All application data should be encrypted, but deploying cryptography and key management infrastructure is expensive, hard to develop against, and not cloud or multi-datacenter friendly.
Vault provides encryption as a service with centralized key management to simplify encrypting data in transit and at rest across clouds and datacenters.
Encrypt and decrypt application data with an HTTP (TLS) API call. Key management, encryption algorithm, and more are offloaded and centrally managed by Vault.
Update and roll new keys throughout distributed infrastructure while retaining the ability to decrypt encrypted data.
Use FIPS 140-2-certified HSMs to ensure that Critical Security Parameters are protected in a compliant fashion.
Selectively Whitelist/Blacklist and activate or deactivate mounts for Secret Mounts for replication filtering.