Traefik vs Vault
Overview
Share your Stack
Help developers discover the tools you use. Get visibility for your team's tech choices and contribute to the community's knowledge.
CLI (Node.js)
Manual
Detailed Comparison
Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log. | A modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components and configures itself automatically and dynamically. |
Secure Secret Storage: Arbitrary key/value secrets can be stored in Vault. Vault encrypts these secrets prior to writing them to persistent storage, so gaining access to the raw storage isn't enough to access your secrets. Vault can write to disk, Consul, and more.;Dynamic Secrets: Vault can generate secrets on-demand for some systems, such as AWS or SQL databases. For example, when an application needs to access an S3 bucket, it asks Vault for credentials, and Vault will generate an AWS keypair with valid permissions on demand. After creating these dynamic secrets, Vault will also automatically revoke them after the lease is up.;Data Encryption: Vault can encrypt and decrypt data without storing it. This allows security teams to define encryption parameters and developers to store encrypted data in a location such as SQL without having to design their own encryption methods.;Leasing and Renewal: All secrets in Vault have a lease associated with it. At the end of the lease, Vault will automatically revoke that secret. Clients are able to renew leases via built-in renew APIs.;Revocation: Vault has built-in support for secret revocation. Vault can revoke not only single secrets, but a tree of secrets, for example all secrets read by a specific user, or all secrets of a particular type. Revocation assists in key rolling as well as locking down systems in the case of an intrusion. | Continuously updates its configuration (No restarts!);
Supports multiple load balancing algorithms;
Provides HTTPS to your microservices by leveraging Let's Encrypt (wildcard certificates support);
Circuit breakers, retry;
High Availability with cluster mode;
See the magic through its clean web UI;
Websocket, HTTP/2, GRPC ready;
Provides metrics;
Keeps access logs;
Fast;
Exposes a Rest API |
Statistics | |
GitHub Stars 33.4K | GitHub Stars - |
GitHub Forks 4.5K | GitHub Forks - |
Stacks 820 | Stacks 967 |
Followers 802 | Followers 1.2K |
Votes 71 | Votes 93 |
Pros & Cons | |
Pros
| Pros
Cons
|
Integrations | |
| No integrations available | |
What are some alternatives to Vault, Traefik?
HAProxy
HAProxy (High Availability Proxy) is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications.
AWS Elastic Load Balancing (ELB)
With Elastic Load Balancing, you can add and remove EC2 instances as your needs change without disrupting the overall flow of information. If one EC2 instance fails, Elastic Load Balancing automatically reroutes the traffic to the remaining running EC2 instances. If the failed EC2 instance is restored, Elastic Load Balancing restores the traffic to that instance. Elastic Load Balancing offers clients a single point of contact, and it can also serve as the first line of defense against attacks on your network. You can offload the work of encryption and decryption to Elastic Load Balancing, so your servers can focus on their main task.
Fly
Deploy apps through our global load balancer with minimal shenanigans. All Fly-enabled applications get free SSL certificates, accept traffic through our global network of datacenters, and encrypt all traffic from visitors through to application servers.
Doppler
Doppler’s developer-first security platform empowers teams to seamlessly manage, orchestrate, and govern secrets at scale.
Envoy
Originally built at Lyft, Envoy is a high performance C++ distributed proxy designed for single services and applications, as well as a communication bus and “universal data plane” designed for large microservice “service mesh” architectures.
IBM SKLM
It centralizes, simplifies and automates the encryption key management process to help minimize risk and reduce operational costs of encryption key management. It offers secure, robust key storage, key serving and key lifecycle management for IBM and non-IBM storage solutions using the OASIS Key Management Interoperability Protocol (KMIP).
Docker Secrets
A container native solution that strengthens the Trusted Delivery component of container security by integrating secret distribution directly into the container platform.
AWS Secrets Manager
AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.
EnvKey
Securely store config and manage access in an end-to-end encrypted, auto-syncing desktop app. Connect your apps in minutes in any language with an environment variable and a line or two of code.
Hipache
Hipache is a distributed proxy designed to route high volumes of http and websocket traffic to unusually large numbers of virtual hosts, in a highly dynamic topology where backends are added and removed several times per second. It is particularly well-suited for PaaS (platform-as-a-service) and other environments that are both business-critical and multi-tenant.
