CyberArk Privileged Access Manager vs Delinea Secret Server vs HashiCorp Vault comparison

CyberArk and Delinea are both solutions in the Enterprise Password Managers category. CyberArk is ranked #2 with an average rating of 8.7, while Delinea is ranked #5 with an average rating of 8.1. CyberArk holds a 8.0% mindshare in EPM, compared to Delinea’s 7.1% mindshare. Additionally, 94% of CyberArk users are willing to recommend the solution, compared to 90% of Delinea users who would recommend it.

CyberArk Privileged Access ...

Read 223 CyberArk Privileged Access Manager reviews

5,751 Views
2,973 Comparison Views

94% willing to recommend

Delinea Secret Server

Read 52 Delinea Secret Server reviews

4,678 Views
1,664 Comparison Views

90% willing to recommend

HashiCorp Vault

Read 17 HashiCorp Vault reviews

7,484 Views
4,565 Comparison Views

89% willing to recommend

CyberArk Privileged Access ...

Delinea Secret Server

HashiCorp Vault

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between CyberArk Privileged Access Manager, Delinea Secret Server, and HashiCorp Vault based on real PeerSpot user reviews.

Find out what your peers are saying about Microsoft, CyberArk, Amazon Web Services (AWS) and others in Enterprise Password Managers.

To learn more, read our detailed Enterprise Password Managers Report (Updated: May 2025).

Buyer's Guide

Enterprise Password Managers

May 2025

Download the complete report

Helped 854,338 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Mindshare comparison

As of June 2025, in the Enterprise Password Managers category, the mindshare of CyberArk Privileged Access Manager is 8.0%, down from 9.0% compared to the previous year. The mindshare of Delinea Secret Server is 7.1%, up from 6.8% compared to the previous year. The mindshare of HashiCorp Vault is 11.9%, down from 14.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Enterprise Password Managers

Featured Reviews

Abdul Durrani

Security Manager at Insight

Enables granular and secure access with just-in-time access and Zero Trust model

CyberArk provides a good amount of control over access types. However, as a future enhancement, having additional features for cross-platform integration would be beneficial. It would be good to have integrations with other tools and firewalls, such as Zscaler and CrowdStrike. Although I am not fully aware of recent updates, more cross-platform integration would be valuable. A SOC analyst would like to have centralized access in terms of information flowing in even for privileged access management. They would like to have control over everything instead of opening four to five tabs for different sorts of information. Cross-platform integration would help with that. Customers also want CyberArk's pricing to be better so that they can implement it further and have more licenses. Implementing a privileged access management solution can be challenging. It would be great if CyberArk could provide recommendations based on the compliance standards of an organization. It would help system admins ensure that all the required ports are closed and the systems are being managed properly. If any system is not being used anymore, any ports opened for that system need to be closed. Having such recommendations would be helpful.

Read full review

Avinash Gopu.

Associate VP & Cyber Security Specialist at US Bank

Effective for password rotation policies triggered by audit requirements, it helps maintain compliance standards and seamless integration with third-party tools

The "App to App" feature has been most impactful. It allows secure communication between applications without requiring direct user access, which is crucial for several applications. Additionally, working in the finance department, we are heavily focused on enhancing audit reporting and compliance. So, the GRC (Governance, Risk & Compliance) capabilities of Delinea Secret Server have also been crucial for us. We implemented a custom reporting system that can automatically send reports to auditors daily, weekly, or according to your organization's needs. We also upgraded the audit role within Secret Server, allowing auditors to access and analyze the reports directly. Additionally, Secret Server provides comprehensive logging capabilities. Auditors can see what data users access, their access levels, and their activities, including check-in and check-out times. Furthermore, Secret Server helped us manage privileged, elevated access, which we call "K2K." As the lead for this project, I could identify users with the highest access levels and implement specific policies to monitor their activity on servers.

Read full review

AKASHGUPTA3

Credit Analyst at Standard Chartered Bank

Easy to manage and maintain the password API but stability could be improved

I would advise doing a Proof of Concept first and then deciding accordingly because your use case might be simple. You can try out AWS Key Management or Azure Key Vault. They are different products. Do the POC and then decide what you need. Overall, I would rate the solution a six out of ten. No solution is a ten in my opinion.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"We like it for the ability to automatically change passwords. At least for my group, that's the best thing."

