is good. Its flexibility is incredibly valuable.HashiCorp Vault stands as a powerful tool for securing sensitive information.

The initial setup and configuration process is complex and time consuming for organizations.

HashiCorp Vault is storing and managing sensitive information solving this problem. Its strong encryption mechanisms and access control features ensure data protection.

The community and the overall functionality it provides, are easy to integrate with LDAP and OIDC, and it supports almost all the top secret management providers like AWS KMS and Google KMS. Its open-source nature of it enables other developers to create tools for Vault which is fantastic.

Some of the documentation is very poor, especially when I was trying to integrate Keycloak I cannot find a good documentation.

The secret sprawl in the companies, storing it in base64 cannot provide security hence Vault solves this by providing encryption and tons of other features like its seal/unseal method.

it integrates with so many services, key being GitHub Action for me.

Identifying tokens can be a bit of a hassle, and requires mulitple API calls to properly delete a key from a user-friendly identifier.

Sharing secrets across multiple services.

We can store our third-party software passwords and retrieve them easily. We can also give vault access to users to recover certificates and passwords through PAT tokens from GHE.

As of now, nothing. We can satisfy the basic necessity of retrieving passwords for our nexus repository. Most of the team members use it for that purpose alone so no concerns have been raised.

We can store important passwords for our repository and codes for our proxy setup within our project. Since we work in a bank account, the passwords need to be protected, and the codes need to be stored safely. We can also grant access through PAT token, so anyone accessing will automatically be authorized as they are part of GHE.

Hashicorp vault is a great tool to store and manage secrets like passwords, private keys, certificates, etc.. in a secure environment, and it also rotates the keys to manage the secret lifecycle plus Hashicorp vault also comes in community edition and Hashicorp vault community is very active to provide various custom solution to fulfill various use-cases

Hashicorp vault is not very useful for code and binary signing, especially in CI/CD environment and we can not integrate Hashicorp vault CI/CD tools to perform digital signatures without sharing the keys

Hashicorp vault helps to securely store of all the secrets in a central place with secure authentication and authorization service, and three API helps to fulfill various use cases plus Hashicorp vault support integration with various other tools

HashiCorp Vault is a secret store needed for enterprises to store secrets like passwords, oAuth tokens, metadata, etc. The beauty here is data stored and transmitted are hashed/encrypted.

It has both CLI(Command Line Interface) and User Graphical Interface. And also can retrieve secrets via Rest call as API.

Option to classify store based on namespace a parent and child namespace. This may help to have HashiCorp env for different environment (like QA/UAT/PT & Production)

The tokens are generated once and are presented for successive secret store/retrieval.

I don't see an issue with the product. But to have a Graphical User Interface, it costs more and is not included in the basic product package cost.

Vulnerability- As everyone knows, there are high cyberattacks on enterprises. This tool will help to reduce the risk of secrets getting stolen.

Vault is lightweight and easily installable.

The possibility of high availability.

Terraform integration with own resources.

Simple Web UI

API driven access/manage, could integrate with other software.

The high learning curve.

Maybe the lack of an officicial Ansible Module (not only a Lookup Plugin)

Test Vault in Dev mode (in a Docker instance for example) and switch into production using it for every secret you have in code. Vault must your new front door, now.

Vault has solved the problem of sharing passwords and AWS credentials. Now the code of Terraform could be safe in the Git repository. A vault it's easily up with Ansible.

- I can trust that vault will keep my data secure with minimal management overhead from my team

- Simple Interface to review my key values

- Simple to use API's

Longer ramp up period for teams across the organization to use.

Recommendations to others considering the product:

What problems are you solving with the product? What benefits have you realized?

Central place to store and manage secrets. consistent and reliable.

Steep learning curve, but it's very usable once you get it up and running. Just tackle one small piece at a time.

Make use of Hashicorp's learing docs as well as any user group you can find for Vault

automating and securing our internal certificate process. also storing secrets in vault instead of in metadata.

- I can trust that vault will keep my data secure with minimal management overhead from my team

- Simple Interface to review my key values

- Simple to use API's

Longer ramp up period for teams across the organization to use.

Read all of the documentation! It is extremely helpful in getting started and training your employees to effectively implement Vault

- Secure KV store for database credentials with Dynamic rotation