Try our new research platform with insights from 80,000+ expert users

CyberArk Privileged Access Manager vs HashiCorp Vault comparison

CyberArk and HashiCorp are both solutions in the Enterprise Password Managers category. CyberArk is ranked #3 with an average rating of 8.6, while HashiCorp is ranked #5 with an average rating of 8.8. CyberArk holds a 7.7% mindshare in EPM, compared to HashiCorp’s 10.0% mindshare. Additionally, 95% of CyberArk users are willing to recommend the solution, compared to 89% of HashiCorp users who would recommend it.
CyberArk Privileged Access ...
Read 227 CyberArk Privileged Access Manager reviews
  • 15,344 Views
  • 3,989 Comparison Views
95% willing to recommend
HashiCorp Vault
Read 18 HashiCorp Vault reviews
  • 5,644 Views
  • 5,644 Comparison Views
89% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Dec 16, 2024

CyberArk Privileged Access Manager and HashiCorp Vault compete in privileged access management and secrets management. CyberArk may have an advantage due to its modular, feature-rich design appealing to enterprises with complex needs.

Features: CyberArk Privileged Access Manager provides Central Policy Manager, Privileged Session Manager, and Enterprise Password Vault, facilitating modular integrations and scalability for managing, protecting, and monitoring privileged access. HashiCorp Vault emphasizes secrets management with dynamic secrets and leasing, supporting API integration suited for DevOps and cloud-agnostic environments.

Room for Improvement: CyberArk could improve user experience, session recording search, better documentation, and user training. Meanwhile, HashiCorp Vault users require enhanced cloud integration documentation and a more intuitive initial setup process.

Ease of Deployment and Customer Service: CyberArk supports on-premises, private, and hybrid clouds targeting large enterprises with complex deployments, offering costly yet comprehensive support. HashiCorp Vault, offering an open-source version, suits those with cloud deployments needing fewer resources but may lack the structured support that CyberArk provides.

Pricing and ROI: CyberArk is often expensive, with additional fees for certain features but offers significant ROI in security and risk reduction. HashiCorp Vault's open-source option offers cost savings, with enterprise features scaling in cost but providing reasonable pricing for advanced features, making it a sustainable option for long-term investments with potentially lower upfront costs.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed CyberArk Privileged Access Manager vs. HashiCorp Vault Report (Updated: September 2025).
Buyer's Guide
CyberArk Privileged Access Manager vs. HashiCorp Vault
September 2025
Download the complete report
Helped 869,785 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

CyberArk Privileged Access ...
Ranking in Enterprise Password Managers
3rd
Average Rating
8.6
Reviews Sentiment
6.8
Number of Reviews
227
Ranking in other categories
User Activity Monitoring (1st), Privileged Access Management (PAM) (1st), Mainframe Security (2nd), Operational Technology (OT) Security (3rd)
HashiCorp Vault
Ranking in Enterprise Password Managers
5th
Average Rating
8.2
Reviews Sentiment
7.2
Number of Reviews
18
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of October 2025, in the Enterprise Password Managers category, the mindshare of CyberArk Privileged Access Manager is 7.7%, down from 7.8% compared to the previous year. The mindshare of HashiCorp Vault is 10.0%, down from 13.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Enterprise Password Managers Market Share Distribution
ProductMarket Share (%)
CyberArk Privileged Access Manager7.7%
HashiCorp Vault10.0%
Other82.3%
Enterprise Password Managers
 