"Allows secure, logged access to highly sensitive servers and services."

"On the EBB user side, we were able to secure all the server root passwords and admin for Windows. This was a big win for us."

"The most valuable feature of CyberArk Privileged Access Manager is privileged threat analytics."

"The password management feature is valuable."

"Technical support has been very responsive in navigating challenges. It is very easy to open a ticket."

"CyberArk Privileged Access Manager’s ability to safeguard credentials for our organization is very important because it helps in managing the keys to the kingdom, especially the privileged access for various platforms."

"The most valuable feature of the solution is session recording."

More CyberArk Privileged Access Manager pros

"One of the features I find most valuable is workflow, which allows you to configure the solution to have multiple approvals."

"Its technical support is good."

"The initial setup of Delinea Secret Server is straightforward and easy for development purposes."

"I like that it is Windows-based. It is good that primarily, it is not an appliance. Some of the other applications in the space, such as a Quest Software CPAM or a Safeguard, are appliances, so you can't deploy the ends of them. With Thycotic, you can either install your Temporal Protection module physically in the VM host, or you can use BouncyCastle for high-security module capabilities."

"I have found most valuable the automatic scheduled password rotation and remote desktop monitoring. Additionally, the documentation is readily available and easy to find and the dashboard is straightforward."

"The secret template, password rotation, and recording sessions are the most valuable."

"The privileged access management, which is the Safe Access Model is the most valuable feature."

"The GUI interface is well-designed and user-friendly."

More Delinea Secret Server pros

"The solution is stable. It has been working perfectly without any problem."

"The tool's dynamic rotation of the password credentials is good."

"We use the solution for secret management."

"It is an added value for our customers to have a Secrets Management workflow available that is PaaS/CaaS/KaaS Platform agnostic."

"The most valuable feature of HashiCorp Vault is version control."

"The interface is very simple to navigate."

"We were using it because we have compliance requirements around secret management. Having a secure vault and encrypting data was an additional requirement. When we looked at it first, we were just looking for a vault, like a lockbox. The greatest benefit of HashiCorp is its ability to manage encryption on the fly. It provides encryption of data at rest, in use, in transit, on the fly, and linked with applications, which was really attractive."

"For me, the most valuable features include that it's easy to manage and maintain the password API for retrieving passwords and other things."

More HashiCorp Vault pros

Cons

"We found a lot of errors during the initial setup. They should work to improve the implementation experience and to remove errors from the process."

"CyberArk PAM could greatly benefit from an under-the-hood update; integrating machine learning algorithms could provide predictive insights."

"CyberArk Enterprise Password Vault's GUI has certain shortcomings that need improvement."

"CyberArk definitely needs to improve user experience and reduce complexity."

"Performance of PIM could be better and intended for usability as well as security."

"The only problem involves granting access to people who are authorized to view it."

"Make it easier to deploy."

"Currently, in Secure Connect, an end user is required to enter account information manually, and cannot save any of this information for future use."

More CyberArk Privileged Access Manager cons

"There could be tweaks here and there. For example, instead of going to one main function to do this and another main function to do that, the solution could remap the user interface so that a person only has to go through one function. The way that function branches off should make a bit more sense."

"They could improve the container platform and SPO."

"The setup for this solution is complex. I'm not going to lie, you need a specialized system security engineer to deploy it."

"I formerly used only one service: the remote server. For example, I connected to the Active Directory user and the computer's console. But now, I need to do a remote connection to the domain controller. Maybe it only connects to that tool, the Active Directory users, and the computer management console, but not to the domain controller. Another thing Delinea could add is multi-factor authentication."

"Documentation could be improved if they were to include more about connectors. There is not enough documentation."

"When Delinea upgrades the tool, it rejects our password, saying that it is not compliant and strong."

"Delinea Secret Server needs to improve its reporting."

"When working with larger enterprises Thycotic Secret Server becomes a little cumbersome to work with because they do not allow as much flexibility as some of the other competitors, such as CyberArk. Thycotic Secret Server could improve by being more flexible when it comes to customization, and increase the number of API integrations."

