CyberArk Privileged Access Manager vs HashiCorp Vault comparison

CyberArk and HashiCorp are both solutions in the Enterprise Password Managers category. CyberArk is ranked #2 with an average rating of 8.9, while HashiCorp is ranked #4 with an average rating of 8.3. Additionally, 94% of CyberArk users are willing to recommend the solution, compared to 88% of HashiCorp users who would recommend it.

CyberArk Privileged Access ...

Read 193 CyberArk Privileged Access Manager reviews

9,858 Views
5,796 Comparison Views

94% willing to recommend

HashiCorp Vault

Read 16 HashiCorp Vault reviews

14,750 Views
9,840 Comparison Views

88% willing to recommend

CyberArk Privileged Access ...

HashiCorp Vault

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between CyberArk Privileged Access Manager and HashiCorp Vault based on real PeerSpot user reviews.

Find out in this report how the two Enterprise Password Managers solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed CyberArk Privileged Access Manager vs. HashiCorp Vault Report (Updated: August 2024).

Buyer's Guide

CyberArk Privileged Access Manager vs. HashiCorp Vault

August 2024

Download the complete report

Helped 801,394 peers since 2012

Categories and Ranking

CyberArk Privileged Access ...

Ranking in Enterprise Password Managers

2nd

Average Rating

8.6

Number of Reviews

193

Ranking in other categories

User Activity Monitoring (1st), Privileged Access Management (PAM) (1st), Mainframe Security (3rd), Operational Technology (OT) Security (3rd)

HashiCorp Vault

Ranking in Enterprise Password Managers

4th

Average Rating

8.2

Number of Reviews

Ranking in other categories

No ranking in other categories

Featured Reviews

reviewer988578

Snr Technical Consultant at Computacenter

Aug 21, 2023

Great password management and Privileged Threat Analytics with good auditing capabilities

The product has allowed us to improve both the management and access to privileged credentials, while also creating a full audit trail of all activities happening within isolated sessions of all tasks and activities taking place within the solution. This includes sessions via the solution and sessions to administer the solution itself. From a user perspective, we no longer need to try and create or remember complex passwords or have to be concerned about when they will change as the solution takes care of this and can and does populate these credentials for you so mistyping a complex password is a thing of the past.

Read full review

BernardParinas

Consultant at Accenture

Dec 18, 2023

Offers ability to store secret credentials and create policies using API calls, like allowing specific users to access certain data only after authentication

Before provisioning things in Azure, we use HashiCorp Vault to store service principal credentials—passwords and such. Then, we can identify if a user is authorized to provision resources. If not, the blueprint will throw an error saying the user isn't authorized to provision or spin up resources in Azure. Same thing with other components, except for the applications themselves. We don't store credentials for those. On the replication side, in a high-availability setup in multiple Vault instances, secret data is accessible by other resources. Each user or technical user has their own token, and there are different tokens for dev, test, QA, and product environments. It meets all three-point authentication, authorization, and access control requirements.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable aspects of the solution include password management and Rest API retrieval of vaulted credentials."

"CyberArk has the ability to change the credentials on every platform."

"We are able to rotate credentials and have privileged account access."

"It enables companies to automate password management on target systems gaining a more secure access management approach."

"The product is for hardening access and making the organization more secure, therefore reducing chances of a breach."

"It is a single tool that isolates possible kinds of malware. You get lateral movement blocking and auditing information, e.g., you know who is doing what. You are getting protections from the service as well as a useful environment. All your admins can easily go in and out of your company while accessing your servers in a secure way, even if they are working abroad."

"The ability to develop and deploy applications with no stored secrets is very valuable."

"You can gradually implement CyberArk, starting with more easily attainable goals."

More CyberArk Privileged Access Manager pros

"The tool's dynamic rotation of the password credentials is good."

"For me, the most valuable features include that it's easy to manage and maintain the password API for retrieving passwords and other things."

"It is an added value for our customers to have a Secrets Management workflow available that is PaaS/CaaS/KaaS Platform agnostic."

"This solution is easy to use and to integrate."

"The most valuable feature of HashiCorp Vault is the management of tickets in the pipeline."

"The feature I find most beneficial in HashiCorp Vault is the secret engine. It integrates smoothly with many applications, making it easy to set up and implement quickly. This allows you to test it easily and see good results rapidly. When you integrate an internal API or application, it quickly manages that application's secrets."

"The solution is stable. It has been working perfectly without any problem."

"The interface is very simple to navigate."

More HashiCorp Vault pros

Cons

"Report creation could be improved. The policies could be more customized."

"I think they can improve account onboarding. For instance, you have to use the Password Vault utility, whereas in Thycotic I think there is a feature in the user interface that allows you to upload your account with an Excel file. So I'd like to have a similar thing in CyberArk."

"Overall what I would really love to see is the third-party PAS reporter tool pulled more into the overall solution, ideally as its own deployable component service installation package."

"Areas the product could be improved are in some of the reporting capabilities and how the reports are configured."

"The installation process should be easier and more user-friendly so that you don't need to hire a third party to deploy it."

