tedmiston

I considered Vault for a recent project but ultimately chose not to use it. I'd like to hear more discussion around the alternatives to Vault that you considered (there are many for different use cases) and why you ultimately chose Vault.

josegonzalez
We initially looked around, and here are a few alternatives:

    - Azure Key Vault: https://azure.microsoft.com/en-us/services/key-vault/
    - Blackbox: https://github.com/StackExchange/blackbox
    - CredStash: https://github.com/fugue/credstash
    - Lyft Confydant: https://github.com/lyft/confidant
    - Trousseau: https://github.com/oleiade/trousseau
    - Sneaker: https://github.com/codahale/sneaker
Some of these didn't exist when we were first investigating proper secret management, while others didn't fit as well with our deployment strategy. We're using what works when it makes sense - Blackbox is used in some repos, for instance - but I'll be sure the next time we have an internal doc like this that we cover why we didn't choose a different set of tools.

One thing we liked about Vault is that it built upon our usage of Consul and the http interface for Vault meant it was simple to plug into how we build and deploy services. While I'm sure some of these other tools would have had as good workflows, our experience in administrating Consul made it easier for us to have confidence in Vault.