More Delinea Secret Server cons

"In terms of features, the only thing that I found a little bit hinky was that there was no revocation or deletion on the model we were using. Once in a financial year, a client interacts, and you pay for that client for the year. So, there are just little things like that in the pricing. There should be more clarity around the end of the key. I know there is no system like this. They all are the same. I tested Microsoft, Google, and some others, and none of them really want you to delete a key, which makes sense. You delete a key, and you lose everything that it has wrapped or encrypted, but it's actually just a language. Deletion isn't really deletion. It's really revocation, but overall, HashiCorp Vault ticked all the boxes for us, and I couldn't fault it."

"I don't think there are any major improvements required—so far, so good. However, I think that having more training materials, such as videos, and documentation available would be helpful. I would prefer to have more videos available either on the official site or on YouTube."

"We could use more documentation, primarily to do with integrations."

"An improvement needed is the ability for auto-initialization. There should be an inbuilt option for automatic initialization rather than running it manually."

"In my opinion, HashiCorp Vault could improve its user interface. Right now, they don't offer much in terms of a graphical interface, which means you usually have to manage things manually through API calls. I think CyberArk has a better approach because it provides a UI that integrates features across all its components, making it easier, especially for new users or those from organizations with strict licensing policies."

"There could be a plugin for the database to change the secret automatically. It would be an efficient feature for password security."

"An improvement needed is the ability for auto-initialization."

"A drawback for some clients who have to be PCI compliant is that they still need to use and subscribe to an HSM (Hardware Security Module) solution."

More HashiCorp Vault cons

Pricing and Cost Advice

"Generally, I don't get involved in the licensing or the purchasing side of it, but I do know that the licenses are expensive."

"There are additional features added to our CyberArk Privileged Access Manager license. For example, features that allow us to integrate into various kinds of platforms."

"CyberArk DNA is free if you purchase the CyberArk solution. There is no additional charge for CyberArk DNA, which is great."

"Its price can be reduced."

"This solution is expensive."

"The price of CyberArk Privileged Access Manager is expensive. There are no other fees other than the standard licensing fees."

"Overall, its pricing is really good. The main difference from all the other vendors is that they have one package that covers all the functionality and modules of the basic PAM, except the add-on modules like adware and server protection. It also doesn't include the licenses for domain controller protection or maybe an API call-related feature. For the basic privileged access management, the bundle pricing is really good, but when it comes to an agent-based solution for advanced cyber protection or application identity managers, it is expensive. Services are also very expensive if you hire the services team from CyberArk, but these guys are really good. For a couple of large banking projects, we had an experience with them. The banks wanted to have things quickly and efficiently, so we had to hire them. If we take four weeks, these guys can do everything on a weekend. They charge quite a big sum of money, but they know the system well."

"CyberArk is very expensive and there are additional fees for add-ons."

More CyberArk Privileged Access Manager pricing and cost advice

"Pricing is comparable to competing products."

"I would give the price a four on a scale from one to ten, with one being the cheapest and ten being the most expensive. We pay for the license on a yearly basis, and we paid for three years. It costs around 5000 a year."

"I would rate the pricing a six out of ten, with ten being a high price."

"There is an annual license fee per user and the price is fair."

"The solution is low-cost than other vendors."

"They are priced quite well."

"In the Nigerian market, the adoption of Delinea depends largely on an organization's budget. If they have the financial capacity, they might consider Delinea as a viable option."

"Secret Server is expensive when compared to the cost to some alternatives."

More Delinea Secret Server pricing and cost advice

"The product is expensive."

"It could do everything we wanted it to do and it is brilliant, but it is super pricey. To be fair to HashiCorp, we drove the price up with our requirements around resiliency. Because of the nature of our company, we don't really operate in the cloud."

"The solution's cost is reasonable."

"In my case, the open-source version works well. It's advisable for small to medium-scale organizations, but for large-scale organizations, you should go with the enterprise version."

"The AWS version is much cheaper than HashiCorp Vault."

"I am using the open-source version of Vault and I would have to buy a license if I want to get support."