"If there is an area that has room for improvement, it's probably working with their support and getting people on the phone. That is hard to do with most products in general, but that seems to be the difficult area. The product is fantastic, but sometimes we want somebody on the phone."

"The initial setup could be simplified. Right now, in comparison to its nearest competitors, it's quite complex."

"Upgrading the product is very difficult, so this could be an area for improvement."

More CyberArk Privileged Access Manager cons

"The solution's initial setup process is complicated."

"The documentation is very general; it should have more examples and more use cases."

"The product needs to improve its customization. It should be also more like easy to plug and play."

"The technical support was hard to get a hold of and lacking in service."

"I don't think there are any major improvements required—so far, so good. However, I think that having more training materials, such as videos, and documentation available would be helpful. I would prefer to have more videos available either on the official site or on YouTube."

"In terms of features, the only thing that I found a little bit hinky was that there was no revocation or deletion on the model we were using. Once in a financial year, a client interacts, and you pay for that client for the year. So, there are just little things like that in the pricing. There should be more clarity around the end of the key. I know there is no system like this. They all are the same. I tested Microsoft, Google, and some others, and none of them really want you to delete a key, which makes sense. You delete a key, and you lose everything that it has wrapped or encrypted, but it's actually just a language. Deletion isn't really deletion. It's really revocation, but overall, HashiCorp Vault ticked all the boxes for us, and I couldn't fault it."

"A drawback for some clients who have to be PCI compliant is that they still need to use and subscribe to an HSM (Hardware Security Module) solution."

"There could be a plugin for the database to change the secret automatically. It would be an efficient feature for password security."

More HashiCorp Vault cons

Pricing and Cost Advice

"This product is very expensive."

"The price of this solution is quite reasonable."

"I rate the tool's pricing an eight out of ten."

"I'm aware that the organization had purchased licensing for almost all of CyberArk's solutions including licensing for PTA, EPM, and the Application Identity Manager. But when it comes to PSM, this is one of the components where there's an additional charge for any extra PSMs that you want to deploy. I believe that there's some rider where the vendor has a bit of leeway to, at times, charge a premium on whatever additional services you may require above the board."

"Our risk is definitely significantly lower. Also, our resources are low."

"The license CyberArk Privileged Access Manager is on an annual basis."

"The cost is high compared to other products."

"This solution is considered to be more expensive than others out there on the market today."

More CyberArk Privileged Access Manager pricing and cost advice

"The solution's cost is reasonable."

"The product is expensive."

"In my case, the open-source version works well. It's advisable for small to medium-scale organizations, but for large-scale organizations, you should go with the enterprise version."

"It could do everything we wanted it to do and it is brilliant, but it is super pricey. To be fair to HashiCorp, we drove the price up with our requirements around resiliency. Because of the nature of our company, we don't really operate in the cloud."

"I am using the open-source version of Vault and I would have to buy a license if I want to get support."

"The AWS version is much cheaper than HashiCorp Vault."

See which vendors are best for you

Use our free recommendation engine to learn which Enterprise Password Managers solutions are best for your needs.

See recommendations

801,394 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

28%

Financial Services Firm

13%

Computer Software Company

12%

Manufacturing Company

Financial Services Firm

20%

Computer Software Company

16%

Manufacturing Company

Healthcare Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

How does Sailpoint IdentityIQ compare with CyberArk PAM?

We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the m...

See all answers

What do you like most about CyberArk Privileged Access Manager?

The most valuable features of the solution are control and analytics.

See all answers

What is your experience regarding pricing and costs for CyberArk Privileged Access Manager?

CyberArk Privileged Access Manager comes at a high cost. But the solution is worth its price.

See all answers

Which is better - HashiCorp Vault or AWS Secrets Manager?

HashiCorp Vault was designed with your needs in mind. One of the features that makes this evident is its ability to work as both a cloud-agnostic and a multi-cloud solution. As a cloud-agnostic sol...

See all answers

What do you like most about HashiCorp Vault?

The feature I find most beneficial in HashiCorp Vault is the secret engine. It integrates smoothly with many applications, making it easy to set up and implement quickly. This allows you to test it...

See all answers

What is your experience regarding pricing and costs for HashiCorp Vault?

The enterprise version would require considering factors like the level of support needed, the amount of secret data being stored, and replication needs. But in my case, the open-source version wor...

