» Secrets Management

Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret while providing tight access control and recording a detailed audit log.

Secrets Management guides demonstrate features in Vault to securely store your secrets.

  • Static Secrets guide walks you through the steps to write secrets in Vault, and control who can access them.

  • Versioned KV Secret Engine guide demonstrates the secret versioning capabilities provided by KV Secret Engine v2.

  • Secret as a Service: Dynamic Secrets guide demonstrates the Vault feature to generate database credentials on-demand so that each application or system can obtain its own credentials, and its permissions can be tightly controlled.

  • Database Root Credential Rotation guide walks you through the steps to enable the rotation of the database root credentials for those managed by Vault.

  • Cubbyhole Response Wrapping guide demonstrates a secure method to distribute secrets by wrapping them where only the expecting client can unwrap.

  • One-Time SSH Password guide demonstrates the use of SSH secrets engine to generate a one-time password (OTP) every time a client wants to SSH into a remote host.

  • Build Your Own Certificate Authority guide walks you through the use of the PKI secrets engine to generate dynamic X.509 certificates.

  • Direct Application Integration guide demonstrates the usage of Consul Template and Envconsul tool to retrieve secrets from Vault with no or minimum code change to your applications.