See which vendors are best for you

Use our free recommendation engine to learn which Enterprise Password Managers solutions are best for your needs.

See recommendations

854,338 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

32%

Financial Services Firm

12%

Computer Software Company

12%

Manufacturing Company

Educational Organization

29%

Computer Software Company

11%

Financial Services Firm

Government

Financial Services Firm

20%

Computer Software Company

14%

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

How does Sailpoint IdentityIQ compare with CyberArk PAM?

We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to m...

See all answers

What do you like most about CyberArk Privileged Access Manager?

The most valuable features of the solution are control and analytics.

See all answers

What is your experience regarding pricing and costs for CyberArk Privileged Access Manager?

The pricing for CyberArk Privileged Access Manager is quite expensive, and the pricing varies from region to region. ...

See all answers

Looking for recommendations and a pros/cons template for software to detect insider threats

This is an inside-out --- outside-in --- inside-in question, as an insider can be an outsider as well. There is no sh...

See all answers

What do you like most about Delinea Secret Server?

The privileged access management module is the most reliable feature.

See all answers

What needs improvement with Delinea Secret Server?

The integration with the ticketing system ServiceNow is complex. That can be enabled with an API-based out-of-the-box...

See all answers

Which is better - HashiCorp Vault or AWS Secrets Manager?

HashiCorp Vault was designed with your needs in mind. One of the features that makes this evident is its ability to w...

See all answers

What do you like most about HashiCorp Vault?

The feature I find most beneficial in HashiCorp Vault is the secret engine. It integrates smoothly with many applicat...

See all answers

What is your experience regarding pricing and costs for HashiCorp Vault?

If I were to set it up in AWS Secret Management, I would have to manage it, pay, and create secrets without being clo...

See all answers

Comparisons

Microsoft Entra ID vs CyberArk Privileged Access Manager

Compared 9% of the time

WALLIX Bastion vs CyberArk Privileged Access Manager

Compared 6% of the time

Cisco Identity Services Engine (ISE) vs CyberArk Privileged Access Manager

Compared 5% of the time

Bitwarden vs CyberArk Privileged Access Manager

Compared 4% of the time

Keeper vs CyberArk Privileged Access Manager

Compared 2% of the time

More CyberArk Privileged Access Manager Competitors

Azure Key Vault vs Delinea Secret Server

Compared 8% of the time

BeyondTrust Password Safe vs Delinea Secret Server

Compared 7% of the time

AWS Secrets Manager vs Delinea Secret Server

Compared 7% of the time

BeyondTrust Privileged Remote Access vs Delinea Secret Server

Compared 5% of the time

1Password vs Delinea Secret Server

Compared 5% of the time

More Delinea Secret Server Competitors

Bitwarden vs HashiCorp Vault

Compared 25% of the time

AWS Secrets Manager vs HashiCorp Vault

Compared 18% of the time

Keeper vs HashiCorp Vault

Compared 11% of the time

Azure Key Vault vs HashiCorp Vault

Compared 10% of the time

BeyondTrust Password Safe vs HashiCorp Vault

Compared 3% of the time

More HashiCorp Vault Competitors

Product Reports

Buyer's Guide

CyberArk Privileged Access Manager

May 2025

CyberArk Privileged Access Manager report

Download CyberArk Privileged Access Manager product report

Buyer's Guide

Delinea Secret Server

May 2025

Download Delinea Secret Server product report

Buyer's Guide

HashiCorp Vault

May 2025

Download HashiCorp Vault product report

Also Known As

CyberArk Privileged Access Security, CyberArk Enterprise Password Vault

Thycotic Secret Server, Delinea Password Reset Server

No data available

Overview

CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.

CyberArk Privileged Access Manager possesses a simplified and unified user interface. Users are able to manage the solution from one place. The UI allows users to view and manage all of the information and controls that administrators need to be able to easily access. Very often, management UIs do not have all of the controls and information streamlined in a single location. This platform provides a level of visibility that ensures users will be able to view all of their system’s most critical information at any time that they wish.

