How Vault Encrypts Application Data During Transit and at Rest

Companies today are adopting the cloud and looking for ways to accelerate application delivery. These migrations can often times create challenges for organizations around data privacy and secrets management, since distributed applications and infrastructure need to share and transmit data between different components and layers. Considering these components might live in different datacenters or even different clouds, the task of securing application data and communication becomes even more complicated and important.

HashiCorp Vault focuses on keeping application data secure across distributed infrastructure. Vault achieves this by tightly controlling access and exposure to organization's secrets, such as API keys, passwords, certificates, and more. Vault acts as pass-through for users that want to encrypt application data but not necessarily store the values in Vault. Vault also takes secrets management and data encryption an important step further: it encrypts the data during transit and at rest, giving users increased security throughout the lifecycle of the data. While Vault inherently provides users the ability to store data securely, it also exposes that ability to encrypt data during transit, as a service. Vault’s Encryption as a Service (EaaS) or Secrets as a Service, can encrypt the data during transit and return the encrypted data to applications. This is particularly useful for web applications that don’t need to store the data over time, such as single-page web apps, or applications that use different data stores (e.g. databases, etc.).

How it works

Sign up for the latest HashiCorp news