SecretHub vs Vault: What are the differences?
SecretHub: Keep passwords and other secrets out of IT automation scripts. All software needs secrets to access other resources: encryption keys, API tokens, database passwords. Helps teams deploy those application secrets to any cloud with a secure, automatic and reproducible deployment process; Vault: Secure, store, and tightly control access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log.
SecretHub and Vault can be primarily classified as "Secrets Management" tools.
Some of the features offered by SecretHub are:
- Secure Secret Sharing
- Centralises Secrets
- High availability
On the other hand, Vault provides the following key features:
- Secure Secret Storage: Arbitrary key/value secrets can be stored in Vault. Vault encrypts these secrets prior to writing them to persistent storage, so gaining access to the raw storage isn't enough to access your secrets. Vault can write to disk, Consul, and more.
- Dynamic Secrets: Vault can generate secrets on-demand for some systems, such as AWS or SQL databases. For example, when an application needs to access an S3 bucket, it asks Vault for credentials, and Vault will generate an AWS keypair with valid permissions on demand. After creating these dynamic secrets, Vault will also automatically revoke them after the lease is up.
- Data Encryption: Vault can encrypt and decrypt data without storing it. This allows security teams to define encryption parameters and developers to store encrypted data in a location such as SQL without having to design their own encryption methods.
Vault is an open source tool with 13.2K GitHub stars and 1.98K GitHub forks. Here's a link to Vault's open source repository on GitHub.