HashiCorp Vault Reviews

We use HashiCorp Vault for managing secrets.

One of our use cases for managing secrets with HashiCorp Vault is an LLM use case where we utilize the KV Vault, which is our primary use case, as well as the KV secret engine for storing our static secrets. This is one of the most common use cases, but besides this, we also use other secret engines, such as the LDAP secret engine to remediate some of the issues concerning service accounts.

One of the important things about our main use cases for HashiCorp Vault is that it scales well compared to other secret solutions we were using, such as Google Secret Manager. We ran into scaling issues with those solutions, but with HashiCorp Vault, we can scale well and it serves our use cases better than Secret Manager for our company.

The specific features that stand out to me in HashiCorp Vault are audit logging, which works well, the dynamic secret functionality, which is also pretty good, and the high availability and stability of the service.

HashiCorp Vault has positively impacted our organization by providing a central way to manage all the secrets.

A positive impact from using HashiCorp Vault is that we now have a central way of managing all the secrets and we are using HashiCorp Vault as the go-to service for secrets management.

While not a missing feature, I feel that the enterprise license is expensive, especially for some of the smaller use cases.

If HashiCorp could simplify the license model and move away from the client-based license usage to something simpler, then I would definitely give it a ten.

I have been using HashiCorp Vault for the last four years.

From an integration point of view, HashiCorp Vault integrates well with some of our use cases, especially with the authentication methods.

Having a central way to manage all our secrets has helped us by making it easier to manage them, as we do not have to worry about rotating the secrets since they are in a single place. This single place for managing secrets simplifies the rotation process.

I was not directly involved with the procurement of the contract agreement, but we do find it hard to justify the cost to the end-users. I would rate this product eight out of ten.

HashiCorp Vault is used mainly to store secrets and for dynamic injection, primarily for all microservices exclusively in the Kubernetes field.

Microservices are deployed as Kubernetes pods, and the pods need to access secrets. Kubernetes secrets cannot be relied upon as anyone can decode them. HashiCorp Vault is used to store all the secrets, and the pod accesses HashiCorp Vault using a service account. The secrets are dynamically injected whenever there is a requirement.

Both the open-source and enterprise versions of HashiCorp Vault are used to handle all secrets as a secrets manager. HashiCorp Vault has been integrated with Terraform and Consul for some POCs.

HashiCorp Vault offers excellent features including secrets management, secret rotation, and managing all types of secrets. The product is cloud-agnostic.

The secret rotation feature falls under the audit policy. Managing audits requires rotating secrets on a respective basis. HashiCorp Vault is used to perform secret rotation automatically, which has made the work significantly easier.

HashiCorp Vault has reduced the workload regarding rotating secrets and securely managing them. Only people who have access can retrieve the secrets.

The current setup is good as is.

HashiCorp Vault has been used for the past eight years.

HashiCorp Vault's scalability is based on the on-premises setup that is in place.

The customer support for HashiCorp Vault is good.

AWS Secrets Manager was used previously, but the switch was made to HashiCorp Vault.

The main reason for switching from AWS Secrets Manager to HashiCorp Vault was to manage cloud-agnostic solutions.

The recommendation to others looking into using HashiCorp Vault is to follow the documentation clearly and also the best practices mentioned in the documentation site. HashiCorp Vault is a good product. This review has been given a rating of 9.

My primary use case for HashiCorp Vault is secret management. I keep my secrets away from the cluster in Vault, which acts as my secret manager. I remotely ingest with the help of Vaulting into the cluster.

The most valuable feature of HashiCorp Vault is version control. Whenever I change any secret, I am unable to edit it; I have to create a new version, which maintains a history. Additionally, Vault keeps my secrets safe and encrypted. The integration capabilities with Kubernetes are efficient, making it easy to detect.

An improvement needed is the ability for auto-initialization. There should be an inbuilt option for automatic initialization rather than running it manually.

I have been using HashiCorp Vault for more than two years.

I find Vault stable. There have been no challenges related to its stability.

I have not tried to scale Vault. As of now, there have been no issues regarding scalability.

