HashiCorp Vault Pricing: Paid Editions & Pricing Tiers Explained

Hashicorp Vault Pricing Blog Banner

What Is HashiCorp Vault? 

HashiCorp Vault is a tool for secrets management, offering secure access to tokens, passwords, certificates, API keys, and other sensitive data. It centralizes and encrypts this information, ensuring tight access control and detailed audit logs. Vault supports dynamic secrets and on-demand access with limited lifetimes, reducing the risk of unauthorized access or breaches.

Vault components include a storage backend, authentication methods, and a secrets engine. It allows for secure secret storage, rotation, and dynamic access, supporting best practices in secure infrastructure management across cloud and on-premises environments.

This article is part of a series on Hashicorp Vault

Is HashiCorp Vault Open Source?

In August, 2023, HashiCorp announced that its open source products, including Vault, would transition from the Mozilla Public License (MPL) 2.0 open source license to the more restrictive Business Source License (BSL) 1.1. 

Generally speaking, this means that while HashiCorp still allows free use of their products and makes the source code available, they only permit usage “for internal and personal use”. HashiCorp clarifies that: 

“All non-production uses are permitted. All production uses are allowed other than hosting or embedding the Licensed Work to compete with HashiCorp’s paid version of the same Licensed Work, whether hosted or self-managed.”

So while the old open source version of vault is still available on GitHub, depending on your use case, you might need to consider a paid license.

Tips From the Expert

In my experience, here are tips that can help you optimize HashiCorp Vault pricing based on your usage:

  1. Right-size your environment
    Start with the Development or Free tier if you’re in early development or testing stages, and only upgrade when your application scales or production demands arise. Avoid unnecessary costs by evaluating your client and API usage early.

  2. Leverage dynamic secrets to reduce exposure
    Use dynamic secrets wherever possible. These are short-lived and can automatically expire, reducing the likelihood of a breach and minimizing the need for manual secret rotation, which also reduces your API operation costs in managed tiers.

  3. Use secret versioning sparingly
    Keep secret versions to a minimum, especially in managed tiers like HCP Vault Secrets where pricing scales with the number of versions. Delete older, unused versions to avoid additional storage and access costs.

  4. Consolidate secrets across apps
    Group secrets into fewer applications where possible, especially in the Standard tier. This can reduce both the number of applications and secrets managed, lowering overall monthly costs and improving security management.

  5. Optimize API operations with caching
    Reduce the number of API calls by implementing client-side caching for secrets that don’t need to be fetched frequently. This can cut down on Secret Access API operations in managed tiers, where API usage is billed based on volume.

Ran Cohen photo
Ran Cohen
CTO & Co-Founder, Configu
Before co-founding Configu, Ran was a full stack developer at Testim.io and previously served in an elite cybersecurity unit in the Israeli Defense Forces.

Paid Editions of HashiCorp Vault

HCP Vault Dedicated (Managed)

HCP Vault Dedicated is a managed service designed to offer enhanced security and scalability for businesses requiring dedicated resources. It provides a single-tenant environment, ensuring that the infrastructure is exclusively used by one customer, thereby enhancing privacy and performance. 

The service includes automated backups, scalability options, and direct support from HashiCorp experts. Customers can choose their preferred region for data storage, which helps in complying with data residency regulations.

HCP Vault Secrets (Cloud)

HCP Vault Secrets is a cloud service that allows users to centrally store, access, and manage secrets across multiple clouds and applications with ease. This service supports a wide range of secret types, including API keys, passwords, and certificates, making it a versatile tool for developers and IT teams. 

HCP Vault Secrets offers automation features, such as dynamic secrets that are generated on-the-fly and have a limited lifetime, reducing the risks associated with static secrets. The service supports automatic scaling to handle varying loads. Additionally, it provides access controls and detailed audit logs, ensuring compliance with industry standards and regulations.

Vault Enterprise (Self-Managed)

Vault Enterprise is HashiCorp’s self-managed solution. It includes multi-factor authentication, role-based access control, and detailed audit logs, catering to businesses with strict security requirements. Vault Enterprise is designed for deployment in customer-controlled environments, which provides flexibility and control over the security and management of sensitive data.

Vault Enterprise supports disaster recovery, ensuring minimal downtime and data loss in the event of a system failure. Additionally, Vault Enterprise supports replication across multiple data centers, enhancing the availability and reliability of secrets management operations across global enterprises.

