EventJoin us for HashiConf Global - product updates, technical sessions, workshops & more Register now

Manage Secrets and Protect Sensitive Data

Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.
Try CloudDownload CLI
UI
CLI
Get Started with Vault

Secure dynamic infrastructure across clouds and environments

The shift from static, on-premise infrastructure to dynamic, multi-provider infrastructure changes the approach to security. Security in static infrastructure relies on dedicated servers, static IP addresses, and a clear network perimeter. Security in dynamic infrastructure is defined by ephemeral applications and servers, trusted sources of user and application identity, and software-based encryption.
Static database graphic

Static Infrastructure

Datacenters with inherently high-trust networks with clear network perimeters.

Traditional Approach

  • High trust networks
  • A clear network perimeter
  • Security enforced by IP Address
Dynamic VM and database graphic

Dynamic Infrastructure

Multiple clouds and private datacenters without a clear network perimeter.

Vault Approach

  • Low-trust networks in public clouds
  • Unknown network perimeter across clouds
  • Security enforced by Identity
Key icon

Secrets Management

Centrally store, access, and deploy secrets across applications, systems, and infrastructure
Learn more
Lock icon

Data Encryption

Keep secrets and application data secure with one centralized workflow to encrypt data in flight and at rest
Learn more
Access badge icon

Identity-based Access

Authenticate and access different clouds, systems, and endpoints using trusted identities
Learn more

HCP Vault

Available on AWS

HCP Vault provides all of the power and security of Vault, without the complexity and overhead of managing it yourself. Access Vault’s best-in-class secrets management and encryption capabilities instantly and onboard applications and teams easily.

HCP Vault

Vault Principles

<span class="token command"><span class="token shell-symbol important">$</span> <span class="token bash language-bash"><span class="token function">curl</span> </span></span>
<span class="token output">    --header "X-Vault-Token: ..." </span>
<span class="token output">    --request POST </span>
<span class="token output">    --data @payload.json </span>
<span class="token output">    https://127.0.0.1:8200/v1/secret/config</span>
<span class="token command"><span class="token shell-symbol important">$</span> <span class="token bash language-bash"><span class="token function">curl</span> </span></span><span class="token output">    --header "X-Vault-Token: ..." </span><span class="token output">    --request POST </span><span class="token output">    --data @payload.json </span><span class="token output">    https://127.0.0.1:8200/v1/secret/config</span>

API-driven

Use policy to codify, protect, and automate access to secrets.

AWS logo
Microsoft Azure logo
Google Cloud logo
Okta logo
Cloud Foundary logo
Alibaba Cloud logo
SSH logo
Kubernetes logo
GitHub logo

Identity Plugins

Seamlessly integrate any trusted identity provider.

MySQL logo
Cassandra logo
Oracle logo
AWS logo
MongoDB logo
Consul logo
Microsoft SQL logo
PostgreSql logo
Microsoft Azure logo

Extend and integrate

Securely manage secrets and access through a centralized workflow.

Open Source and Enterprise

Vault Open Source addresses the technical complexity of managing secrets by leveraging trusted identities across distributed infrastructure and clouds. Vault Enterprise addresses the organizational complexity of large user bases and compliance requirements with collaboration and governance features.
Learn More