Secrets management
Centrally store, access, and deploy secrets across applications, systems, and infrastructure.
Manage secrets and protect sensitive data with Vault
Secure, store, and tightly control access to tokens, passwords, certificates, and encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.
Identity-based security
Vault brokers and deeply integrates with trusted identities to automate access to secrets, data, and systems.
Application and machine identity
Secure applications and systems with machine identity and automate credential issuance, rotation, and more. Enable attestation of application and workload identity, using Vault as the trusted authority.
User identity with Vault
Leverage trusted identity platforms you use everyday to secure, store, and access credentials and resources.
How Vault works
Vault tightly controls access to secrets and encryption keys by authenticating against trusted sources of identity such as Active Directory, LDAP, Kubernetes, CloudFoundry, and cloud platforms.
Armon Dadgar
Co-founder & CTO
Common use cases for Vault
Dynamic secrets
A dynamic secret is generated on demand and is unique to a client, instead of a static secret, which is defined ahead of time and shared.
Kubernetes secrets
Install Vault using a Helm chart and then leverage Vault and Kubernetes to securely inject secrets into your application stack.
Database credential rotation
Automatically rotate database passwords with Vault's database secrets engine.
Automated PKI infrastructure
Use Vault to quickly create X.509 certificates on demand and reduce the manual overhead.
Identity-based access
Authenticate and access different clouds, systems, and endpoints using trusted identities.
Data encryption and tokenization
Keep application data secure with one centralized workflow for data that resides in untrusted or semi-trusted systems outside of Vault.
Key management
Use a standardized workflow for distribution and lifecycle management across KMS providers.
Vault in practice
The best way to understand what Vault can enable for your projects is to see it in action.
Tutorial
Secrets storage
Securely store and manage access to secrets and systems based on trusted sources of application and user identity.
Tutorial
Dynamic secrets
Generate time-based access credentials dynamically based on policies and revoke access when lease expires.
Tutorial
Automate credential rotation
Reduce risk of secret exposure by automating how long secrets live and rotating secrets across your entire fleet.
Documentation
Encryption as a service
Secure application data with one centralized workflow that resides in untrusted or semi-trusted systems outside of Vault.
Tutorial
API-driven encryption
Vault provides rich APIs to protect data, while using the state of the art in cryptography.
Tutorial
Encryption key rolling
Automatically update and rotate encryption keys without code changes, configuration updates, or re-deploys.
Customer stories
An inside look at powerful solutions from some of the world’s most innovative companies.
Get HashiCorp Certified
Level up your concepts, skills, and use cases associated with HashiCorp Vault.
Next steps
HCP Vault simplifies cloud security automation on fully managed infrastructure. Get started for free, and pay only for what you use.