We use HashiCorp Vault for static and dynamic credentials.
Teaching Assistant at a university with 1,001-5,000 employees
Includes dynamic rotation of the password credentials but needs better integration with SAP products
Pros and Cons
- "The tool's dynamic rotation of the password credentials is good."
- "I would like to see better integration of HashiCorp Vault with SAP products."
What is our primary use case?
What is most valuable?
The tool's dynamic rotation of the password credentials is good.
What needs improvement?
I would like to see better integration of HashiCorp Vault with SAP products.
For how long have I used the solution?
I have been using the product for two years.
Buyer's Guide
HashiCorp Vault
November 2024
Learn what your peers think about HashiCorp Vault. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
What do I think about the stability of the solution?
HashiCorp Vault is stable.
What do I think about the scalability of the solution?
The solution is scalable.
How are customer service and support?
HashiCorp Vault's support is great, and we get answers immediately.
How would you rate customer service and support?
Positive
How was the initial setup?
HashiCorp Vault's installation is easy.
What other advice do I have?
I rate the tool a ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Founder & Principal Architect at NCompas Business Solutions Inc.
A secure solution for storing secrets
Pros and Cons
- "It can still be configured by a separate team other than developers. That's why I think it's more secure."
- "We could use more documentation, primarily to do with integrations."
What is our primary use case?
Primarily, we use this solution for the secret management side of things. Initially, we were using Azure Key Vault, but we kind of shifted to HashiCorp Vault because we are using Terraform scripts, etc. We needed a common storage mechanism.
How has it helped my organization?
It's kind of technical, but when we were using Azure Key Vault, it was more driven towards applications. Our developers were exposed to those secrets and everything, but there were some things we didn't want our DevOps team to be exposed to. This is where the Hashi Key Vault helps. It can still be configured by a separate team other than developers. That's why I think it's more secure.
What needs improvement?
We could use more documentation, primarily to do with integrations. Anybody who uses HashiCorp integrates with a public cloud, like Azure or AWS. Azure and AWS have their own secret management; how does this collaboration work between the key vault of HashiCorp to the key vault of Azure? Some of this documentation is not up to mark.
For how long have I used the solution?
I have been using this solution for slightly more than one year.
What do I think about the scalability of the solution?
This solution is both scalable and stable.
How are customer service and technical support?
The technical support is pretty good.
What other advice do I have?
Be careful about how you structure your Terraform scripts. You should probably start off with some examples already given by HashiCorp before you begin implementation. Once you've gone too deep, it's difficult to factor things in and out of it. Carefully read the documentation right from the get-go.
Overall, on a scale from one to ten, I would give HashiCorp Vault a rating of eight.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
HashiCorp Vault
November 2024
Learn what your peers think about HashiCorp Vault. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
DevOps Technical Lead at a comms service provider with 501-1,000 employees
Centralized management, scales well, and simple setup
Pros and Cons
- "The most valuable feature of HashiCorp Vault is the management of tickets in the pipeline."
- "It would be helpful to have more advanced features."
What is our primary use case?
We have a lot of use cases for HashiCorp Vault. We have centralized and integrated everything into HashiCorp Vault.
What is most valuable?
The most valuable feature of HashiCorp Vault is the management of tickets in the pipeline.
What needs improvement?
It would be helpful to have more advanced features.
For how long have I used the solution?
I have been using HashiCorp Vault for approximately three years.
What do I think about the stability of the solution?
I have not had any issues with the solution, it is stable.
What do I think about the scalability of the solution?
We have a lot of people using this solution in my organization.
The solution is scalable.
Which solution did I use previously and why did I switch?
I have used other solutions and they can be more advanced. More automation for passwords would be helpful.
How was the initial setup?
The setup of HashiCorp Vault is simple for me because I have done it before and I automate the process.
What other advice do I have?
I rate HashiCorp Vault an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
TechOps Engineer - Middleware & Containers specialist at EBRC -European Business Reliance Centre
A Multi-platform solution to provide security and PCI compliance
Pros and Cons
- "It is an added value for our customers to have a Secrets Management workflow available that is PaaS/CaaS/KaaS Platform agnostic."
- "A drawback for some clients who have to be PCI compliant is that they still need to use and subscribe to an HSM (Hardware Security Module) solution."
What is our primary use case?
This is a Secrets Management framework to manage a keystore, certificates, and passwords dynamically in a Platform as a Service context, such as Vanilla Kubernetes Platforms, Rancher, Meso, Tectonic, and Origin/OpenShift Enterprise Platforms.
Whatever the platform, this product can help provide good security and be PCI Compliant.
How has it helped my organization?
