Transform is part of the
Vault Enterprise Advanced Data Protection (ADP) module
, allowing for Vault to protect secrets that reside in untrusted or
semi-trusted systems outside of Vault. This includes data such as
social security numbers, credit card numbers, and other types of
compliance-regulated data that must reside within systems such as
file systems or databases for performance but must be protected in
the event of their residence system’s compromise.
Supporting both one-way (masking) and two-way transformations via
data type protection, Transform allows Vault to resolve use cases
typically addressed by tokenization, with high-performance
cryptography and the full suite of the Vault platform’s high
availability and security features.