Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Question: credstash vs hashicorp vault #60
Hello @DanyC97. The simple explanation is that I wrote credstash before hashicorp released vault :) I wrote the first super-hacky version in December 2014, right after AWS launched KMS and I wanted a simple utility that would use KMS to manage secrets used in shell scripts and bits of our CI/CD system. We used credstash internally (at Fugue) for several months before we Apache2'd it. A few days after we opened up credstash (https://blog.fugue.co/2015-04-21-aws-kms-secrets.html), hashicorp launched vault.
Vault is really neat and they do some cool things (dynamic secret generation, key-splitting to protect master keys, etc.), but there are still some reasons why you might pick credstash over vault:
That said, if you want to do master key splitting, are not running on AWS, care about things like dynamic secret generation, have a trust boundary that's smaller than an instance, or want to use something other than AWS creds for AuthN/AuthZ, then vault may be a better choice for you.
Hope that answers your question!
@alex-luminal much thanks!!
Keep up the good work and don't give up on improving it. I'll try to integrate it with Saltstack and so will let you know once is ready.