What Is HashiCorp Vault?
HashiCorp Vault is a tool for secrets management, offering secure access to tokens, passwords, certificates, API keys, and other sensitive data. It centralizes and encrypts this information, ensuring tight access control and detailed audit logs. Vault supports dynamic secrets and on-demand access with limited lifetimes, reducing the risk of unauthorized access or breaches.
Vault components include a storage backend, authentication methods, and a secrets engine. It allows for secure secret storage, rotation, and dynamic access, supporting best practices in secure infrastructure management across cloud and on-premises environments.
This article is part of a series on Hashicorp Vault
In this article:
Is HashiCorp Vault Open Source?
In August, 2023, HashiCorp announced that its open source products, including Vault, would transition from the Mozilla Public License (MPL) 2.0 open source license to the more restrictive Business Source License (BSL) 1.1.
Generally speaking, this means that while HashiCorp still allows free use of their products and makes the source code available, they only permit usage “for internal and personal use”. HashiCorp clarifies that:
“All non-production uses are permitted. All production uses are allowed other than hosting or embedding the Licensed Work to compete with HashiCorp’s paid version of the same Licensed Work, whether hosted or self-managed.”
So while the old open source version of vault is still available on GitHub, depending on your use case, you might need to consider a paid license.
Paid Editions of HashiCorp Vault
HCP Vault Dedicated (Managed)
HCP Vault Dedicated is a managed service designed to offer enhanced security and scalability for businesses requiring dedicated resources. It provides a single-tenant environment, ensuring that the infrastructure is exclusively used by one customer, thereby enhancing privacy and performance.
The service includes automated backups, scalability options, and direct support from HashiCorp experts. Customers can choose their preferred region for data storage, which helps in complying with data residency regulations.
HCP Vault Secrets (Cloud)
HCP Vault Secrets is a cloud service that allows users to centrally store, access, and manage secrets across multiple clouds and applications with ease. This service supports a wide range of secret types, including API keys, passwords, and certificates, making it a versatile tool for developers and IT teams.
HCP Vault Secrets offers automation features, such as dynamic secrets that are generated on-the-fly and have a limited lifetime, reducing the risks associated with static secrets. The service supports automatic scaling to handle varying loads. Additionally, it provides access controls and detailed audit logs, ensuring compliance with industry standards and regulations.
Vault Enterprise (Self-Managed)
Vault Enterprise is HashiCorp’s self-managed solution. It includes multi-factor authentication, role-based access control, and detailed audit logs, catering to businesses with strict security requirements. Vault Enterprise is designed for deployment in customer-controlled environments, which provides flexibility and control over the security and management of sensitive data.
Vault Enterprise supports disaster recovery, ensuring minimal downtime and data loss in the event of a system failure. Additionally, Vault Enterprise supports replication across multiple data centers, enhancing the availability and reliability of secrets management operations across global enterprises.
Understanding HCP Vault (Managed) Pricing Tiers
Development Tier
This tier is suitable for development environments and is not intended for production use. It may not scale effectively for slightly larger production scenarios. It supports up to 25 clients by default and does not scale beyond this limit.
Hourly cost: Starts at $0.03 per hour
Monthly cost: Starts at $21.60 per month
Standard Tier
The Standard tier provides a cost-effective solution for deploying production-grade Vault clusters that are fully managed by HCP. It guarantees a 99.9% SLA and offers Silver Support level service. Key features of this tier include Vault audit log and telemetry streaming, backup and restore, and version management.
Annual cost: Starts $13,634 annually
Hourly cost: Starts at $1.58 per hour
Plus Tier
The Plus tier extends the offerings of the Standard tier to cater to organizations with advanced scaling, governance, and compliance requirements. It includes all features of the Standard tier and adds Vault Enterprise Performance Replication, Sentinel Policies, Control Groups, and Advanced Data Protection. It provides Gold level support, suitable for large-scale enterprises that demand extensive data protection and governance features.
Annual cost: Starts at $16,145 per year
Hourly cost: Starts at $1.83 per hour
Understanding HashiCorp Vault Secrets (Cloud) Pricing Tiers
Free Tier
The Free tier of HCP Vault Secrets allows users to manage the lifecycle of secrets for free. It is available for use indefinitely without a fee and does not require a credit card to access. Users can manage up to 25 applications and create the same number of secrets. Each secret can have up to 5 versions, and users can set up to 5 active secret sync integrations.
For API usage, the Free tier allows for 10,000 Secret Access API Operations, after which the rate is limited to 10 operations per minute. Support for users on this tier is provided by the community, which helps small projects and individuals securely manage their secrets.
Standard Tier
This tier supports up to 1,000 applications and allows for the creation of 2,500 secrets. Secrets can have up to 50 versions, and the number of active secret sync integrations allowed is 200. The API usage is billed per 10,000 Secret Access API Operations, providing flexibility for applications with high operational demands.
The Standard tier guarantees a 99.9% SLA and includes Silver level support from HashiCorp, ensuring reliable assistance. Customers can choose between pay-as-you-go or flexible billing options. Pricing is determined based on the number of secrets created and the volume of Secret Access API Operations.
Pricing details:
- Secrets are billed at $0.50 each per month, calculated based on the total hours used and prorated monthly.
- API operations are billed at $0.10 for every 10,000 operations.
For example, maintaining 25 secrets for a full month, along with conducting 25,000 API operations, would result in a total charge of $12.75 for that month.
Related content: Read our guide to HashiCorp vault alternatives (coming soon)
Secret Management with Configu
Configu is a configuration management platform with strong integration to GitHub Actions. It’s comprised of two main components:
Configu Orchestrator
As applications become more dynamic and distributed in microservices architectures, configurations are getting more fragmented. They are saved as raw text that is spread across multiple stores, databases, files, git repositories, and third-party tools (a typical company will have five to ten different stores).
The Configu Orchestrator, which is open-source software, is a powerful standalone tool designed to address this challenge by providing configuration orchestration along with Configuration-as-Code (CaC) approach.
Configu Cloud
Configu Cloud is the most innovative store purpose-built for configurations, including environment variables, secrets, and feature flags. It is built based on the Configu configuration-as-code (CaC) approach and can model configurations and wrap them with unique layers, providing collaboration capabilities, visibility into configuration workflows, and security and compliance standardization.
Unlike legacy tools, which treat configurations as unstructured data or key-value pairs, Configu is leading the way with a Configuration-as-Code approach. By modeling configurations, they are treated as first-class citizens in the developers’ code. This makes our solution more robust and reliable and also enables Configu to provide more capabilities, such as visualization, a testing framework, and security abilities.
