Vault
Why use HCP Vault Dedicated
HashiCorp Cloud Platform (HCP) Vault Dedicated is a fully managed implementation of Vault Enterprise. HashiCorp operates the infrastructure, allowing organizations to get up and running quickly. HCP Vault provides a consistent user experience compared to a self-managed Vault cluster. You can use the same Vault clients to communicate with HCP Vault Dedicated as you use to communicate with self-managed Vault.
If an organization chooses to allow a public connection, the Vault Dedicated cluster will have an associated public address where clients can directly connect to Vault. Most often an organization disables the public connection for improved security. The organization can then establish a peering connection between their cloud provider and a HashiCorp Virtual Network (HVN). This ensures that only trusted clients (users, applications, containers, etc.) running in the peered public cloud provider connect to Vault and avoid systems outside of the selected network attempting to connect.
Self-managed vs. HCP Vault Dedicated cluster
Here is a quick comparison between a self-managed Vault cluster and an Vault Dedicated cluster.
Self-managed | HCP Vault Dedicated | |
---|---|---|
Vault Edition | Vault Community Edition or Vault Enterprise | Vault Enterprise |
Storage backend | Choose one and self-manage | Integrated Storage |
Seal | Seal uses Shamir's Secret Sharing algorithm to generate key shares by default. | Auto-unseal is configured. A unique Key Management Service (KMS) key is created for each cluster. |
Vault version | Self-manage the upgrade process | The minor versions are upgraded for you automatically. See the Vault Version documentation for more detail. |
Top-level Namespace | root | admin |
Root/admin token | Vault initialization process generates a root token. To regenerate a root token, unseal keys or recovery keys are required. | Click on the Generate token button via Vault Dedicated Portal returns an admin token which is valid for 6 hours. |
Advanced Data Protection (ADP) features | Available with license | Available with Vault Dedicated Plus. |
Enterprise Replication | DR Replication requires Enterprise Standard, and Performance Replication is part of Enterprise Premium. | Performance Replication is available with Vault Dedicated Plus. |
Auth methods | No limitation | A subset of available auth methods have been validated on Vault Dedicated. Additional auth methods will be validated over time. Refer to Validated secrets engines and auth methods documentation for more details. |
Secrets Engines | No restriction | A subset of available secrets engines have been validated on Vault Dedicated. Additional secrets engines will be validated over time. Refer to the Security Overview documentation for more details. |
Cluster Scaling | No built in feature to scale the cluster size up or down. | Scale your cluster size dynamically via the HashiCorp Cloud Platform Portal or Terraform. |
Sentinel | Available with license | Available with Vault Dedicated Plus. |
To learn more about Vault Dedicated pricing, visit the HCP Vault Dedicated Pricing and HCP Billing documentation pages.
Next steps
Create your first HCP Vault Dedicated cluster to get started. Go through each tutorial in this series for an overall tour of HCP Vault Dedicated.