» Secrets Management

Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret while providing tight access control and recording a detailed audit log.

Secrets Management guides demonstrate features in Vault to securely store your secrets.

  • Static Secrets guide walks you through the steps to write secrets in Vault, and control who can access them.

  • Versioned KV Secret Engine guide demonstrates the secret versioning capabilities provided by KV Secret Engine v2.

  • Secret as a Service: Dynamic Secrets guide demonstrates the Vault feature to generate database credentials on-demand so that each application or system can obtain its own credentials, and its permissions can be tightly controlled.

  • Database Root Credential Rotation guide walks you through the steps to enable the rotation of the database root credentials for those managed by Vault.

  • Cubbyhole Response Wrapping guide demonstrates a secure method to distribute secrets by wrapping them where only the expecting client can unwrap.