It is an added value for our customers to have a Secrets Management workflow available that is PaaS/CaaS/KaaS Platform agnostic.
Furthermore, for Private and Hybrid Clouds such as AWS and Azure, it helps us to address multiple use cases that are not covered by AWS KMS, Azure Key Vault, or even with Hardware Security Modules that are limited by key type and size.
What is most valuable?
The dynamic secrets and key revocation feature help us to mitigate some risks easier for our customers, starting at the beginning of their development, without service downtime.
Starting integration of this product at the CI/CD software factory level helps make it easier to expand the environment when needed.
What needs improvement?
A Service Mesh workflow connected within Vault workflow would be difficult to integrate, depending on the SI complexity and security compliance.
A drawback for some clients who have to be PCI compliant is that they still need to use and subscribe to an HSM (Hardware Security Module) solution.
Compliance: www.pcicomplianceguide.org
For how long have I used the solution?
I started using this solution two years ago.
What do I think about the stability of the solution?
Consul, the backend of Vault, is a distributed and highly available system and suitable for intensive production workloads.
What's my experience with pricing, setup cost, and licensing?
The community edition is a place to start, where the development framework is already in place. When moving to production it is easy to make the switch and there are no additional development costs.
Once used in the framework, developers gain time to address authentication and authorization issues, which are managed once at the vault level and no more.
Which other solutions did I evaluate?
For PKI management, TLS certificate renewal or revocation "cert-manager workflow" can be useful but, at times, not as compliant as expected.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Chief Technology Officer at LondonLink OTC Limited
Secures different environments and has good stability
Pros and Cons
- "It is a good product to consider for companies who are looking to build on-premise or hybrid infrastructure."
- "The product is complicated to install."
What is our primary use case?
We use HashiCorp Vault to manage and keep all secrets and configurations in SQL. It works as central storage, securing different environments.
What needs improvement?
The product is complicated to install. It could be easier. Additionally, its pricing model needs improvement.
For how long have I used the solution?
We have been using HashiCorp Vault for the last three years.
What do I think about the stability of the solution?
It is a stable product.
What do I think about the scalability of the solution?
We have 10 HashiCorp Vault users in our organization.
How was the initial setup?
The initial setup is complicated compared to AWS. We use Ansible for script automation. It takes one week and requires one senior DevOps engineer to execute the process.
What about the implementation team?
We implemented the product in-house.
What's my experience with pricing, setup cost, and licensing?
The product is expensive. However, we use the open-source version.
What other advice do I have?
I rate HashiCorp Vault an eight out of ten. It is a good product to consider for companies who are looking to build on-premise or hybrid infrastructure.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Easy to use and integrate, but the documentation needs to be updated and improved
Pros and Cons
- "This solution is easy to use and to integrate."
- "The documentation is very general; it should have more examples and more use cases."
What is our primary use case?
We are currently conducting a PoC with HashiCorp vault to see if it meets our requirements. I have ten different use cases for the evaluation.
We are integrating it into our Key Management Service. In my previous company, we were using it to store all of our keys and secret certificates.
How has it helped my organization?
In my previous organization, all of the requirements and use cases worked well.
What is most valuable?
The most valuable feature is the hub cluster in Consul.
This solution is easy to use and to integrate.
What needs improvement?
The documentation is very general; it should have more examples and more use cases. Basically, they just tell you the syntax without a better explanation of how to do things.
We learned all of the Vault Commands (CLI) and they work fine, except when we are running on an EKS cluster then the syntax changes. Most of the commands are not working.
For how long have I used the solution?
I have been using HashiCorp Vault for less than a year.
What do I think about the stability of the solution?
Vault, so far, has been stable for me. I have had some trouble with Terraform, which I find is not very stable.
What do I think about the scalability of the solution?
It is easy to scale this solution. I spin up a cluster and on top of that, I install Vault. On the backend, I use Consul for my wallet.
How are customer service and technical support?
Because I am using the open-source version, I have not contacted technical support.
Which solution did I use previously and why did I switch?
We did not use another solution before beginning our PoC.
How was the initial setup?
The initial setup is easy and it is not complex or difficult to configure. You just have to understand the basic concepts of authentication.
Downloading vault and installing it, including Consul, will only take 15 or 20 minutes. The configuration depends on the use cases and depending on them, the length of time it takes will vary. It should take no longer than a day.
What's my experience with pricing, setup cost, and licensing?
I am using the open-source version of Vault and I would have to buy a license if I want to get support.
Which other solutions did I evaluate?
This is the first solution that we are evaluating. If the PoC does not go well then we will be looking into other solutions. We did not consider other options because we felt that Vault would do what we wanted.
