AWS Secrets Manager vs HashiCorp Vault comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Mar 6, 2024

We compared HashiCorp Vault and AWS Secrets Manager based on our user's reviews in several parameters.

HashiCorp Vault is praised for its security, ease of use, and ROI, while AWS Secrets Manager stands out for its efficient integration with AWS services and user-friendly interface. HashiCorp Vault offers flexibility in pricing and setup, whereas AWS Secrets Manager is commended for its competitive pricing and straightforward setup process. Both products have areas for improvement, with HashiCorp Vault focusing on user interface enhancements and AWS Secrets Manager on clearer documentation and better integration with other AWS services.

Features: HashiCorp Vault excels in providing superb security measures, comprehensive functionality, and seamless integration with other tools and platforms. On the other hand, AWS Secrets Manager focuses on secure data storage, efficient integration with AWS services, and robust security measures.

Pricing and ROI: The setup cost for HashiCorp Vault is minimal, making it easy to get started. Users appreciate the affordability and flexibility of the pricing and licensing options. On the other hand, AWS Secrets Manager also offers competitive pricing and ensures a straightforward setup. The licensing is flexible and caters to diverse needs., HashiCorp Vault offers enhanced security, control over access privileges, compliance, efficiency, and integration, while AWS Secrets Manager provides cost-effective and secure management, easy integration, and automated secret rotation.

Room for Improvement: HashiCorp Vault has room for improvement in areas such as user interface, documentation, integration, scalability, and performance. AWS Secrets Manager, on the other hand, needs enhancements in documentation, examples, integration with other AWS services, and user interface.

Deployment and customer support: Users reported varying durations for establishing a new tech solution using HashiCorp Vault. Some took 3 months for deployment and an extra week for setup, while others required only a week for both. AWS Secrets Manager also had varied durations, with users taking up to 3 months for deployment or just a week. When mentioned separately, deployment and setup should be considered distinct phases, but if the same timeframe is given, they should be assumed to refer to the same period., Users have expressed satisfaction with HashiCorp Vault's customer service and support, appreciating the prompt and helpful assistance received. Similarly, AWS Secrets Manager has also received positive feedback for their knowledgeable and efficient responses, effectively addressing and resolving customer issues.

The summary above is based on 18 interviews we conducted recently with HashiCorp Vault and AWS Secrets Manager users. To access the review's full transcripts, download our report.

To learn more, read our detailed AWS Secrets Manager vs. HashiCorp Vault Report (Updated: March 2024).
765,386 professionals have used our research since 2012.
Q&A Highlights
Question: Which is better - HashiCorp Vault or AWS Secrets Manager?
Answer: yet to learn both
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature is security.""The most valuable feature of AWS Secrets Manager is its seamless integration with various AWS services.""The product is easy to use and is inexpensive.""The most valuable feature is the management of credentials.""Integrating with other services was straightforward, especially within the AWS environment.""All our workloads are running on AWS, so integration with our workload is much easier on AWS Secrets Manager than going with another solution such as Thycotic.""The API is fine and works well.""The most valuable feature is usability, as it is quite user-friendly."

More AWS Secrets Manager Pros →

"The solution is stable. It has been working perfectly without any problem.""We were using it because we have compliance requirements around secret management. Having a secure vault and encrypting data was an additional requirement. When we looked at it first, we were just looking for a vault, like a lockbox. The greatest benefit of HashiCorp is its ability to manage encryption on the fly. It provides encryption of data at rest, in use, in transit, on the fly, and linked with applications, which was really attractive.""It is user-friendly and easy to implement from any application point.""The tool's dynamic rotation of the password credentials is good.""For me, the most valuable features include that it's easy to manage and maintain the password API for retrieving passwords and other things.""The most valuable feature of HashiCorp Vault is that it's an open source solution. Second, it's cloud agnostic, so it's very easy to maintain and control, which is why we prefer HashiCorp.""It can still be configured by a separate team other than developers. That's why I think it's more secure.""It is an added value for our customers to have a Secrets Management workflow available that is PaaS/CaaS/KaaS Platform agnostic."

