Need advice about which tool to choose?Ask the StackShare community!
Kong vs Vault: What are the differences?
What is Kong? Open Source Microservice & API Management Layer. Kong is a scalable, open source API Layer (also known as an API Gateway, or API Middleware). Kong controls layer 4 and 7 traffic and is extended through Plugins, which provide extra functionality and services beyond the core platform.
What is Vault? Secure, store, and tightly control access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log.
Kong can be classified as a tool in the "Microservices Tools" category, while Vault is grouped under "Secrets Management".
Some of the features offered by Kong are:
- Logging: Log requests and responses to your system over TCP, UDP or to disk
- OAuth2.0: Add easily an OAuth2.0 authentication to your APIs
- Monitoring: Live monitoring provides key load and performance server metrics
On the other hand, Vault provides the following key features:
- Secure Secret Storage: Arbitrary key/value secrets can be stored in Vault. Vault encrypts these secrets prior to writing them to persistent storage, so gaining access to the raw storage isn't enough to access your secrets. Vault can write to disk, Consul, and more.
- Dynamic Secrets: Vault can generate secrets on-demand for some systems, such as AWS or SQL databases. For example, when an application needs to access an S3 bucket, it asks Vault for credentials, and Vault will generate an AWS keypair with valid permissions on demand. After creating these dynamic secrets, Vault will also automatically revoke them after the lease is up.
- Data Encryption: Vault can encrypt and decrypt data without storing it. This allows security teams to define encryption parameters and developers to store encrypted data in a location such as SQL without having to design their own encryption methods.
"Easy to maintain" is the top reason why over 28 developers like Kong, while over 11 developers mention "Secure" as the leading cause for choosing Vault.
Kong and Vault are both open source tools. It seems that Kong with 22.4K GitHub stars and 2.75K forks on GitHub has more adoption than Vault with 13.2K GitHub stars and 1.98K GitHub forks.
DigitalOcean, Redox Engine, and SoFi are some of the popular companies that use Vault, whereas Kong is used by Checkr, Policygenius, and Cuemby. Vault has a broader approval, being mentioned in 71 company stacks & 17 developers stacks; compared to Kong, which is listed in 50 company stacks and 14 developer stacks.
Istio based on powerful Envoy whereas Kong based on Nginx. Istio is K8S native as well it's actively developed when k8s was successfully accepted with production-ready apps whereas Kong slowly migrated to start leveraging K8s. Istio has an inbuilt turn-keyIstio based on powerful Envoy whereas Kong based on Nginx. Istio is K8S native as well it's actively developed when k8s was successfully accepted with production-ready apps whereas Kong slowly migrated to start leveraging K8s. Istio has an inbuilt turn key solution with Rancher whereas Kong completely lacks here. Traffic distribution in Istio can be done via canary, a/b, shadowing, HTTP headers, ACL, whitelist whereas in Kong it's limited to canary, ACL, blue-green, proxy caching. Istio has amazing community support which is visible via Github stars or releases when comparing both.
Pros of Kong
- Easy to maintain37
- Easy to install32
- Flexible26
- Great performance21
- Api blueprint7
- Custom Plugins4
- Kubernetes-native3
- Security2
- Has a good plugin infrastructure2
- Agnostic2
- Load balancing1
- Documentation is clear1
- Very customizable1
Pros of Vault
- Secure17
- Variety of Secret Backends13
- Very easy to set up and use11
- Dynamic secret generation8
- AuditLog5
- Privilege Access Management3
- Leasing and Renewal3
- Easy to integrate with2
- Open Source2
- Consol integration2
- Handles secret sprawl2
- Variety of Auth Backends2
- Multicloud1