Featured Reviews

Atul-Gujar - PeerSpot reviewer
Secures critical infrastructures with essential user session audit records
A potential area for improvement is enhancing support for cluster environments and distributed Vaults. Clients in multiple countries that need central access have different challenges that require better solutions from CyberArk. For financial services, CyberArk can improve incident response by ensuring fast support for critical priority tickets to meet compliance requirements. Providing more documentation on CyberArk is recommended for new team members to enhance their troubleshooting capabilities. I understand it's up to the client, but 99% fail to change the demo key, so it's crucial for CyberArk to emphasize changing the key and documenting it as part of the installation process.
Read full review
Anand-Awasthi - PeerSpot reviewer
Offers dynamic secrets and certificate management for proactive security measures
The best features in HashiCorp Vault are its dynamic certificate management and dynamic secret management, which are the key features that use data effectively. These are very targeted use cases that cut across multiple solutions. I have utilized Vault's encryption capabilities for securing data in transit and at rest, especially for dynamically consuming database encryption, which covers the requirements of various scenarios where databases do not have encryption capability. HashiCorp Vault provides security by rotating the keys and taking all the burden of securing the data from the database. These are key core features that many users employ in this solution. Vault's audit logs provide insights into access patterns and help ensure compliance. These facilities are configurable, and the logs are encrypted, ensuring that anything recorded in the logs is secure. We could use systems that comply with specific standards for audit logging and scanning, especially when working with them. The benefits from HashiCorp Vault include significant advantages in security lifecycle management itself. The value becomes apparent when security incidents occur. It has substantial value in proactively protecting from adverse situations, providing resilience and appreciation by customers in complete security lifecycle management solutions for core infrastructure applications.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We are utilizing CyberArk to secure applications, credentials, and endpoints."
"I really like the PTA (Privileged Threat Analytics). I find this the best feature."
"The Password Upload Utility tool makes it easier when setting up a Safe that contains multiple accounts and has cut down the amount of time that it takes to complete the task."
"The PSM is excellent and the ability to write your own connectors and plugins is invaluable as far as flexibility goes."
"The automatic password management is the most important feature. The second most important feature is the ability to enforce dual control on the release of those passwords. The combination of these two features is the most important thing for us because we can show that we're in control of who uses any non-personal account, and when they do so."
"The best thing about CyberArk Privileged Access Manager is that they keep on upgrading it. They continually conduct research and development from their end, and we get immediate support from CyberArk whenever OEM support is required for any task."
"The password management feature is valuable."
"If any intruder gets inside, they would not be able to move around nor do lateral movements. It minimize any attack problems within our network."
More CyberArk Privileged Access Manager pros
"The most valuable feature of HashiCorp Vault is version control."
"The interface is very simple to navigate."
"We were using it because we have compliance requirements around secret management. Having a secure vault and encrypting data was an additional requirement. When we looked at it first, we were just looking for a vault, like a lockbox. The greatest benefit of HashiCorp is its ability to manage encryption on the fly. It provides encryption of data at rest, in use, in transit, on the fly, and linked with applications, which was really attractive."
"It is a good product to consider for companies who are looking to build on-premise or hybrid infrastructure."
"For me, the most valuable features include that it's easy to manage and maintain the password API for retrieving passwords and other things."
"The product is free and easy to use. It is well documented with an easy implementation process."
"This solution is easy to use and to integrate."
"It's stable. I would rate the stability a nine out of ten."
More HashiCorp Vault pros
 

Cons

"Online help needs to be looked into with live agent support."
"I sometimes require learning resources when there is a new solution for CyberArk."
"We would like to expand the usage of the auto discovery accounts feed, then on our end, tie in the REST API for automation."
"Password Vault is much pricier than other solutions. A vendor team might struggle to explain why that price is justified. There are good alternatives that cost less."
"We would, of course, always prefer it if the pricing was cheaper."
"The solution could improve by adding more connectors."
"Customer support is somewhat lacking. They are often unavailable on Fridays, and the support process, such as raising a call or case, can take too long."
"It could be more user-friendly. Sometimes I encounter issues, and I do not know what the issue is. It takes a lot of time to find the error and fix it. Sometimes it gives an error, but I do not know what the error is. I have to find the documents, but it does not provide all the details needed to fix the error. This is one of the day-to-day issues with CyberArk."
More CyberArk Privileged Access Manager cons
"A drawback for some clients who have to be PCI compliant is that they still need to use and subscribe to an HSM (Hardware Security Module) solution."
"We could use more documentation, primarily to do with integrations."
"In terms of features, the only thing that I found a little bit hinky was that there was no revocation or deletion on the model we were using. Once in a financial year, a client interacts, and you pay for that client for the year. So, there are just little things like that in the pricing. There should be more clarity around the end of the key. I know there is no system like this. They all are the same. I tested Microsoft, Google, and some others, and none of them really want you to delete a key, which makes sense. You delete a key, and you lose everything that it has wrapped or encrypted, but it's actually just a language. Deletion isn't really deletion. It's really revocation, but overall, HashiCorp Vault ticked all the boxes for us, and I couldn't fault it."
"An improvement needed is the ability for auto-initialization. There should be an inbuilt option for automatic initialization rather than running it manually."
"The onboarding is a challenge. It should be more self-service, but it involves reviews and approvals."
"The solution could be much easier to implement."
"I would rate the stability a six out of ten. There are some bugs and glitches. We are in touch with the vendor to resolve them."
"In my opinion, HashiCorp Vault could improve its user interface. Right now, they don't offer much in terms of a graphical interface, which means you usually have to manage things manually through API calls. I think CyberArk has a better approach because it provides a UI that integrates features across all its components, making it easier, especially for new users or those from organizations with strict licensing policies."
More HashiCorp Vault cons
 

