Vault Documentation

Vault is an identity-based secret and encryption management system. This documentation covers the main concepts of Vault, what problems it can solve, and contains a quick start for using Vault.

Use Cases

Secrets Management

Centrally store, access, and deploy secrets across applications, systems, and infrastructure.

KV Secrets Engine
A generic Key-Value store used to store arbitrary secrets within the configured physical storage for Vault.
Database Credentials
Generate database credentials dynamically based on configured roles.
Kubernetes Secrets
Deploy Vault into Kubernetes using the official HashiCorp Vault Helm chart.

Encryption Services

Securely handle data such as social security numbers, credit card numbers, and other types of compliance-regulated information.

Transit Secrets Engine
Apply cryptographic functions on data in-transit. Sign and verify data, generate hashes and HMACs of data, and act as a source of random bytes.
Transform Secrets Engine
Handle secure data transformation and tokenization against a provided input value using NIST vetted cryptographic standards and other transformations such as masking.
Tokenization
Exchange a sensitive value for an unrelated value called a token. The original sensitive value cannot be recovered from a token alone but is irreversible.

Key Management

Use a standardized workflow for distribution and lifecycle management of cryptographic keys in various KMS providers.

KMIP Secrets Engine
Act as a key management interoperability protocol server provider and handle the lifecycle of its KMIP managed objects.
Key Management Secrets Engine
A consistent workflow for distribution and lifecycle management of cryptographic keys in key management service (KMS) providers.
PKI
Generate dynamic X.509 certificates without going through the manual process of generating a private key and CSR or submitting to a CA.

Developers

Developer Quick Start
Client Libraries
Sample Integrations
Code Samples