Get Advice Icon

Need advice about which tool to choose?Ask the StackShare community!

Consul
Consul

593
479
+ 1
181
Vault
Vault

252
208
+ 1
52
Add tool

Consul vs Vault: What are the differences?

Developers describe Consul as "A tool for service discovery, monitoring and configuration". Consul is a tool for service discovery and configuration. Consul is distributed, highly available, and extremely scalable. On the other hand, Vault is detailed as "Secure, store, and tightly control access to tokens, passwords, certificates, API keys, and other secrets in modern computing". Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log.

Consul can be classified as a tool in the "Open Source Service Discovery" category, while Vault is grouped under "Secrets Management".

Some of the features offered by Consul are:

  • Service Discovery - Consul makes it simple for services to register themselves and to discover other services via a DNS or HTTP interface. External services such as SaaS providers can be registered as well.
  • Health Checking - Health Checking enables Consul to quickly alert operators about any issues in a cluster. The integration with service discovery prevents routing traffic to unhealthy hosts and enables service level circuit breakers.
  • Key/Value Storage - A flexible key/value store enables storing dynamic configuration, feature flagging, coordination, leader election and more. The simple HTTP API makes it easy to use anywhere.

On the other hand, Vault provides the following key features:

  • Secure Secret Storage: Arbitrary key/value secrets can be stored in Vault. Vault encrypts these secrets prior to writing them to persistent storage, so gaining access to the raw storage isn't enough to access your secrets. Vault can write to disk, Consul, and more.
  • Dynamic Secrets: Vault can generate secrets on-demand for some systems, such as AWS or SQL databases. For example, when an application needs to access an S3 bucket, it asks Vault for credentials, and Vault will generate an AWS keypair with valid permissions on demand. After creating these dynamic secrets, Vault will also automatically revoke them after the lease is up.
  • Data Encryption: Vault can encrypt and decrypt data without storing it. This allows security teams to define encryption parameters and developers to store encrypted data in a location such as SQL without having to design their own encryption methods.

"Great service discovery infrastructure" is the top reason why over 49 developers like Consul, while over 11 developers mention "Secure" as the leading cause for choosing Vault.

Consul and Vault are both open source tools. Consul with 16.4K GitHub stars and 2.85K forks on GitHub appears to be more popular than Vault with 13.2K GitHub stars and 1.98K GitHub forks.

According to the StackShare community, Consul has a broader approval, being mentioned in 134 company stacks & 55 developers stacks; compared to Vault, which is listed in 71 company stacks and 17 developer stacks.

What is Consul?

Consul is a tool for service discovery and configuration. Consul is distributed, highly available, and extremely scalable.

What is Vault?

Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log.
Get Advice Icon

Need advice about which tool to choose?Ask the StackShare community!

Why do developers choose Consul?
Why do developers choose Vault?

Sign up to add, upvote and see more prosMake informed product decisions

    Be the first to leave a con
      Be the first to leave a con
      What companies use Consul?
      What companies use Vault?

      Sign up to get full access to all the companiesMake informed product decisions

      What tools integrate with Consul?
      What tools integrate with Vault?

      Sign up to get full access to all the tool integrationsMake informed product decisions

      What are some alternatives to Consul and Vault?
      etcd
      etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles master elections during network partitions and will tolerate machine failure, including the master.
      Zookeeper
      A centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services. All of these kinds of services are used in some form or another by distributed applications.
      SkyDNS
      SkyDNS is a distributed service for announcement and discovery of services. It leverages Raft for high-availability and consensus, and utilizes DNS queries to discover available services. This is done by leveraging SRV records in DNS, with special meaning given to subdomains, priorities and weights (more info here: http://blog.gopheracademy.com/skydns).
      Ambassador
      Map services to arbitrary URLs in a single, declarative YAML file. Configure routes with CORS support, circuit breakers, timeouts, and more. Replace your Kubernetes ingress controller. Route gRPC, WebSockets, or HTTP.
      Kubernetes
      Kubernetes is an open source orchestration system for Docker containers. It handles scheduling onto nodes in a compute cluster and actively manages workloads to ensure that their state matches the users declared intentions.
      See all alternatives
      Decisions about Consul and Vault
      No stack decisions found
      Interest over time
      Reviews of Consul and Vault
      No reviews found
      How developers use Consul and Vault
      Avatar of Chris Hartwig
      Chris Hartwig uses ConsulConsul

      All our services use Consul for discovery, configuration and cluster management (auto scaling, health monitoring, dynamic reconfiguration, leader elections)

      Avatar of Tom Staijen
      Tom Staijen uses ConsulConsul

      Discovery service. Some configuration is stored in consul.

      Avatar of Robert Hao
      Robert Hao uses ConsulConsul

      I used Consul as config center & service discoverer.

      Avatar of Ismael Arenzana
      Ismael Arenzana uses ConsulConsul

      How else do you discover microservices? ;)

      Avatar of exana
      exana uses ConsulConsul

      For service discovery.

      How much does Consul cost?
      How much does Vault cost?
      Pricing unavailable
      Pricing unavailable
      News about Vault
      More news