Vault OSS Versus Enterprise

Vault OSS Versus Enterprise

Vault Open Source

The Open Source version of Vault is a great starting point for secrets management. This version of Vault can handle secrets management and works great for someone just getting started with Vault or for a company that wants to start improving its security posture.

When should you use Vault Open Source?

If you are just starting out, Vault Open Source is free to use. This makes it perfect for testing out how Secrets Management can improve your security posture. It should be your starting point for getting familiar with Vault and what it can do.

Vault Enterprise Pro

Vault Pro is a middle tier between Vault OSS and Vault Premium. The big draw of Vault Pro is the 9×5 Support form Hashicorp and the AWS KMS management for automatically unsealing Vault.

When should you upgrade to Vault Pro?

Vault Pro’s features make it a lot easier to use. Access to 9×5 support can help you answer questions about how to best use Vault while delegating unsealing responsibilities to AWS’ KMS will remove the need to have trusted users unseal Vault instances. This is a great way to reduce workload or if you need extra help with your setup.

Vault Enterprise Premium

Vault Premium increases the security and performance of the Vault Cluster considerably. It adds enhanced security features such as Multi-Factor Authentication through providers like Google, and Logic-based security policies through Hashicorp’s Sentinel. Vault Premium also allows for true high availability through being able to place read-only nodes.

When do I upgrade to Vault Enterprise Premium?

If you’re needing 3-4ms latency across multiple AZs then it makes sense to upgrade to Vault Enterprise Premium for features like being able to add read-only nodes to your cluster. Similarly, if you need very fine grain control of your secrets, you will need Vault Enterprise Premium. With Premium, you can control where your secrets replicate to prevent your American secrets from being on your European servers, or you can create in-depth security logic with Sentinel so that certain secrets require multiple employees to sign off on their use.

Vault is a massive step up for secrets management. When you are ready to take another huge step up for your security posture then it is time to upgrade to Vault Enterprise Premium.