← Enterprise Password ManagementHashiCorp Vault

StrongAdequateStrongStrong

4.4

Vendors › Enterprise Password Management › HashiCorp Vault

HashiCorp Vault

Name: HashiCorp Vault
Rating: 4.4 (435 reviews)
Author: HashiCorp (IBM)

HashiCorp (IBM)

Founded 2012·US·Private

4.4

Combined score

4.4280

Gartner

4.365

⚠

Security incident on record — Licence changed to Business Source License (BSL) 2023 — community fork OpenTofu created

▪ Editorial verdict

HashiCorp Vault is not a password manager and should not be evaluated as one. It is the industry standard for application and infrastructure secrets management, where dynamic secrets generated on demand and automatically revoked eliminate long-lived credentials from DevOps pipelines entirely. The integration with Kubernetes, Terraform, Ansible, and all major cloud providers is unmatched.

The category distinction matters for buyers. Vault requires engineering resources to deploy and operate. It has no browser extension, no autofill, and no end-user interface. Comparing it to 1Password or Keeper for human password management is a category error.

The verdict: HashiCorp Vault is the right choice for engineering and DevOps teams that need dynamic secrets management for infrastructure, CI/CD pipelines, and cloud workloads. It is not appropriate for organisations wanting a business password manager for human users. Use it alongside a human-focused password manager, not instead of one.

Last reviewed: May 2026

4.4280 reviews

Gartner

4.365 reviews

PeerSpot

8.290 reviews

Gartner MQ: Not in MQ

Enterprise Password Management assessment

PROTECTIONStrong

Vault security

5 / 5

Industry standard for application secrets management — dynamic secrets, encryption as a service, PKI management. Scored 5 because the cryptographic capabilities and secret lifecycle management are the most comprehensive of any solution in the category.

Sources: HashiCorp Vault documentation, GitHub (open source)

Policy enforcement

5 / 5

Granular policy engine with HCL-based access control. Scored 5 because policy enforcement granularity for machine-to-machine secrets is unmatched.

Sources: HashiCorp Vault policy documentation

OPERATIONSAdequate

SSO integration

4 / 5

Supports LDAP, OIDC, AWS IAM, Kubernetes, Azure AD, GCP. Scored 4 because SSO for human users requires additional configuration versus purpose-built password managers.

Sources: HashiCorp Vault auth methods documentation

Admin & user UX

2 / 5

Scored 2 because Vault requires infrastructure engineering expertise to operate — CLI-first with no consumer-friendly UX. Ideal for DevOps teams but not general business users.

Sources: HashiCorp Vault documentation, G2 reviews

ANALYTICSStrong

Usage reporting

4 / 5

Audit logs to file, syslog, or socket. Scored 4 because the audit device system is comprehensive for engineering teams.

Sources: HashiCorp Vault audit documentation

TRUST & ECOSYSTEMStrong

Integration coverage

5 / 5

Kubernetes, Terraform, Ansible, CI/CD pipelines, cloud IAMs. Scored 5 for DevOps/infrastructure integration breadth — unmatched in the category.

Sources: HashiCorp Vault documentation

Strongest: Vault security

Watch out for: Admin & user UX

Strengths & limitations

Strengths

●Industry standard for DevOps secrets management

●Free open-source version widely adopted

●Dynamic secrets — generates and revokes on-demand

Watch out for

●Not a consumer password manager — requires engineering resources

●BSL licence change 2023 created community friction

●High operational complexity

Best for

Engineering and DevOps teams needing secrets management for applications and CI/CD pipelines — not for general business password management.

Not suitable for: Non-technical teams — requires engineering resources; not a consumer password manager

Compliance coverage

●SOC 2

●HIPAA

●NIST CSF

●PCI-DSS

●GDPR

●ISO 27001

○Essential Eight

○AU Privacy Act

○CMMC

○NIS2

○DORA

○CIS Benchmarks

Switching intelligence

Switching from

Common migration paths based on review data

Hardcoded credentials
AWS Secrets Manager (complexity)

Also considering

Vendors typically shortlisted alongside

← Back to Enterprise Password Management Compare with other Enterprise Password Management vendors →

Quick facts

Pricing modelopen source (free); Vault Enterprise custom

Pricing rangeFree (OSS); Enterprise from $0.15/compute hour est.

Free trialYes — 30 days

Min seatsNo minimum

Deployment time1-4 weeks

Complexity4 / 5

Pricing transparency4 / 5

AU presenceNo

IRAP assessedNo

Open sourceFully open source

View on GitHub →

Deployment

ModelsSaaS, Self-hosted

OS supportWindows, macOS, Linux

CloudAWS, Azure, GCP

SupportEmail, Community, Dedicated CSM (Enterprise)

Data residencySelf-hosted, US, EU

Company

HashiCorp (IBM)

Founded 2012 · 800-1,200 (IBM) employees · Private

HQ: US

$500M+ ARR est. pre-acquisition

Certifications

SOC 2 Type II, ISO 27001, HIPAA, PCI-DSS

Integrations

KubernetesTerraformAnsibleGitHubAWS IAMAzure ADGCP IAMJenkinsConsul+ 1 more