Learn the HashiCorp Logo HashiCorp Suite

Provision, Secure, and Run

Any infrastructure for any application

HashiCorp Logo Learn the HashiCorp Suite

Provision

Secure

Run

Seven elements of the modern Application Lifecycle

A Tool for Managing Secrets
Get Started Launch Interactive Tutorial

Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, and auditing. Through a unified API, users can access an encrypted Key/Value store and network encryption-as-a-service, or generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH credentials, and more.

Features

Secret Storage

Vault can store your existing secrets, or it can dynamically generate new secrets to control access to third-party resources or provide time-limited credentials for your infrastructure. All data that Vault stores is encrypted. Any dynamically-generated secrets are associated with leases, and Vault will automatically revoke these secrets after the lease period ends. Access control policies provide strict control over who can access what secrets.

Learn more

Key Rolling

Secrets you store within Vault can be updated at any time. If using Vault's encryption-as-a-service functionality, the keys used can be rolled to a new key version at any time, while retaining the ability to decrypt values encrypted with past key versions. For dynamically-generated secrets, configurable maximum lease lifetimes ensure that key rolling is easy to enforce.

Learn more

Audit Logs

Vault stores a detailed audit log of all authenticated client interaction: authentication, token creation, secret access, secret revocation, and more. Audit logs can be sent to multiple backends to ensure redundant copies. Paired with Vault's strict leasing policies, operators can easily trace the lifetime and origin of any secret.

Learn more
Get Started with Vault

Completely free and open source.

Latest Vault News

Vault Webinar: Register Now

Build a Secure Cloud with AWS and HashiCorp Vault

Register for our upcoming webinar with AWS on June 1st.

Register Now

Vault 0.7.1 and 0.7.2 released

We are pleased to announce the release of Vault 0.7.1 and 0.7.2. These releases include AWS IAM Authentication, TOTP Secret Backend, Database Backend with Secure Plugins (Beta), as well as additional bug fixes within Vault 0.7.2.

Read more

Webinar: How HashiCorp Vault Solves The Top 3 Cloud Security Challenges

Watch our recent webinar to learn about new Vault product releases and see a demo.

Watch Now