Textbook of Linux

Dr Chris Paton

← Software

HashiCorp Vault

A tool for secrets management.

HashiCorp Vault logo

Vault stores and tightly controls access to secrets such as API keys, passwords, certificates, and database credentials. The data path is encrypted with a master key that is split using Shamir's Secret Sharing, which means unsealing a Vault server requires several key shards held by different operators.

Vault's distinctive feature is dynamic secrets: instead of storing a long-lived database password and rotating it periodically, applications request a short-lived credential from Vault, which provisions one in the database, hands it back, and revokes it after a TTL. The same model applies to AWS IAM credentials, SSH session certificates, PKI certificates, and many other backends.

HashiCorp's licence change in 2023 from MPL-2.0 to BSL-1.1 prompted the OpenBao fork under the Linux Foundation, which continues the original MPL-licensed direction. Vault remains the dominant secrets-management server in HashiCorp-aligned environments, and OpenBao is gaining traction in organisations that need a clearly open-source licence.

License: BSL-1.1 (Vault 1.15+)

Category: Security

Website: https://www.vaultproject.io/

Install

Debian/Ubuntu: sudo apt install vault   # via HashiCorp APT repo
Fedora/RHEL:   sudo dnf install vault
Arch:          sudo pacman -S vault
macOS:         brew install vault

Authors

  • HashiCorp
  • Vault contributors
PreviousHAProxy NextHaskell

This site is currently in Beta. Contact: Chris Paton

Textbook of AI · Textbook of Usability · Textbook of Digital Health

Auckland Maths and Science Tutoring