Vault
ELI5 — The Vibe Check
HashiCorp Vault is the Fort Knox of secrets management. It stores API keys, passwords, certificates, and encryption keys behind multiple layers of security. It generates dynamic, short-lived credentials on demand — need a database password? Vault creates one that expires in an hour. It's secrets management for organizations that take security seriously.
Real Talk
HashiCorp Vault is a secrets management and data protection tool. It provides centralized secret storage (KV, databases, PKI), dynamic secret generation (short-lived credentials for databases, cloud providers), encryption as a service (transit secrets engine), and identity-based access control. It supports multiple auth methods, audit logging, and high availability.
Show Me The Code
# Store a secret
vault kv put secret/myapp/config db_password="s3cret"
# Read a secret
vault kv get secret/myapp/config
# Generate a dynamic database credential
vault read database/creds/my-role
# Returns: username=v-token-my-role-abc, password=xyz (expires in 1h)
When You'll Hear This
"Vault generates dynamic database credentials that expire after an hour." / "All secrets are stored in Vault, not in environment variables or config files."
Related Terms
Credential Rotation
Credential Rotation is the practice of regularly changing ALL your secrets — database passwords, API keys, certificates, tokens.
KMS (Key Management Service)
KMS is the cloud service that holds your encryption keys in a hardware vault and does crypto operations for you. Need to encrypt something? Send it to KMS.
Secret
A secret is an environment variable that's extra sensitive — API keys, passwords, tokens. The rule is simple: secrets NEVER go in your code or git history.