from Hacker News

Vault 0.4 released – a tool for managing secrets

by medina on 12/12/15, 1:36 AM with 21 comments

  • by notdonspaulding on 12/12/15, 5:44 AM

    Can somebody tell me how Hashicorp makes money? They seem to employ people, and they have a page that sends traffic off to technology and solutions partners, but where do they make their own money?

    We use Vagrant at work and I'm considering whether and how we could use more of their tooling. But I always want to know about the business model behind the tools I recommend before I recommend them.

    Anyone?

  • by borplk on 12/12/15, 3:51 AM

    Someone correct me if I'm wrong but Vault on its own (without an agent) would be quite difficult to use in a simple web application setup, no?

    For example let's say I store an API token in Vault and want to use that in my Node.js application.

    That means I can't do "var api_token = MY_API_TOKEN;" because the secret needs to come from vault and get refreshed, etc...

    I'd imagine you will need some agent to manage the secret lease/expiry and for that to reload your entire application to ensure you don't end up with old secrets hanging around in the memory.

    This topic is not addressed anywhere in the Vault documentation, I looked everywhere I could.

  • by adrtessier on 12/12/15, 2:24 AM

    There sure are a lot of these systems these days. While I'm always happy to see innovation in this area, I'm personally beginning to get confused as to why I might prefer to use (and probably then contribute to) one of these projects over another. After all, there's this, and Lyft's Confidant [1], and Square's Keywhiz [2], and plenty more that don't come to mind right now. They all have nice documentation about what they do, but none of them sufficiently explain to me what architectural differences they have, their pros and cons. I think it would be great to see that added to these products' pages at best, or at least some guy write a blog post about it.

    [1] https://lyft.github.io/confidant/ [2] https://square.github.io/keywhiz/

  • by doublerebel on 12/12/15, 2:11 PM

    Vault fits in with my existing stack very well. Though a simple tool it solves so many of the common security issues with modern architecture (secrets distribution, multi-factor auth, compatible with multiple public/private networks simultaneously, has an API and GUI...). It's clear the authors have run into the problem time and time again.

    And yesterday I got it to build and run on SmartOS too, for extra security and scalability. Thanks to Hashicorp team for their work, and their commitment to open-source.