Understanding HCP Vault (Managed) Pricing Tiers 

Development Tier

This tier is suitable for development environments and is not intended for production use. It may not scale effectively for slightly larger production scenarios. It supports up to 25 clients by default and does not scale beyond this limit.

Hourly cost: Starts at $0.03 per hour

Monthly cost: Starts at $21.60 per month

Standard Tier

The Standard tier provides a cost-effective solution for deploying production-grade Vault clusters that are fully managed by HCP. It guarantees a 99.9% SLA and offers Silver Support level service. Key features of this tier include Vault audit log and telemetry streaming, backup and restore, and version management.

Annual cost: Starts $13,634 annually

Hourly cost: Starts at $1.58 per hour

Plus Tier

The Plus tier extends the offerings of the Standard tier to cater to organizations with advanced scaling, governance, and compliance requirements. It includes all features of the Standard tier and adds Vault Enterprise Performance Replication, Sentinel Policies, Control Groups, and Advanced Data Protection. It provides Gold level support, suitable for large-scale enterprises that demand extensive data protection and governance features.

Annual cost: Starts at $16,145 per year

Hourly cost: Starts at $1.83 per hour

Understanding HashiCorp Vault Secrets (Cloud) Pricing Tiers 

Free Tier

The Free tier of HCP Vault Secrets allows users to manage the lifecycle of secrets for free. It is available for use indefinitely without a fee and does not require a credit card to access. Users can manage up to 25 applications and create the same number of secrets. Each secret can have up to 5 versions, and users can set up to 5 active secret sync integrations. 

For API usage, the Free tier allows for 10,000 Secret Access API Operations, after which the rate is limited to 10 operations per minute. Support for users on this tier is provided by the community, which helps small projects and individuals securely manage their secrets.

Standard Tier

This tier supports up to 1,000 applications and allows for the creation of 2,500 secrets. Secrets can have up to 50 versions, and the number of active secret sync integrations allowed is 200. The API usage is billed per 10,000 Secret Access API Operations, providing flexibility for applications with high operational demands. 

The Standard tier guarantees a 99.9% SLA and includes Silver level support from HashiCorp, ensuring reliable assistance. Customers can choose between pay-as-you-go or flexible billing options. Pricing is determined based on the number of secrets created and the volume of Secret Access API Operations. 

Pricing details:

  • Secrets are billed at $0.50 each per month, calculated based on the total hours used and prorated monthly. 
  • API operations are billed at $0.10 for every 10,000 operations. 

For example, maintaining 25 secrets for a full month, along with conducting 25,000 API operations, would result in a total charge of $12.75 for that month. 

Related content: Read our guide to HashiCorp vault alternatives

Secret Management with Configu

Configu is a configuration management platform with strong integration to GitHub Actions. It’s comprised of two main components:

Configu Orchestrator

As applications become more dynamic and distributed in microservices architectures, configurations are getting more fragmented. They are saved as raw text that is spread across multiple stores, databases, files, git repositories, and third-party tools (a typical company will have five to ten different stores).

The Configu Orchestrator, which is open-source software, is a powerful standalone tool designed to address this challenge by providing configuration orchestration along with Configuration-as-Code (CaC) approach.

Configu Cloud

Configu Cloud is the most innovative store purpose-built for configurations, including environment variables, secrets, and feature flags. It is built based on the Configu configuration-as-code (CaC) approach and can model configurations and wrap them with unique layers, providing collaboration capabilities, visibility into configuration workflows, and security and compliance standardization.

Unlike legacy tools, which treat configurations as unstructured data or key-value pairs, Configu is leading the way with a Configuration-as-Code approach. By modeling configurations, they are treated as first-class citizens in the developers’ code. This makes our solution more robust and reliable and also enables Configu to provide more capabilities, such as visualization, a testing framework, and security abilities.

Learn more about Configu

Related Content

HashiCorp Vault: 6 Alternatives & Competitors You Should Know

HashiCorp Consul: Architecture, Use Cases & Deployment Guidelines

Understanding HashiCorp Vault: 5 Key Features, Pricing & Alternatives

HashiCorp Vault Docker: The Basics and a Quick Tutorial

Managing HashiCorp Vault with Configu Orchestrator: A Brief Tutorial

Try Configu for free
Painless end-to-end configuration management platform
Get Started for Free