Secrets management, encryption as a service, and privileged access management
- Stars35.8k
- Forks4.7k
- Open Issues1.5k
Other
- Go
- JavaScript
- TypeScript
About HashiCorp Vault
Vault is a tool for securely accessing secrets such as API keys, passwords, and certificates. It provides a unified interface to secrets, tight access control, detailed audit logs, and encryption as a service for data you need to protect.
It stores arbitrary key value pairs, encrypts data before writing it to persistent storage, and can write to disk, Consul, and more. Vault also generates dynamic secrets on demand, supports leasing and renewal, and can revoke single secrets or a tree of secrets. It can encrypt and decrypt data without storing it.
Vault is built by HashiCorp for self-hosted use and ships official API and SDK libraries for integration. It runs as a server backed by persistent storage and exposes both a web UI and a command line client. Access is governed by tight policy controls, and every request can be captured in detailed audit logs.
Key features
- Store arbitrary key value secrets with encryption before persistence
- Generate dynamic secrets for systems like AWS and SQL databases
- Lease, renew, and revoke secrets automatically
- Encrypt and decrypt data without storing it
- Record detailed audit logs and enforce tight access control
Details
- First released
- 2015
- Self-hosting
- Persistent storage backends
- Storage
- Disk · Consul · more
- Capabilities
- Secrets, encryption, PAM
- Governance
- Maintained by HashiCorp
- Platforms
- Web · Docker