Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.
The shift from static, on-premise infrastructure to dynamic, multi-provider infrastructure changes the approach to security. Security in static infrastructure relies on dedicated servers, static IP addresses, and a clear network perimeter. Security in dynamic infrastructure is defined by ephemeral applications and servers, trusted sources of user and application identity, and software-based encryption.
Datacenters with inherently high-trust networks with clear network perimeters.
Multiple clouds and private datacenters without a clear network perimeter.
Audit access, automatically Centrally store, access, and deploy secrets across applications, systems, and infrastructure
Keep secrets and application data secure with one centralized workflow to encrypt data in flight and at rest
Authenticate and access different clouds, systems, and endpoints using trusted identities
$ curl
--header "X-Vault-Token: ..."
--request POST
--data @payload.json
https://127.0.0.1:8200/v1/secret/configUse policy to codify, protect, and automate access to secrets.
Seamlessly integrate any trusted identity provider.
Securely manage secrets and access through a centralized workflow.
Vault Open Source addresses the technical complexity of managing secrets by leveraging trusted identities across distributed infrastructure and clouds. Vault Enterprise addresses the organizational complexity of large user bases and compliance requirements with collaboration and governance features.