open-vault/website/content/docs/interoperability-matrix.mdx
hc-github-team-secure-vault-core e087301248
backport of commit d0997baebcde52ac725b4c72bb18328431998c95 (#22608)
Co-authored-by: Adam Rowan <92474478+bear359@users.noreply.github.com>
2023-08-29 09:00:01 -07:00

96 lines
11 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
layout: docs
page_title: Vault Interoperability Matrix
description: Guide to viewing which partners Vault integrates with.
---
# Vault interoperability matrix
Vault integrates with various appliances, platforms and applications for different use cases. Below are two tables indicating the partners product that has been verified to work with Vault for [Auto Unsealing](/vault/docs/concepts/seal#auto-unseal) / [HSM Support](/vault/docs/enterprise/hsm) and [External Key Management](https://vaultproject.io/use-cases/key-management).
Auto Unseal and HSM Support was developed to aid in reducing the operational complexity of keeping the unseal key secure. This feature delegates the responsibility of securing the unseal key from users to a trusted device or service. At startup Vault will connect to the device or service implementing the seal and ask it to decrypt the root key Vault read from storage.
Vault centrally manages and automates encryption keys across environments allowing customers to control their own encryption keys used in third party services or products.
## Vault seal and HSM interoperability
The below table shows the partner product and if the partners technology works with each individual seal component.
| Partner | Product | Auto Unseal <br/> (Vault 0.9+) | Entropy Augmentation <br/>(Vault 1.3+) | Seal Wrap <br/>(Vault 0.9+) | Managed Keys <br/> (Vault 1.10+) | Min. Vault Version Verified |
| ----------------- | -------------------------------------- | ------------ | -------------------- | ------------ |-------------- | --------------------------- |
| AliCloud | AliCloud KMS | Yes | No | Yes | No | 0.11.2 |
| Atos | Trustway Proteccio HSM | Yes | Yes | Yes | No | 1.9 |
| AWS | AWS KMS | Yes | Yes | Yes | Yes | 0.9 |
| Crypto4a | QxEDGE™ HSP | Yes | Yes | Yes | Yes | 1.9 |
| Entrust | nShield HSM | Yes | Yes | Yes | Yes | 1.3 |
| Fortanix | FX2200 Series | Yes | Yes | Yes | No | 0.10 |
| FutureX | Vectera Plus, KMES Series 3 | Yes | Yes | Yes | Yes | 1.5 |
| FutureX | VirtuCrypt cloud HSM | Yes | Yes | Yes | Yes | 1.5 |
| Google | GCP Cloud KMS | Yes | No | Yes | Yes | 0.9 |
| Marvell | Cavium HSM | Yes | Yes | Yes | Yes | 1.11 |
| Microsoft | Azure Key Vault | Yes | No | Yes | Yes | 0.10.2 |
| Oracle | OCI KMS | Yes | No | Yes | No | 1.2.3 |
| PrimeKey | SignServer Hardware Appliance | Yes | Yes | Yes | No | 1.6 |
| Qrypt | Quantum Entropy Service | No | Yes | No | No | 1.11 |
| Quintessence Labs | TSF 400 | Yes | Yes | Yes | No | 1.4 |
| Securosys SA | Primus HSM | Yes | Yes | Yes | Yes | 1.7 |
| Thales | Luna HSM | Yes | Yes | Yes | Yes | 1.4 |
| Thales | Luna TCT HSM | Yes | Yes | Yes | Yes | 1.4 |
| Thales | CipherTrust Manager | Yes | Yes | Yes | No | 1.7 |
| Utimaco | HSM | Yes | Yes | Yes | Yes | 1.4 |
| Yubico | YubiHSM 2 | Yes | Yes | Yes | No | 1.5 |
<span style={{display:'block', textAlign:'right', fontSize:'12px'}}><em>Last Updated May 03, 2023</em></span>
## Vault as an external key management system (EKMS)
Partners who integrate with Vault to have Vault store and/or manage encryption keys with their products
~> Note: HCP Vault Verified means that the integration has been verified to work with HCP Vault. All integrations have been verified with Vault self-managed.
