Secrets Management
Audit access, automatically Centrally store, access, and deploy secrets across applications, systems, and infrastructure
Manage Secrets and Protect Sensitive Data
Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.
Secure dynamic infrastructure across clouds and environments
The shift from static, on-premise infrastructure to dynamic, multi-provider infrastructure changes the approach to security. Security in static infrastructure relies on dedicated servers, static IP addresses, and a clear network perimeter. Security in dynamic infrastructure is defined by ephemeral applications and servers, trusted sources of user and application identity, and software-based encryption.
Static Infrastructure
Datacenters with inherently high-trust networks with clear network perimeters.
»Traditional Approach
- High trust networks
- A clear network perimeter
- Security enforced by IP Address
Dynamic Infrastructure
Multiple clouds and private datacenters without a clear network perimeter.
»Vault Approach
- Low-trust networks in public clouds
- Unknown network perimeter across clouds
- Security enforced by Identity
Vault Principles
$ curl
--header "X-Vault-Token: ..."
--request POST
--data @payload.json
https://127.0.0.1:8200/v1/secret/configAPI-driven
Use policy to codify, protect, and automate access to secrets.
Identity Plugins
Seamlessly integrate any trusted identity provider.
Extend and integrate
Securely manage secrets and access through a centralized workflow.
Open Source and Enterprise
Vault Open Source addresses the technical complexity of managing secrets by leveraging trusted identities across distributed infrastructure and clouds. Vault Enterprise addresses the organizational complexity of large user bases and compliance requirements with collaboration and governance features.