Automate and secure access to secrets, data, and systems across your network

Vault helps platform and security teams eliminate secrets sprawl by centrally storing, accessing, rotating, and distributing dynamic secrets such as tokens, passwords, certificates, and encryption keys. By centralizing secrets management workflows users can increase security across their environment and reduce operational overhead. With secrets management from Vault, organizations can:  

• Securely inject secrets into applications

• Sync secrets workflows across Kubernetes, databases, and cloud providers

• Set expiration policies and automate rotation workflows for secrets

For customers interested in quickly standing up secrets management in a SaaS environment, check out HCP Vault Secrets, now in beta

Vault's PKI secrets engine can dynamically generate X.509 certificates on demand. This allows services to acquire certificates without the manual process of generating a private key and Certificate Signing Request (CSR), submitting to a Certificate Authority (CA), and then waiting for the verification and signing process to complete. With Vault’s certificate management capability organizations can: 

• Keep TTLs relatively short and reduce the need for revocations 

• Easily scale to support large workloads 

• Allow each running application to have a unique certificate eliminating sharing, revocation, and rollover

Vault enables organizations to maintain centralized control, consistent distribution workflow, and full lifecycle management of cryptographic keys while still taking advantage of cryptographic capabilities native to key management service providers (KMS). With key management from Vault organizations can: 

• Use public cloud KMS providers  (AWS KMS, Azure Key Vault, and GCP Cloud KMS)

• Take advantage of the additional durability and disaster recovery for the complete lifecycle of the key

• Securely transfer key material in accordance with the key import specification

Vault can help protect data in-transit and at rest by centrally managing and automating encryption keys such as cloud KMS or act as a KMIP server to clients that retrieve cryptographic keys via the KMIP protocol, or as a Software Security Module to safeguard the management of keys. With data protection from Vault organizations can: 

• Take advantage of Vault’s Encryption as a Service (EaaS) so even if intrusion occurs raw data is never exposed 

• Reduce costs around expensive Hardware Security Modules (HSM) 

• Access FIPS 140-2 and Cryptographic compliance to ensure critical security parameters are compliantly met