Vault - The Secrets Management Service for DevOps. Encryption and Identity
Manage Secrets and Protect Sensitive Data
Vault can generate secrets on-demand for some systems, such as AWS or SQL databases. For example, when an application needs to access an S3 bucket, it asks Vault for credentials, and Vault will generate an AWS keypair with valid permissions on demand.
Vault can encrypt and decrypt data without storing it.
All secrets in Vault have a lease associated with it. At the end of the lease, Vault will automatically revoke that secret. Clients are able to renew leases via built-in renew APIs.
Revocation assists in key rolling as well as locking down systems in the case of an intrusion.
Arbitrary key/value secrets can be stored in Vault.