Benefits of CyberArk Privileged Access Manager

Some of CyberArk Privileged Access Manager’s benefits include:

The ability to manage IDs and permissions across a cloud environment. In a world where being able to work remotely is becoming increasingly important, CyberArk Privileged Access Manager is a very valuable tool. Administrators do not need to worry about infrastructure security when they are away from the office. They can assign and manage security credentials from anywhere in the world.
The ability to manage the program from a single centralized UI. CyberArk Privileged Access Manager’s UI contains all of the system controls and information. Users now have the ability to view and use all of their system’s most critical information and controls from one place.
The ability to automate user management tasks. Administrators can save valuable time by assigning certain management tasks to be fulfilled by the system itself. Users can now reserve their time for tasks that are most pressing. It can also allow for the system to simplify the management process by having the platform perform the most complex functions.

Reviews from Real Users

CyberArk Privileged Access Manager’s software stands out among its competitors for one very fundamental reason. CyberArk Privileged Access Manager is an all-in-one solution. Users are given the ability to accomplish with a single platform what might usually only be accomplished with multiple solutions.

PeerSpot users note the truly all-in-one nature of this solution. Mateusz K., IT Manager at a financial services firm, wrote, "It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."

Hichem T.-B., CDO & Co-Founder at ELYTIK, noted that “This is a complete solution that can detect cyber attacks well. I have found the proxy features most valuable for fast password web access.”

CyberArk

Secret Server is a fully-featured Privileged Access Management (PAM) solution available both on premise and in the cloud. It empowers security and IT ops teams to secure and manage all types of privileged accounts and offers the fastest time to value of any PAM solution.

Delinea

HashiCorp Vault is a cloud-agnostic solution used for security and secret management. Its valuable features include integration with other HashiCorp tools, token sharing, open source nature, cloud agnosticism, and on-the-fly encryption management.

The solution provides encryption of data at rest, in use, in transit, on the fly, and linked with applications. It is free to use, and the interface is simple to navigate. HashiCorp Vault has helped organizations with its multiple authentication methods and RESTful API.

HashiCorp Vault Features

Data encryption: The solution is capable of encrypting and decrypting data, and will not store it. Organizations’ security personnel define their own encryption protocols; developers can store the encrypted data where they choose and are not obligated to design specific encryption processes.
Robust secrets: For systems such as AWS or SQL databases, Vault is able to generate secrets automatically. HashiCorp Vault is able to generate AWS keypairs with all the appropriate permissions when necessary, and when the approved time expires, will nullify them.
Secure secret storage: Any type of value or key secrets can be stored in the Vault. The Vault automatically encrypts the desired secrets before recording them into persistent storage, keeping them safe and secure. Users can record data using HCP Vault’s Consul service or disk, or choose from other options.
Nullification: Vault is able to nullify single secrets or all secrets from a particular group or specific user. This process is integral in securing systems in the event of an attack or inappropriate access.

Reviews from Real Users

“The greatest benefit of HashiCorp is its ability to manage encryption on the fly. It provides encryption of data at rest, in use, in transit, on the fly, and linked with applications, which was really attractive. The lifecycle of a key is so easy to manage in terms of rotating, revoking, and issuing. They have different auth methods, and I tried all different auth methods. It is seamless.”- Project Manager at a comms service provider.

“The most valuable feature of HashiCorp Vault is that it's an open source solution. Second, it's cloud-agnostic, so it's very easy to maintain and control, which is why we prefer HashiCorp. “ - Mohamed A., Lead DevOps Engineer at Etisalat.

HashiCorp

Sample Customers

Rockwell Automation

Secure-24, University of San Diego, International Rescue Committee, San Francisco Ballet, Perkins Coie, University of San Diego, D.S.S. Limited, Turbo's Hoet, Eclipse Computing, Cathay Bank, Stellarise, J&R Consulting

Adobe, SAP Ariba, Citadel, Spaceflight, Cruise

Buyer's Guide

Enterprise Password Managers

May 2025

Download Free Report

Find out what your peers are saying about Microsoft, CyberArk, Amazon Web Services (AWS) and others in Enterprise Password Managers. Updated: May 2025.

DOWNLOAD NOW

854,338 professionals have used our research since 2012.