Pricing and Cost Advice

"Payments have to be made on a yearly basis toward the licensing costs of the solution."
"CyberArk DNA is free if you purchase the CyberArk solution. There is no additional charge for CyberArk DNA, which is great."
"Pricing is quite high and it could be improved."
"The solution is costly but we get what we pay for."
"The SaaS version of CyberArk Enterprise Password Vault is very expensive, but the on-premises version is relative, e.g. depending on the size of the environment, it can be a bit pricey, but it's relatively okay compared to the others."
"There are no additional costs other than the standard licensing fees."
"It is not a cheap solution. It is expensive as compared with other solutions. However, it is one of the best solutions in their domain."
"Cost efficiency is the number one thing that can be improved in my mind. This would change lots of companies minds on purchasing the product."
More CyberArk Privileged Access Manager pricing and cost advice
"It could do everything we wanted it to do and it is brilliant, but it is super pricey. To be fair to HashiCorp, we drove the price up with our requirements around resiliency. Because of the nature of our company, we don't really operate in the cloud."
"I am using the open-source version of Vault and I would have to buy a license if I want to get support."
"The solution's cost is reasonable."
"The product is expensive."
"In my case, the open-source version works well. It's advisable for small to medium-scale organizations, but for large-scale organizations, you should go with the enterprise version."
"The AWS version is much cheaper than HashiCorp Vault."
report
See which vendors are best for you
Use our free recommendation engine to learn which Enterprise Password Managers solutions are best for your needs.
See recommendations
869,785 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Computer Software Company
15%
Manufacturing Company
9%
Government
6%
Financial Services Firm
19%
Computer Software Company
13%
Manufacturing Company
9%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business59
Midsize Enterprise41
Large Enterprise171
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise4
Large Enterprise9
 

Questions from the Community

How does Sailpoint IdentityIQ compare with CyberArk PAM?
We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the m...
See all answers
What do you like most about CyberArk Privileged Access Manager?
The most valuable features of the solution are control and analytics.
See all answers
What is your experience regarding pricing and costs for CyberArk Privileged Access Manager?
Regarding costs, CyberArk Privileged Access Manager is not a cheap product; hence, many companies struggle with its high licensing cost. While it's valuable, it comes with a high price tag, making ...
See all answers
Which is better - HashiCorp Vault or AWS Secrets Manager?
HashiCorp Vault was designed with your needs in mind. One of the features that makes this evident is its ability to work as both a cloud-agnostic and a multi-cloud solution. As a cloud-agnostic sol...
See all answers
What do you like most about HashiCorp Vault?
The feature I find most beneficial in HashiCorp Vault is the secret engine. It integrates smoothly with many applications, making it easy to set up and implement quickly. This allows you to test it...
See all answers
What is your experience regarding pricing and costs for HashiCorp Vault?
If I were to set it up in AWS Secret Management, I would have to manage it, pay, and create secrets without being cloud agnostic. The advantage with Vault is that it is cloud agnostic. I can deploy...
See all answers
 

Comparisons

Microsoft Entra ID vs CyberArk Privileged Access Manager Logo
Microsoft Entra ID vs CyberArk Privileged Access Manager
Compared 7% of the time
WALLIX Bastion vs CyberArk Privileged Access Manager Logo
WALLIX Bastion vs CyberArk Privileged Access Manager
Compared 6% of the time
Delinea Secret Server vs CyberArk Privileged Access Manager Logo
Delinea Secret Server vs CyberArk Privileged Access Manager
Compared 5% of the time
Cisco Identity Services Engine (ISE) vs CyberArk Privileged Access Manager Logo
Cisco Identity Services Engine (ISE) vs CyberArk Privileged Access Manager
Compared 5% of the time
Keeper Enterprise Password Manager vs CyberArk Privileged Access Manager Logo
Keeper Enterprise Password Manager vs CyberArk Privileged Access Manager
Compared 3% of the time
More CyberArk Privileged Access Manager Competitors
Bitwarden vs HashiCorp Vault Logo
Bitwarden vs HashiCorp Vault
Compared 28% of the time
Keeper Enterprise Password Manager vs HashiCorp Vault Logo
Keeper Enterprise Password Manager vs HashiCorp Vault
Compared 11% of the time
AWS Secrets Manager vs HashiCorp Vault Logo
AWS Secrets Manager vs HashiCorp Vault
Compared 10% of the time
Delinea Secret Server vs HashiCorp Vault Logo
Delinea Secret Server vs HashiCorp Vault
Compared 10% of the time
Azure Key Vault vs HashiCorp Vault Logo
Azure Key Vault vs HashiCorp Vault
Compared 7% of the time
More HashiCorp Vault Competitors
 

Product Reports

Buyer's Guide
CyberArk Privileged Access Manager
October 2025
CyberArk Privileged Access Manager reportDownload CyberArk Privileged Access Manager product report
Buyer's Guide
HashiCorp Vault
October 2025
HashiCorp Vault reportDownload HashiCorp Vault product report
 

Also Known As

CyberArk Privileged Access Security, CyberArk Enterprise Password Vault
No data available
 

Overview

CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.