What other advice do I have?
One of the questions that I have been trying to solve is whether it is possible to update the cloud AWS keys from the on-premises solution. I have been through the documentation and the blogs and still do not know whether it is possible. Definitely, they can be managed once they have been deployed into the cloud, but I want to know the other way around. Our intention is ultimately to deploy on-premises, which is why this is important.
My advice for anybody who is implementing this solution is to fully go through the documentation and understand all of the use cases before implementing it.
I would rate this solution a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cloud Architect
Free to use and simple to navigate but has a complex setup
Pros and Cons
- "The interface is very simple to navigate."
- "The technical support was hard to get a hold of and lacking in service."
What is most valuable?
The integration with other HashiCorp tools is very, very good.
The solution is free to use.
The interface is very simple to navigate.
What needs improvement?
We found that Microsoft Azure Vault is better due to the fact that it has integration with all of the Azure services.
It would be better if it integrated more broadly with cloud API such as Amazon Web services, et cetera.
The error handling could be a bit better.
The technical support was hard to get a hold of and lacking in service.
The initial setup could be simplified.
For how long have I used the solution?
I have used the solution for two years. the last time I used the solution was at my old company and that was about a year or so ago.
How are customer service and technical support?
We didn't deal too much with technical support.
Largely, we would do any repairs by looking at the documentation on our phones. They never came to the office for technical support.
They could improve their services. For example, in the case of Microsoft, you can easily create a ticket and within an hour or two get a response. When you are working with the cloud, more frequent responses are important. With this solution, we didn't even know how to initiate asking for help. We'd try to create a ticket and found that getting help would take a very long time. That's why we ended up doing our own research. We'd look at videos and work at debugging manually.
I wouldn't say that we were satisfied with the level of suppirt.
How was the initial setup?
The initial setup is a bit complex.
There are two ways to set up the solution. One was with the cloud in production, where we were using integration with the cloud. Cloud account. In that case, sometimes, it requires tracking errors, which comes while integrating the cloud. That was the main problem. We mostly do our manual recheck and look for any issues via diagnosis logs. The error handling could be better.
What's my experience with pricing, setup cost, and licensing?
I wasn't involved in licensing, although it is my understanding that many of HashiCorp products are free of cost. There are premium services you could purchase, however, our organization only used the free versions.
What other advice do I have?
My previous organization was using this solution, whereas the current organization I work for is not. This is due to the fact that we work on multiple projects. We are a research team, and the delivery team does the implementation. We just propose solutions to clients based on their particular requirements. We tend to use many different solutions and tools at this company.
I'd rate the solution at a six out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Technical Lead at Fortude.co
Offers the ability to share tokens and leasing
Pros and Cons
- "The solution is stable. It has been working perfectly without any problem."
- "The solution could be much easier to implement."
What is most valuable?
The most valuable features are the ability to share tokens and leasing.
What needs improvement?
The solution could be much easier to implement. We are trying to implement it now.
For how long have I used the solution?
I've been working with the solution for about one and a half years.
What do I think about the stability of the solution?
The solution is stable. It has been working perfectly without any problem.
How are customer service and support?
We went with the opensource version, so we did not get enterprise support.
Which solution did I use previously and why did I switch?
Previously, we had just a simple key-value store use case. Then it came into the users sharing their password across the company and using it for the deployment. That is the reason we moved up to the HashiCorp Vault.
If it's just simple things, I'll go with the AWS Secrets Manager. But since we have additional requirements, that is the reason for looking at HashiCorp Vault.
What's my experience with pricing, setup cost, and licensing?
We are using the open-source version. At the moment, our cost is basically the engineer's work time and the infrastructure costs. But compared to the AWS Parameter Store, the AWS version is much cheaper than HashiCorp Vault.
What other advice do I have?
I would rate Vault an eight out of ten because of the recurrent requirement.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free HashiCorp Vault Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Enterprise Password ManagersPopular Comparisons
CyberArk Privileged Access Manager
Azure Key Vault
AWS Secrets Manager
Delinea Secret Server
JumpCloud
BeyondTrust Password Safe
LastPass
1Password
ManageEngine Password Manager Pro
Delinea Privileged Access Service
Bitwarden
Dashlane
Akeyless Secrets Management
Zoho Vault
Buyer's Guide
Download our free HashiCorp Vault Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which is better - HashiCorp Vault or AWS Secrets Manager?
- What are some best practices to implement for secure employee password management?
- What advice do you have for an enterprise user on Password Day 2021?
- When evaluating Enterprise Password Managers, what aspect do you think is the most important to look for?
- What should one take into account when selecting an enterprise password manager?