Data Encryption

Protect sensitive data with centralized key management and simple APIs for data encryption.

Protect Sensitive Data Across Clouds and Private Datacenters

The Challenge

All application data should be encrypted, but deploying cryptography and key management infrastructure is expensive, hard to develop against, and not cloud or multi-datacenter friendly.

The Solution

Vault provides encryption as a service with centralized key management to simplify encrypting data in transit and at rest across clouds and datacenters.

Encryption Features

API-driven Encryption

Encrypt and decrypt application data with an HTTP (TLS) API call. Key management, encryption algorithm, and more are offloaded and centrally managed by Vault.

Learn More

Encryption Key Rolling

Update and roll new keys throughout distributed infrastructure while retaining the ability to decrypt encrypted data.

Learn More

FIPS 140-2 & Cryptographic Compliance

Use FIPS 140-2-certified HSMs to ensure that Critical Security Parameters are protected in a compliant fashion.

Learn More

Replication Filters

Selectively Whitelist/Blacklist and activate or deactivate mounts for Secret Mounts for replication filtering.

Learn More

Vault Open Source and Enterprise Features

Learn more about data protection features with Vault Open Source and collaboration, governance, and multi-datacenter features with Vault Enterprise.