HashiCorp Vault secures, stores, and controls access to tokens, passwords, certificates, and API keys. Used by Goldman Sachs, Adobe, and Shopify.
What You Get for Free
- Secret storage — encrypted key-value store
- Dynamic secrets — generate database credentials on demand
- Encryption as a service — encrypt data without storing it
- PKI — issue TLS certificates
- Auth methods — LDAP, OIDC, GitHub, Kubernetes
- Audit logging — every access logged
Quick Start
vault server -dev
export VAULT_ADDR='http://127.0.0.1:8200'
Store and Read Secrets
vault kv put secret/my-app api_key=abc123 db_password=s3cret
vault kv get secret/my-app
Dynamic Database Credentials
vault read database/creds/my-role
# Returns: username=v-token-my-role-abc, password=xyz (auto-expires)
Vault vs AWS Secrets Manager
| Feature | Vault | AWS SM |
|---|---|---|
| Price | Free (OSS) | $0.40/secret/mo |
| Multi-cloud | Yes | AWS only |
| Dynamic secrets | Yes | Limited |
| Self-hosted | Yes | No |
Need secrets management? Check my work on GitHub or email spinov001@gmail.com for consulting.
Top comments (0)