What is secrets management with HCP Vault Secrets
The transition from conventional on-premises datacenters and environments to dynamic, cloud infrastructure is complex and introduces new challenges for how organizations do security. There are more systems to manage, more endpoints to monitor, more networks to connect, and more people that need access. The potential for a breach increases significantly - becoming only a matter of time — without the right security posture.
Secrets management challenges
For secrets management, organizations typically adopt a siloed solution(s):
- An offering from a cloud service provider (CSP)
- A homegrown solution built on a combination of several services across multiple CSPs and other vendors
This can lead to a number of many challenges.
Secret sprawl
Organizations that use multiple secrets management tools increase their risk of a breach due to secret sprawl across different systems, files, and repositories. Organizations that leverage static secrets are at a higher risk of breach.
Operational overhead
Organizations that manually manage workflows for secrets management spend time managing the deployment, updates, scale, reliability, security, compliance, and support for the rest of the teams in the organization.
Capabilities to deliver security automation
As Organizations scale their secrets management workflow they will look to manage the complete lifecycle of secrets and sensitive data, requiring advanced capabilities, integrations, and support.
Solution
HCP Vault Secrets is a secrets management service that allows you keep secrets centralized while syncing secrets to platforms and tools such as CSPs, GitHub, and Vercel. Developers can quickly access secrets when and where they need them, reducing the risk and increasing efficiency.
HCP Vault Secrets is a multi-tenant SaaS offering meaning organizations do not have to run or own their own secrets management solutions. This allows you to rely on HashiCorp to manage the deployment, updates, scale, reliability, security, compliance, and support of HCP Vault Secrets.
Product | HCP Vault Secrets | HCP Vault | Vault Enterprise |
---|---|---|---|
Tenancy | Cloud multi-tenant | Cloud single-tenant | Self-hosted |
Use cases | Secrets management | Secrets management, data encryption, certificate management | Secrets management, data encryption, certificate, management, key management, transform/tokenization |
Concepts
- App: An app represents a set of isolated secrets according to your applications and workflows.
- Secret: Secrets are unique key/value pairs enabling cloud native applications to connect with databases, SaaS services & other 3rd party systems.
- Auto-rotating secret: Auto-rotating secrets enable you to use HCP Vault Secrets to rotate an existing secret and store the new secret at a set time interval.
- Secret versions: Secret versions are specific versions of a secret with the ability to track the various updates to a secret.
- Audit logs: Audit logs give visibility into the various activities taking place within your application, as well as the source (who, when, where) of the activity.
Next steps
In the next section, you will see how to add secrets to HCP Vault Secrets.