I have not required customer service or technical support from HashiCorp, as I am using the open-source solution, and solutions are available online.

Neutral

I did not have any other secret management solution in place before using HashiCorp Vault.

The initial setup was straightforward. I used the available documentation from HashiCorp, and it guided me efficiently through the process.

If I were to set it up in AWS Secret Management, I would have to manage it, pay, and create secrets without being cloud agnostic. The advantage with Vault is that it is cloud agnostic. I can deploy it on AWS, Google Cloud, or on-premises.

I did not evaluate any other solutions before choosing HashiCorp Vault.

I would rate HashiCorp Vault eight out of ten. I would recommend anyone to use it for their secret management needs. However, if it doesn't meet their expectations, they can explore other software options, although they might not find significant differences. 

The solution's typical use case is machine-to-machine communication, particularly in environments where development teams use various tools throughout the software development lifecycle. This includes scenarios where continuous integration is crucial. For instance, developers might manage various microservices or DNS services that frequently change. The solution facilitates secure and seamless authentication and integration of services, making it easier to manage service accounts and passwords. 

The feature I find most beneficial in HashiCorp Vault is the secret engine. It integrates smoothly with many applications, making it easy to set up and implement quickly. This allows you to test it easily and see good results rapidly. When you integrate an internal API or application, it quickly manages that application's secrets. 

The access management feature in HashiCorp is great, especially if you are considering situations where users are getting onboarded. They can manage their passwords themselves, and it integrates well with Active Directory or any other directory services. This is particularly useful for user management and applications that communicate with each other without human intervention.

In my opinion, HashiCorp Vault could improve its user interface. Right now, they don't offer much in terms of a graphical interface, which means you usually have to manage things manually through API calls. I think CyberArk has a better approach because it provides a UI that integrates features across all its components, making it easier, especially for new users or those from organizations with strict licensing policies. 

I have been working with the product for five years. 

I would rate the tool's performance a seven out of ten. While the setup process is quick, some limitations exist, such as the lack of a user-friendly UI and access control features compared to other solutions like CyberArk. Its stability is generally fine, especially for machine-to-machine communication. However, there may be some issues when scaling out to different regions.

I rate the tool's scalability an eight out of ten. 

The product's technical support is good. 

Setting up HashiCorp Vault is pretty easy and quick. It only takes about 30 minutes to install, and you can begin configuring your credentials and working with it. Regarding integration, I would rate the initial setup experience a nine out of ten.

I would rate the overall solution an eight out of ten. 

We use it for password management.

For me, the most valuable features include that it's easy to manage and maintain the password API for retrieving passwords and other things.

There is room for improvement in stability.

We have been using HashiCorp Vault, specifically SecureGuard, for a long period of time. So, we have been using this solution for over ten years.

I would rate the stability a six out of ten. There are some bugs and glitches. We are in touch with the vendor to resolve them.

I would rate the scalability a seven out of ten. 

Most of our company's automation, application security, and other teams use this solution.

I would rate my experience with the initial setup a seven out of ten, where one is difficult and ten is easy to set up.

The deployment took a few days. We also had to do a POC. Overall, it's not very complex. It depends on the use case and how you want to apply it.

Security is good, and pricing is also competitive. I would rate the solution's pricing a six out of ten, where one is low and ten is high. 

We use both Azure Key Vault and HashiCorp Vault.

I would advise doing a Proof of Concept first and then deciding accordingly because your use case might be simple. You can try out AWS Key Management or Azure Key Vault. They are different products. Do the POC and then decide what you need.

Overall, I would rate the solution a six out of ten. No solution is a ten in my opinion.

We use the solution for secret management. 

The product needs to improve its customization. It should be also more like easy to plug and play. 

I have been working with the product for three years. 

I would rate the product an eight out of ten. 

I currently push secret data to our target namespaces. Before joining the company, I managed everything in HashiCorp Vault, but now I'm just a consumer.

We use it to store service principal credentials for Azure provisioning. 

