For those of us for the removed can someone explain the difference between Vault Secrets and Vault Dedicated? (very naively I would have thought that Vault itself os specifically about secrets so I must be missing the nuance)
firesteelrain•7mo ago
HCP Vault Secrets aka Easy Vault aka Vault Lite is only for secrets. It’s also Cloud hosted.
Vault Community is more full featured. Vault Enterprise has HSM support (for auto unseal and seal wrapping) and FIPS 140-2 for those type of customers.
We use Vault Enterprise on prem solely for its particular HSM integration.
stackskipton•7mo ago
For anyone pondering a migration to something on premise, there is also Vault Fork called OpenBao(https://openbao.org/) similar to fork OpenToFu is of terraform.
tekla•7mo ago
You can run Vault on prem
stackskipton•7mo ago
You can but assuming you are not paying for it, Hashicorp seems extremely hostile to community edition users.
tekla•7mo ago
How. I run it on prem and have no particular issues.
zorgmonkey•7mo ago
I haven't tried it out, but it looks they recently added PKCS#11 which should make it possible to use it with devices like HSMs and cloud KMS solutions.
redwood•7mo ago
firesteelrain•7mo ago
Vault Community is more full featured. Vault Enterprise has HSM support (for auto unseal and seal wrapping) and FIPS 140-2 for those type of customers.
We use Vault Enterprise on prem solely for its particular HSM integration.