open-vault/website/source/guides/secret-mgmt/index.html.md

layout	page_title	sidebar_current	description
guides	Secrets Management - Guides	guides-secret-mgmt	A very common use case of Vault is to manage your organization's secrets from storing credentials and API keys to encrypting passwords for user signups. Vault is meant to be a solution for all secret management needs.

Secrets Management

Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret while providing tight access control and recording a detailed audit log.

Secrets Management guides demonstrate features in Vault to securely store your secrets.

• Static Secrets guide walks you through the steps to write secrets in Vault, and control who can access them.

• Versioned KV Secret Engine guide demonstrates the secret versioning capabilities provided by KV Secret Engine v2.

• Secret as a Service: Dynamic Secrets guide demonstrates the Vault feature to generate database credentials on-demand so that each application or system can obtain its own credentials, and its permissions can be tightly controlled.

• Database Root Credential Rotation guide walks you through the steps to enable the rotation of the database root credentials for those managed by Vault.

• Cubbyhole Response Wrapping guide demonstrates a secure method to distribute secrets by wrapping them where only the expecting client can unwrap.

• One-Time SSH Password guide demonstrates the use of SSH secrets engine to generate a one-time password (OTP) every time a client wants to SSH into a remote host.

• Build Your Own Certificate Authority guide walks you through the use of the PKI secrets engine to generate dynamic X.509 certificates.

• Direct Application Integration guide demonstrates the usage of Consul Template and Envconsul tool to retrieve secrets from Vault with no or minimum code change to your applications.