Before provisioning things in Azure, we use HashiCorp Vault to store service principal credentials—passwords and such. Then, we can identify if a user is authorized to provision resources. 

If not, the blueprint will throw an error saying the user isn't authorized to provision or spin up resources in Azure. Same thing with other components, except for the applications themselves. We don't store credentials for those.

On the replication side, in a high-availability setup in multiple Vault instances, secret data is accessible by other resources. Each user or technical user has their own token, and there are different tokens for dev, test, QA, and product environments. It meets all three-point authentication, authorization, and access control requirements.

The ability to store secret credentials and create policies using API calls, like allowing specific users to access certain data only after authentication. That's the strongest point for our use case.

The onboarding is a challenge. It should be more self-service, but it involves reviews and approvals.

I have been working with this solution for one year. I primarily use CLI execution.

It's stable. I would rate the stability a nine out of ten. Sometimes the issues are intermittent, but there are a lot of factors. Especially if the instances are running on-premises. 

It could be a network latency issue between your cloud provider and the on-premises environment. That's why it's intermittent. You cannot do anything in your cloud.

But if you run it on Kubernetes, you can easily scale it. We use it 24/7, as it's a critical storage for data. There are thousands of people using it. 

Basically, if Vault is down, you cannot work with the cloud synchronously. That's how critical it is.

I've never used an enterprise setup, so my experience is with the open-source HashiCorp Vault. I don't maintain it; I only use it when I have the opportunity.

The documentation is easy to follow. 

We're only using HashiCorp Vault, no other products.

The process is quite easy. You install the Vault CLI, communicate with your Vault URL, and enter secret data from the CLI, application side, or technical users executing the label.

Installation is easy because there's a containerized image, but onboarding is a manual process involving documentation. For example, a new project team needs a unique number, fills out a form, and then can use the Vault instance.

Overall, I would rate my experience an eight out of ten, where one is difficult and ten is easy because the onboarding is a challenge. It should be more self-service, but it involves reviews and approvals.

The deployment itself is easy and fast. It took me a minute to deploy HashiCorp. I used a container image, set it up manually, made sure the URL and DNS were set up, and shared it with the project team. They can access it via the Vault client from Windows or Linux machines.

Deployment can be done by two or three people. They could be DevOps, system engineers, or security engineers.

Only a few people are usually required for maintenance of HashiCorp Vault, but it depends on the size of the data, especially the secrets being stored in the vault. So, only a small group of people, five to six, can maintain it.

The enterprise version would require considering factors like the level of support needed, the amount of secret data being stored, and replication needs. 

But in my case, the open-source version works well. It's advisable for small to medium-scale organizations, but for large-scale organizations, you should go with the enterprise version.

Vault is the standard. However, there are other vaults. For example, in Azure, they have Azure Key Vault. But the main decision factor is always, "Can I integrate it into my existing landscape?" Because once you use Azure Key Vault, you need a cloud subscription. 

Whereas with HashiCorp Vault, I can spin up an instance on-premises and integrate it with other cloud providers without relying on other products.

The question is, what works for you in terms of interoperability? If you choose HashiCorp Vault, Azure Key Vault, or another product, the de facto standard is really HashiCorp Vault. It's certified, so it's better to go with that and check on both.

Go for it! It's essential for adopting a zero-trust architecture, especially in hybrid setups combining multiple cloud providers with on-premises infrastructure. You should have a centralized location for your secret data, not storing it in files that could be accidentally uploaded to versioning tools like Git. Hardcoded credentials are a no-go. Centralize with a solution like HashiCorp Vault.

Overall, I would rate the solution a ten out of ten. 

The product is free and easy to use. It is well documented with an easy implementation process.

There could be a plugin for the database to change the secret automatically. It would be an efficient feature for password security.

We have been using HashiCorp Vault for three years.

We have more than 500 HashiCorp Vault users in our organization. 

We have used CyberArk before. In comparison, HashiCorp Vault has detailed documentation and is easy to use.

I rate HashiCorp Vault a nine out of ten. It is a good product and doesn’t necessarily require using TerraForm for cloud infrastructure.