See all answers

Comparisons

Cisco Identity Services Engine (ISE) vs CyberArk Privileged Access Manager

Compared 12% of the time

Microsoft Entra ID vs CyberArk Privileged Access Manager

Compared 9% of the time

Delinea Secret Server vs CyberArk Privileged Access Manager

Compared 8% of the time

WALLIX Bastion vs CyberArk Privileged Access Manager

Compared 5% of the time

Fortinet FortiAuthenticator vs CyberArk Privileged Access Manager

Compared 2% of the time

More CyberArk Privileged Access Manager Competitors

Azure Key Vault vs HashiCorp Vault

Compared 30% of the time

AWS Secrets Manager vs HashiCorp Vault

Compared 27% of the time

Keeper vs HashiCorp Vault

Compared 10% of the time

Delinea Secret Server vs HashiCorp Vault

Compared 7% of the time

BeyondTrust Password Safe vs HashiCorp Vault

Compared 5% of the time

More HashiCorp Vault Competitors

Product Reports

Buyer's Guide

CyberArk Privileged Access Manager

September 2024

CyberArk Privileged Access Manager report

Download CyberArk Privileged Access Manager product report

Buyer's Guide

HashiCorp Vault

September 2024

Download HashiCorp Vault product report

Also Known As

CyberArk Privileged Access Security, CyberArk Enterprise Password Vault

No data available

Learn More

CyberArk

HashiCorp

Overview

CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.

CyberArk Privileged Access Manager possesses a simplified and unified user interface. Users are able to manage the solution from one place. The UI allows users to view and manage all of the information and controls that administrators need to be able to easily access. Very often, management UIs do not have all of the controls and information streamlined in a single location. This platform provides a level of visibility that ensures users will be able to view all of their system’s most critical information at any time that they wish.

Benefits of CyberArk Privileged Access Manager

Some of CyberArk Privileged Access Manager’s benefits include:

The ability to manage IDs and permissions across a cloud environment. In a world where being able to work remotely is becoming increasingly important, CyberArk Privileged Access Manager is a very valuable tool. Administrators do not need to worry about infrastructure security when they are away from the office. They can assign and manage security credentials from anywhere in the world.
The ability to manage the program from a single centralized UI. CyberArk Privileged Access Manager’s UI contains all of the system controls and information. Users now have the ability to view and use all of their system’s most critical information and controls from one place.
The ability to automate user management tasks. Administrators can save valuable time by assigning certain management tasks to be fulfilled by the system itself. Users can now reserve their time for tasks that are most pressing. It can also allow for the system to simplify the management process by having the platform perform the most complex functions.

Reviews from Real Users

CyberArk Privileged Access Manager’s software stands out among its competitors for one very fundamental reason. CyberArk Privileged Access Manager is an all-in-one solution. Users are given the ability to accomplish with a single platform what might usually only be accomplished with multiple solutions.

PeerSpot users note the truly all-in-one nature of this solution. Mateusz K., IT Manager at a financial services firm, wrote, "It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."

Hichem T.-B., CDO & Co-Founder at ELYTIK, noted that “This is a complete solution that can detect cyber attacks well. I have found the proxy features most valuable for fast password web access.”

HashiCorp Vault is a cloud-agnostic solution used for security and secret management. Its valuable features include integration with other HashiCorp tools, token sharing, open source nature, cloud agnosticism, and on-the-fly encryption management.

The solution provides encryption of data at rest, in use, in transit, on the fly, and linked with applications. It is free to use, and the interface is simple to navigate. HashiCorp Vault has helped organizations with its multiple authentication methods and RESTful API.

HashiCorp Vault Features

Data encryption: The solution is capable of encrypting and decrypting data, and will not store it. Organizations’ security personnel define their own encryption protocols; developers can store the encrypted data where they choose and are not obligated to design specific encryption processes.
Robust secrets: For systems such as AWS or SQL databases, Vault is able to generate secrets automatically. HashiCorp Vault is able to generate AWS keypairs with all the appropriate permissions when necessary, and when the approved time expires, will nullify them.
Secure secret storage: Any type of value or key secrets can be stored in the Vault. The Vault automatically encrypts the desired secrets before recording them into persistent storage, keeping them safe and secure. Users can record data using HCP Vault’s Consul service or disk, or choose from other options.
Nullification: Vault is able to nullify single secrets or all secrets from a particular group or specific user. This process is integral in securing systems in the event of an attack or inappropriate access.

Reviews from Real Users

“The greatest benefit of HashiCorp is its ability to manage encryption on the fly. It provides encryption of data at rest, in use, in transit, on the fly, and linked with applications, which was really attractive. The lifecycle of a key is so easy to manage in terms of rotating, revoking, and issuing. They have different auth methods, and I tried all different auth methods. It is seamless.”- Project Manager at a comms service provider.

“The most valuable feature of HashiCorp Vault is that it's an open source solution. Second, it's cloud-agnostic, so it's very easy to maintain and control, which is why we prefer HashiCorp. “ - Mohamed A., Lead DevOps Engineer at Etisalat.

Sample Customers

Rockwell Automation

Adobe, SAP Ariba, Citadel, Spaceflight, Cruise

Buyer's Guide

CyberArk Privileged Access Manager vs. HashiCorp Vault

August 2024

Free Report: CyberArk Privileged Access Manager vs. HashiCorp Vault

Find out what your peers are saying about CyberArk Privileged Access Manager vs. HashiCorp Vault and other solutions. Updated: August 2024.

DOWNLOAD NOW

801,394 professionals have used our research since 2012.

See our CyberArk Privileged Access Manager vs. HashiCorp Vault report.

See our list of best Enterprise Password Managers vendors.

We monitor all Enterprise Password Managers reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.