Technology RadarTechnology Radar

Vault

This item was not updated in last three versions of the Radar. Should it have appeared in one of the more recent editions, there is a good chance it remains pertinent. However, if the item dates back further, its relevance may have diminished and our current evaluation could vary. Regrettably, our capacity to consistently revisit items from past Radar editions is limited.
Adopt

Vault securely stores and controls access to tokens, passwords, certificates, encryption keys, and other sensitive data using a UI, CLI, or HTTP API.

Vault is part of the Hashicorp stack and since we already use Nomad to orchestrate our IT infrastructure, Vault was an obvious choice when the question came up about how to store application credentials. The integration in Nomad and Terraform makes it easy to retrieve secrets from Vault during the deployment phase of our applications. Additionally, having the possibility to make use of dynamic secrets is another plus for us to secure our environments even more.