For anyone pondering a migration to something on premise, there is also Vault Fork called OpenBao(https://openbao.org/) similar to fork OpenToFu is of terraform.
I haven't tried it out, but it looks they recently added PKCS#11 which should make it possible to use it with devices like HSMs and cloud KMS solutions.
For those of us for the removed can someone explain the difference between Vault Secrets and Vault Dedicated? (very naively I would have thought that Vault itself os specifically about secrets so I must be missing the nuance)
HCP Vault Secrets aka Easy Vault aka Vault Lite is only for secrets. It’s also Cloud hosted.
Vault Community is more full featured. Vault Enterprise has HSM support (for auto unseal and seal wrapping) and FIPS 140-2 for those type of customers.
We use Vault Enterprise on prem solely for its particular HSM integration.
A breach would warrant deprecation/invalidation of existing data. I doubt that HashiCorp would bet the future of their entire business on customers not being impacted from or not noticing a data breach.
For anyone pondering a migration to something on premise, there is also Vault Fork called OpenBao(https://openbao.org/) similar to fork OpenToFu is of terraform.
I haven't tried it out, but it looks they recently added PKCS#11 which should make it possible to use it with devices like HSMs and cloud KMS solutions.
You can run Vault on prem
You can but assuming you are not paying for it, Hashicorp seems extremely hostile to community edition users.
How. I run it on prem and have no particular issues.
For those of us for the removed can someone explain the difference between Vault Secrets and Vault Dedicated? (very naively I would have thought that Vault itself os specifically about secrets so I must be missing the nuance)
HCP Vault Secrets aka Easy Vault aka Vault Lite is only for secrets. It’s also Cloud hosted.
Vault Community is more full featured. Vault Enterprise has HSM support (for auto unseal and seal wrapping) and FIPS 140-2 for those type of customers.
We use Vault Enterprise on prem solely for its particular HSM integration.
Third alternative that HCE doesn't mention ...
https://openbao.org/
:-)
[flagged]
A breach would warrant deprecation/invalidation of existing data. I doubt that HashiCorp would bet the future of their entire business on customers not being impacted from or not noticing a data breach.
Unfounded conspiracy theory.
[flagged]
If you're a competitor, surely this is the opposite of devastating?
I don't want to make assumptions, but it's very possible they were being sarcastic
This was indeed sarcasm haha