<span style={{fontSize:'12px'}}>
Vault Secrets Engine Key: EKM Provider = <a href="/docs/platform/mssql">Vault EKM provider for SQL server</a>; K/V = <a href="/docs/secrets/kv">K/V secrets engine</a>; KMSE = <a href="/docs/secrets/key-management">Key Management Secrets Engine</a>; KMIP = <a href="/docs/secrets/kmip">KMIP Secrets Engine</a>; PKCS#11 = <a href="/docs/enterprise/pkcs11-provider">PKCS#11 Provider</a>; Transit = <a href="/docs/secrets/transit">Transit Secrets Engine</a>
</span>
| Partner | Product | Vault Secrets Engine | Min. Vault Version Verified | HCP Vault Verified |
| ----------------- | ------------------------ | -------------------- | --------------------------- | ------------------- |
| AWS | AWS KMS | KMSE | 1.8 | Yes |
| Baffle | Shield | K/V | 1.3 | No |
| Bloombase | StoreSafe | KMIP | 1.9 | N/A |
| Cloudian | HyperStore 7.5.1 | KMIP | 1.12 | N/A |
| Cockroach Labs | Cockroach Cloud DB | KMSE | 1.10 | N/A |
| Cockroach Labs | Cockroach DB | Transit | 1.10 | Yes |
| Commvault Systems | CommVault | KMIP | 1.9 | N/A |
| Cribl | Cribl Stream | K/V | 1.8 | Yes |
| DataStax | DataStax Enterprise | KMIP | 1.11 | Yes |
| Dell | PowerMax | KMIP | 1.12.1 | N/A |
| EnterpriseDB | Postgres Advanced Server | KMIP | 1.12.6 | N/A |
| Garantir | GaraSign | Transit | 1.5 | Yes |
| Google | Google KMS | KMSE | 1.9 | N/A |
| HPE | Exmeral Data Fabric | KMIP | 1.2 | N/A |
| Intel | Key Broker Service | KMIP | 1.11 | N/A |
| JumpWire | JumpWire | K/V | 1.12 | Yes |
| Micro Focus | Connected Mx | Transit | 1.7 | No |
| Microsoft | Azure Key Vault | KMSE | 1.6 | N/A |
| Microsoft | MSSSQL | EKM Provider | 1.9 | No |
| MinIO | Key Encryption Service | K/V | 1.11 | No |
| MongoDB | Atlas | KMSE | 1.6 | N/A |
| MongoDB | MongoDB Enterprise | KMIP | 1.2 | N/A |
| MongoDB | Client Libraries | KMIP | 1.9 | N/A |
| NetApp | ONTAP | KMIP | 1.2 | N/A |
| NetApp | StorageGrid | KMIP | 1.2 | N/A |
| Nutanix | AHV/AOS 6.5.1.6 | KMIP | 1.12 | N/A |
| Ondat | Trousseau | Transit | 1.9 | Yes |
| Oracle | MySQL | KMIP | 1.2 | N/A |
| Oracle | Oracle 19c | PKCS#11 | 1.11 | N/A |
| Percona | Server 8.0 | KMIP | 1.9 | N/A |
| Percona | XtraBackup 8.0 | KMIP | 1.9 | N/A |
| Snowflake | Snowflake | KMSE | 1.6 | N/A |
| VMware | vSphere 7.0, 8.0 | KMIP | 1.2 | N/A |
| VMware | vSan 7.0, 8.0 | KMIP | 1.2 | N/A |
| Yugabyte | Yugabyte Platform | Transit | 1.9 | No |
<span style={{display:'block', textAlign:'right', fontSize:'12px'}}><em>Last Updated August 25, 2023</em></span>
Please reach out to [technologypartners@hashicorp.com](mailto:technologypartners@hashicorp.com) if there are any questions on the above tables.
Missing an integration? Join the [Vault Integration Program](/vault/docs/partnerships) and get the integration listed.