Use cases

Vault provides a variety of options for leveraging Kubernetes to securely introduce secrets into applications and infrastructure. Instead of sharing credentials and tokens across pods and services, Vault allows each service to uniquely authenticate and request its own unique credentials.

Database secrets engine lets organizations automatically rotate passwords for existing database users. This makes it easy to integrate existing applications with Vault and leverage the database secrets engine for better secrets management.

Vault's PKI secrets engine can dynamically generate X.509 certificates on demand. This allows services to acquire certificates without going through the usual manual process of generating a private key and certificate signing request (CSR), submitting to a certificate authority (CA), and then waiting for the verification and signing process to complete.

Vault’s various data protection capabilities are designed to satisfy a full range of security and usability needs such as providing traditional data encryption, format preserving encryption (FPE), data masking, data tokenization, centralized key management, and much more to simplify protecting data in transit and at rest across clouds and datacenters.

The key management secrets engine allows organizations to simplify the lifecycle management of keys that Vault has distributed and maintains centralized control of those keys in Vault, while still taking advantage of cryptographic capabilities native to the KMS providers like AWS KMS, Microsoft Azure Key Vault, and Google Cloud KMS.