Announcing secrets sync beta for self-managed Vault Enterprise
Vault Enterprise 1.15 adds a beta release of secrets sync, a feature that allows organizations to control secret sprawl and their secrets management lifecycle.
At HashiDays in June, we announced the public beta for a new offering on the HashiCorp Cloud Platform: HCP Vault Secrets is a powerful new tool designed to identify, control, and remediate secrets sprawl and centralize secrets management by synchronizing secrets across platforms.
Secrets are unlike traditional credentials because they are leveraged by developers, applications, services, infrastructure, and platforms to establish trusted identities. As organizations distribute their workloads across more platforms they lose centralized control over identity security and become more exposed to secrets sprawl.
This post reviews the secrets sync beta feature released as part of Vault Enterprise 1.15 and discusses how it will help organizations corral secrets sprawl and regain centralized control and visibility of their secrets.
» Secret sprawl’s effects on secrets management
More and more of the software supply chain is shifting left, giving individual engineers and engineering teams more discretion regarding secrets management. As an organization’s workloads become more distributed across CI/CD tooling and cloud platforms, enterprises report difficulty in maintaining secrets revocation and rotation security policy compliance. This is largely due to the inability of individual platforms to provide unified and centralized visibility into secrets lifecycle management.
Maintaining a centralized view of your secrets lifecycle brings many benefits:
- Increased security across clouds and machines: Reduce the risk of breaches by centralizing where secrets are stored and reducing the context-switching needed to jump between multiple solutions, which can lead to human error.
- Increased productivity: Development teams can improve their security posture without expending additional time and effort tracking down secrets from fragmented locations.
- Enhanced visibility of secrets activity across teams: Get insight into when secrets are modified or accessed by whom, when, and from where with advanced filtering and storing capabilities.
- Last-mile secrets availability for developers: Keep secrets centralized in Vault while syncing secrets to existing platforms and tools, including cloud service providers, so that developers can access secrets where they need them.
» Secrets sync: A solution to secrets sprawl
Secrets sync allows users to synchronize secrets when and where they require them and to continually sync secrets from Vault Enterprise to external secrets managers so they are always up to date.
The beta release of Vault Enterprise secrets sync covers some of the most common destinations for secrets:
- AWS Secrets Manager
- Microsoft Azure Key Vault
- Google Cloud Secret Manager
- GitHub
- Vercel
By adopting Vault Enterprise secrets sync to remediate secrets sprawl, organizations can establish centralized secrets lifecycle management in a single control plane. This eliminates the need for context switching among multiple secrets management platforms.
» Get started with Vault Enterprise Secrets Sync
Secrets sync on Vault Enterprise is now available as a beta feature in the 1.15 release. Learn more about secrets sync in our documentation and learn more about what Vault can do for your organization on our features page.
Sign up for the latest HashiCorp news
More blog posts like this one
Vault integrations with MongoDB, Private Machines, and walt.id strengthen customer security
Three new HashiCorp Vault ecosystem integrations extend security use cases for customers.
HashiCorp at re:Invent 2024: Security Lifecycle Management with AWS
A recap of HashiCorp security news and developments on AWS from the past year, for your security management playbook.
HCP Vault Dedicated adds secrets sync, cross-region DR, EST PKI, and more
The newest HCP Vault Dedicated 1.18 upgrade includes a range of new features that include expanding DR region coverage, syncing secrets across providers, and adding PKI EST among other key features.