HashiCorp Vault is the standard for secrets management in production infrastructure and the answer to the question 'where do database credentials, API keys, and TLS certificates live?' The BSL license change affects Vault as well as Terraform, but the community OpenBao fork is gaining adoption. Vault's killer features: dynamic secrets (it generates database credentials on-demand with automatic expiry, so credentials are never static or long-lived), PKI management (it can be your internal CA), and the audit log (every secret access is logged immutably). The most common misconfiguration: using Vault's root token in production. The correct pattern uses AppRole or Kubernetes auth methods for service-to-service secret access.
Comments on "Vault (HashiCorp)"
Create a free account or sign in to join the discussion.
Sign in to join the conversation