Boundary vs. secrets management tools (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, etc.)

Secrets management is the use of tools and methods to manage digital authentication credentials. This includes passwords, API keys, PKI, TOTP codes, etc. Popular tools in this space includes HashiCorp Vault, Azure Key Vault, AWS Secrets Manager, Cloud KMS, and CyberArk Conjur.

Boundary itself is not a secrets manager for your infrastructure. A core step in Boundary's access workflow is integrating with your existing secrets management providers, such as HashiCorp Vault, to retrieve dynamic credentials, and return them to end users when they attempt to establish connections. For customers who may not yet have a credential management solution, or are looking to easily onboard, Boundary can function as a rudimentary static credential store. Boundary provides a comprehensive access workflow that integrates with secrets management providers, enforces secure and granular network and credential access based on identity, audits all access, and automates the discovery and configuration of new target endpoints.

Does Boundary replace a secrets management solution?

Boundary is not intended to replace an existing secrets management solution. Boundary is designed to work with your secrets management solution to comprehensively secure infrastructure access. For many users, Boundary's native static credential management capabilities may be sufficient. For those that require more advanced credential workflows, such as dynamic credentials, HashiCorp Vault is a natural complement to Boundary.