Use case

Dynamic secrets

Generate time-based access credentials dynamically based on policies and revoke access when lease expires.


Long-living credentials pose a major risk for users and organizations

Many organizations have credentials hard coded in source code, littered throughout configuration files and configuration management tools, and stored in plaintext in version control, wikis, and shared volumes. Safeguarding and ensuring that a credentials isn’t leaked, or in the likelihood it is, that the organization can quickly revoke access and remediate, is a complex problem to solve.


Create automated short-lived dynamic credentials across your environments

A dynamic secret is generated on demand and is unique to a client, instead of a static secret, which is defined ahead of time and shared. Vault associates each dynamic secret with a lease and automatically destroys the credentials when the lease expires. Vault supports dynamic secrets with a wide range of systems and is easily extensible with plugins.

Customer case study

Cracking the code to global success

The world’s largest developer collaboration platform uses HashiCorp solutions to shore up internal processes and deliver mission-critical functionality faster and at lower cost.

  • 400+

    unique applications across thousands of nodes

  • 100K+

    secrets requests per day

  • 73+

    million developers

Ready to get started?

Quickly get hands-on with HashiCorp Cloud Platform Vault and set up your managed Vault cluster.

What are dynamic secrets and why do I need them?

Keeping the same keys, passwords, and credentials for months or years is extremely risky. Modern security principles dictate that you should rotate your secrets to make it more difficult for hackers to exploit them long-term if they get them.

Armon Dadgar

Co-founder & CTO