More HashiCorp Vault Pros →

Cons
"The price of the solution could improve.""AWS Secrets Manager could support hybrid infrastructure.""It would be good if the AWS Secrets Manager were more customizable.""We occasionally have problems with rate limits, although that is a problem more generally with AWS.""An area for improvement in AWS Secrets Manager could be expanding integration options beyond AWS services.""The sidecar feature has room for improvement.""The solution's initial setup process is complicated.""There is room for improvement in terms of integrating with certain other platforms."

More AWS Secrets Manager Cons →

"The solution could be much easier to implement.""The technical support was hard to get a hold of and lacking in service.""I would like to see better integration of HashiCorp Vault with SAP products.""I would rate the stability a six out of ten. There are some bugs and glitches. We are in touch with the vendor to resolve them.""I don't think there are any major improvements required—so far, so good. However, I think that having more training materials, such as videos, and documentation available would be helpful. I would prefer to have more videos available either on the official site or on YouTube.""In terms of features, the only thing that I found a little bit hinky was that there was no revocation or deletion on the model we were using. Once in a financial year, a client interacts, and you pay for that client for the year. So, there are just little things like that in the pricing. There should be more clarity around the end of the key. I know there is no system like this. They all are the same. I tested Microsoft, Google, and some others, and none of them really want you to delete a key, which makes sense. You delete a key, and you lose everything that it has wrapped or encrypted, but it's actually just a language. Deletion isn't really deletion. It's really revocation, but overall, HashiCorp Vault ticked all the boxes for us, and I couldn't fault it.""The onboarding is a challenge. It should be more self-service, but it involves reviews and approvals.""A drawback for some clients who have to be PCI compliant is that they still need to use and subscribe to an HSM (Hardware Security Module) solution."

More HashiCorp Vault Cons →

Pricing and Cost Advice
  • "I don't believe there is a license cost for the solution."
  • "We've observed that AWS Secrets Manager pricing is based on a per-secret-per-month model. As a result, we prefer to divide our secrets into individual pieces to increase security and grant specific access permissions to certain secrets, systems, or individuals. However, this approach results in higher costs. Therefore, we have been exploring ways to combine our secrets into groups to reduce expenses and simplify management. Nonetheless, we acknowledge that this issue may not be related to the secret manager's functionality."
  • "The solution is expensive."
  • "We purchase a monthly license for the product."
  • "The cost is somewhat high."
  • More AWS Secrets Manager Pricing and Cost Advice →

  • "I am using the open-source version of Vault and I would have to buy a license if I want to get support."
  • "The AWS version is much cheaper than HashiCorp Vault."
  • "It could do everything we wanted it to do and it is brilliant, but it is super pricey. To be fair to HashiCorp, we drove the price up with our requirements around resiliency. Because of the nature of our company, we don't really operate in the cloud."
  • "The solution's cost is reasonable."
  • "The product is expensive."
  • "In my case, the open-source version works well. It's advisable for small to medium-scale organizations, but for large-scale organizations, you should go with the enterprise version."
  • More HashiCorp Vault Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Enterprise Password Managers solutions are best for your needs.
    765,386 professionals have used our research since 2012.
    Answers from the Community
    Netanya Carmi
    Questions from the Community
    Top Answer:Azure Key Vault is a SaaS solution. You can easily store passwords and secrets securely and encrypt them. Azure Key Vault is a great solution to ensure you are compliant with security and governance… more »
    Top Answer:HashiCorp Vault was designed with your needs in mind. One of the features that makes this evident is its ability to work as both a cloud-agnostic and a multi-cloud solution. As a cloud-agnostic… more »
    Top Answer:The most valuable feature of AWS Secrets Manager is its seamless integration with various AWS services.
    Top Answer:It's stable. I would rate the stability a nine out of ten.
    Top Answer:The enterprise version would require considering factors like the level of support needed, the amount of secret data being stored, and replication needs. But in my case, the open-source version works… more »
    Top Answer:The onboarding is a challenge. It should be more self-service, but it involves reviews and approvals.
    Ranking
    Views
    16,197
    Comparisons
    14,233
    Reviews
    9
    Average Words per Review
    334
    Rating
    8.8
    Views
    19,546
    Comparisons
    13,475
    Reviews
    9
    Average Words per Review
    447
    Rating
    8.4
    Comparisons
    Learn More
    Overview

    AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.

