What is HCP Vault
HashiCorp Cloud Platform (HCP) Vault is a fully managed platform of Vault which is operated by HashiCorp allowing organizations to get up and running quickly. HCP Vault provides a consistent user experience compared to a self-managed Vault cluster. You can use the same Vault clients to communicate with HCP Vault as you use to communicate with a self-managed Vault.
If an organization chooses to allow a public connection, the HCP Vault cluster will have an associated public address where clients can directly connect to Vault. Most often, an organization disables the public connection for security. The organization can establish a peering connection between their cloud provider and a HashiCorp Virtual Network (HVN). By doing so, you can ensure that only trusted clients (users, applications, containers, etc.) running your public cloud provider connect to Vault and avoid systems outside of your selected network attempting to connect.
Self-managed vs. HCP Vault cluster
Here is a quick comparison between a self-managed Vault cluster and an HCP Vault cluster.
| Self-managed | HCP Vault | |
|---|---|---|
| Vault Edition | Vault OSS or Vault Enterprise | Vault Enterprise |
| Storage backend | Choose one and self-manage | Integrated Storage |
| Seal | Seal uses Shamir's Secret Sharing algorithm to generate key shares by default. | Auto-unseal is configured. A unique Key Management Service (KMS) key is created for each cluster. |
| Vault version | Self-manage the upgrade process | The minor versions are upgraded for you automatically. See the Vault Version documentation for more detail. |
| Top-level Namespace | root | admin |
| Root/admin token | Vault initialization process generates a root token. To regenerate a root token, unseal keys or recovery keys are required. | Click on the Generate token button via HCP Vault Portal returns an admin token which is valid for 6 hours. |
| Advanced Data Protection (ADP) features | Available with license | Currently, not available |
| Enterprise Replication | DR Replication requires Enterprise Standard, and Performance Replication is part of Enterprise Premium. | Performance Replication is available with HCP Vault Plus. |
| Auth methods | No limitation | A subset of available auth methods have been validated on HCP Vault. Additional auth methods will be validated over time. Refer to Security Overview documentation for more details. |
| Secrets Engines | No restriction | A subset of available secrets engines have been validated on HCP Vault. Additional secrets engines will be validated over time. Refer to the Security Overview documentation for more details. |
| Cluster Scaling | No built in feature to scale the cluster size up or down. | Scale your cluster size dynamically via the HashiCorp Cloud Platform Portal or Terraform. |
To learn more about HCP Vault pricing, visit the HCP Vault Pricing page as well as the HCP Billing documentation.
Next steps
Create your first HCP Vault cluster to get started. Go through each tutorial in this series for an overall tour of HCP Vault.