Vault is a secrets management and data protection tool developed by HashiCorp. It provides a centralized way to store, access, and distribute secrets like API keys, passwords, certificates, and encryption keys. In cloud-native environments where secrets are everywhere, Vault has become the de facto standard for secrets management.
Vault’s dynamic secrets feature is particularly powerful — instead of storing static credentials, Vault can generate short-lived, on-demand credentials for databases, cloud providers, and other systems. When the lease expires, Vault automatically revokes the credentials, minimizing the blast radius of potential breaches.
The platform supports multiple authentication methods (LDAP, OIDC, Kubernetes, AWS IAM) and multiple storage backends. Vault also offers encryption as a service, letting applications encrypt data without managing their own encryption keys.
HashiCorp offers Vault as open-source software (now under the Business Source License), an enterprise self-managed product, and a fully managed cloud service called HCP Vault. Following IBM’s 2024 acquisition of HashiCorp, Vault remains a core product in the portfolio. It’s deployed across industries with strict compliance requirements, including financial services, healthcare, and government.