    HashiCorp Vault is a cloud-agnostic solution used for security and secret management. Its valuable features include integration with other HashiCorp tools, token sharing, open source nature, cloud agnosticism, and on-the-fly encryption management. 

    The solution provides encryption of data at rest, in use, in transit, on the fly, and linked with applications. It is free to use, and the interface is simple to navigate. HashiCorp Vault has helped organizations with its multiple authentication methods and RESTful API.

    HashiCorp Vault Features

    • Data encryption: The solution is capable of encrypting and decrypting data, and will not store it. Organizations’ security personnel define their own encryption protocols; developers can store the encrypted data where they choose and are not obligated to design specific encryption processes.

    • Robust secrets: For systems such as AWS or SQL databases, Vault is able to generate secrets automatically. HashiCorp Vault is able to generate AWS keypairs with all the appropriate permissions when necessary, and when the approved time expires, will nullify them.

    • Secure secret storage: Any type of value or key secrets can be stored in the Vault. The Vault automatically encrypts the desired secrets before recording them into persistent storage, keeping them safe and secure. Users can record data using HCP Vault’s Consul service or disk, or choose from other options.

    • Nullification: Vault is able to nullify single secrets or all secrets from a particular group or specific user. This process is integral in securing systems in the event of an attack or inappropriate access.

    Reviews from Real Users

    The greatest benefit of HashiCorp is its ability to manage encryption on the fly. It provides encryption of data at rest, in use, in transit, on the fly, and linked with applications, which was really attractive. The lifecycle of a key is so easy to manage in terms of rotating, revoking, and issuing. They have different auth methods, and I tried all different auth methods. It is seamless.”- Project Manager at a comms service provider.

    “The most valuable feature of HashiCorp Vault is that it's an open source solution. Second, it's cloud-agnostic, so it's very easy to maintain and control, which is why we prefer HashiCorp. “ - Mohamed A., Lead DevOps Engineer at Etisalat.

    Sample Customers
    Autodesk, Clevy, Stackery
    Adobe, SAP Ariba, Citadel, Spaceflight, Cruise
    Top Industries
    REVIEWERS
    Computer Software Company50%
    Retailer13%
    Energy/Utilities Company13%
    Manufacturing Company13%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm14%
    Manufacturing Company7%
    Insurance Company6%
    REVIEWERS
    Financial Services Firm44%
    Comms Service Provider33%
    Pharma/Biotech Company11%
    University11%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company15%
    Manufacturing Company7%
    Healthcare Company6%
    Company Size
    REVIEWERS
    Small Business50%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise14%
    Large Enterprise66%
    REVIEWERS
    Small Business21%
    Midsize Enterprise29%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise12%
    Large Enterprise69%
    Buyer's Guide
    AWS Secrets Manager vs. HashiCorp Vault
    March 2024
    Find out what your peers are saying about AWS Secrets Manager vs. HashiCorp Vault and other solutions. Updated: March 2024.
    765,386 professionals have used our research since 2012.

    AWS Secrets Manager is ranked 3rd in Enterprise Password Managers with 12 reviews while HashiCorp Vault is ranked 2nd in Enterprise Password Managers with 15 reviews. AWS Secrets Manager is rated 8.8, while HashiCorp Vault is rated 8.2. The top reviewer of AWS Secrets Manager writes "Seamlessly integrates with various AWS services while offering reasonable pricing". On the other hand, the top reviewer of HashiCorp Vault writes "Easy to manage and maintain the password API but stability could be improved". AWS Secrets Manager is most compared with Azure Key Vault, 1Password, CyberArk Enterprise Password Vault, Delinea Secret Server and BeyondTrust Password Safe, whereas HashiCorp Vault is most compared with Azure Key Vault, CyberArk Enterprise Password Vault, Delinea Secret Server, Keeper and BeyondTrust Password Safe. See our AWS Secrets Manager vs. HashiCorp Vault report.

    See our list of best Enterprise Password Managers vendors.

    We monitor all Enterprise Password Managers reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.