CyberArk Privileged Access Manager possesses a simplified and unified user interface. Users are able to manage the solution from one place. The UI allows users to view and manage all of the information and controls that administrators need to be able to easily access. Very often, management UIs do not have all of the controls and information streamlined in a single location. This platform provides a level of visibility that ensures users will be able to view all of their system’s most critical information at any time that they wish.

Benefits of CyberArk Privileged Access Manager

Some of CyberArk Privileged Access Manager’s benefits include:

  • The ability to manage IDs and permissions across a cloud environment. In a world where being able to work remotely is becoming increasingly important, CyberArk Privileged Access Manager is a very valuable tool. Administrators do not need to worry about infrastructure security when they are away from the office. They can assign and manage security credentials from anywhere in the world.
  • The ability to manage the program from a single centralized UI. CyberArk Privileged Access Manager’s UI contains all of the system controls and information. Users now have the ability to view and use all of their system’s most critical information and controls from one place.
  • The ability to automate user management tasks. Administrators can save valuable time by assigning certain management tasks to be fulfilled by the system itself. Users can now reserve their time for tasks that are most pressing. It can also allow for the system to simplify the management process by having the platform perform the most complex functions.

Reviews from Real Users

CyberArk Privileged Access Manager’s software stands out among its competitors for one very fundamental reason. CyberArk Privileged Access Manager is an all-in-one solution. Users are given the ability to accomplish with a single platform what might usually only be accomplished with multiple solutions.

PeerSpot users note the truly all-in-one nature of this solution. Mateusz K., IT Manager at a financial services firm, wrote, "It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."

Hichem T.-B., CDO & Co-Founder at ELYTIK, noted that “This is a complete solution that can detect cyber attacks well. I have found the proxy features most valuable for fast password web access.”

CyberArk

HashiCorp Vault is a cloud-agnostic solution used for security and secret management. Its valuable features include integration with other HashiCorp tools, token sharing, open source nature, cloud agnosticism, and on-the-fly encryption management. 

The solution provides encryption of data at rest, in use, in transit, on the fly, and linked with applications. It is free to use, and the interface is simple to navigate. HashiCorp Vault has helped organizations with its multiple authentication methods and RESTful API.

HashiCorp Vault Features

  • Data encryption: The solution is capable of encrypting and decrypting data, and will not store it. Organizations’ security personnel define their own encryption protocols; developers can store the encrypted data where they choose and are not obligated to design specific encryption processes.

  • Robust secrets: For systems such as AWS or SQL databases, Vault is able to generate secrets automatically. HashiCorp Vault is able to generate AWS keypairs with all the appropriate permissions when necessary, and when the approved time expires, will nullify them.

  • Secure secret storage: Any type of value or key secrets can be stored in the Vault. The Vault automatically encrypts the desired secrets before recording them into persistent storage, keeping them safe and secure. Users can record data using HCP Vault’s Consul service or disk, or choose from other options.

  • Nullification: Vault is able to nullify single secrets or all secrets from a particular group or specific user. This process is integral in securing systems in the event of an attack or inappropriate access.

Reviews from Real Users

The greatest benefit of HashiCorp is its ability to manage encryption on the fly. It provides encryption of data at rest, in use, in transit, on the fly, and linked with applications, which was really attractive. The lifecycle of a key is so easy to manage in terms of rotating, revoking, and issuing. They have different auth methods, and I tried all different auth methods. It is seamless.”- Project Manager at a comms service provider.

“The most valuable feature of HashiCorp Vault is that it's an open source solution. Second, it's cloud-agnostic, so it's very easy to maintain and control, which is why we prefer HashiCorp. “ - Mohamed A., Lead DevOps Engineer at Etisalat.

HashiCorp
 

Sample Customers

Rockwell Automation
Adobe, SAP Ariba, Citadel, Spaceflight, Cruise
Buyer's Guide
CyberArk Privileged Access Manager vs. HashiCorp Vault
September 2025
Free Report: CyberArk Privileged Access Manager vs. HashiCorp Vault
Find out what your peers are saying about CyberArk Privileged Access Manager vs. HashiCorp Vault and other solutions. Updated: September 2025.
DOWNLOAD NOW
869,785 professionals have used our research since 2012.
See our CyberArk Privileged Access Manager vs. HashiCorp Vault report.
See our list of best Enterprise Password Managers vendors.

We monitor all Enterprise Password Managers reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.