Riverty is a global financial services provider powering over 80 million transactions monthly across 5,000+ online shops. With a team of 250 engineers supporting millions of users, infrastructure delays and secret sprawl weren’t just technical hurdles, but real operational risks.
Rather than letting provisioning be a bottleneck, Riverty overhauled its infrastructure strategy using the HashiCorp Cloud Platform (HCP). With HCP Terraform and Vault, the company has redefined how infrastructure and security are delivered by:
- Accelerating deployment cycles
- Eliminating credential risk
- Standardizing provisioning across Azure, AWS, and Kubernetes
This blog post is based on real-world insights from Stephan Kürpick and Pavel Ozerov of Riverty. It offers a firsthand look at how hybrid cloud automation is helping financial technology leaders move faster, safer, and smarter.
» Challenge: Provisioning bottlenecks crippled delivery
Riverty’s infrastructure model relied on a central team manually provisioning environments for dozens of engineering teams across its Pay and Credit business unit. As the company scaled, so did the ticket backlog.
“Our small team can’t be the bottleneck for a large, growing organization where demands on us are increasing.”
— Stephan Kürpick, Technical Unit Lead, Pay and Credit, Riverty
At the same time, secrets management was becoming a growing liability. With credentials manually stored and rotated in Azure Key Vault, the process was prone to delays, oversights, and inconsistency, exposing the business to unnecessary risk. As the volume of infrastructure grew across teams and environments, this fragmented approach to managing secrets became increasingly challenging to govern.
Key limitations:
- Days-long wait times for provisioning environments
- Poor visibility and manual handling of secrets and certificates
- Risk of expired credentials and failed audits
- Inflexible, inconsistent infrastructure across clouds
- Limited engineering velocity in a high-availability API environment
» Solution: Fast-track modernization with Terraform and Vault
Riverty’s transformation began with a mandate:
Simplify infrastructure, secure secrets, and do it without building everything from scratch. That led them to HashiCorp.
“We wanted to quickly implement this infrastructure platform for our engineers rather than taking significant time building and customizing it ourselves.”
— Pavel Ozerov, Technical Program Manager, Riverty
» Infrastructure as code with HCP Terraform
Riverty adopted HCP Terraform to enable optimized, reusable, self-service modules that any team could use without waiting on central IT. Every infrastructure request now flows through a pull request (PR) that teams review and merge within hours, not days.
Terraform outcomes:
- 90% faster deployments (days to hours)
- 80% reduction in PR approval time
- Self-service modules aligned to compliance by default
- Built-in backup policies and configuration guardrails
“Developers don’t have to wait for a central team to provision the infrastructure for them, which previously took hours or sometimes days. Now, teams use pre-configured modules and the magic happens.”
— Pavel Ozerov
Terraform also supports infrastructure harmonization across Azure, AWS, and Kubernetes, giving Riverty flexibility without vendor lock-in.
» Securing secrets with Vault
On the security front, Riverty implemented HashiCorp Vault as a centralized system of record for all secrets, credentials, certificates, and keys. With over 430 secrets managed (150 dynamic, 285 static), Vault has eliminated expiration incidents and enabled fully auditable lifecycle management.
“Since implementing Vault, I haven’t received a single notification that a secret has expired.”
— Pavel Ozerov
Vault outcomes:
- Automatic rotation of dynamic secrets (e.g. database, RabbitMQ)
- On-demand certificate generation and revocation
- Role-based access controls enforcing least privilege
- PCI DSS-aligned workflows across environments
Vault also supports secret rotation without needing to redeploy services, saving time and reducing risk.
» Real business outcomes
Riverty’s shift to automation reshaped how the company manages secrets at scale. By embedding speed and security into their new optimized workflows, the team unlocked measurable gains in delivery velocity, efficiency, and compliance.
With Terraform and Vault, Riverty has managed to re-engineer its overall operating model:
- 90% faster deployments: Infrastructure rolled out same-day instead of multi-day cycles.
- 80% faster approvals: Pull requests reduced from days to hours.
- Hundreds of engineering hours saved: Freed to focus on strategic projects.
- Zero expired secrets: Airtight security across environments.
- Hybrid cloud consistency: Standardized provisioning across Azure, AWS, and Kubernetes.
- No vendor lock-in: Reusable modules support multi-cloud strategies.
» The road ahead: Expanding automation
For Riverty, Terraform and Vault marked the beginning of a broader modernization journey. With the core provisioning and secrets foundation in place, the company is now turning its focus to the network and the bigger picture of infrastructure efficiency.
The company is already mapping out its next phase of modernization, which includes rolling out HashiCorp Consul to bring consistency to service networking across clusters and providers, completing its cloud migration to eliminate legacy datacenter overhead, and driving infrastructure harmonization to cut costs and streamline operations.
» No trade-offs needed
For fintech leaders, the stakes are clear: Customers demand both speed and trust. Riverty’s transformation proves that these two don’t have to be trade-offs. With Terraform and Vault, the company has accelerated delivery while strengthening governance, positioning itself to keep innovating securely at scale.
» Learn more
Want to see how other fintechs are accelerating delivery while tightening security? Explore more stories like Riverty’s in our case studies collection.
Read the full Riverty case study: Compounding returns through automation