HashiCorp Vault is the enterprise standard for secrets management, providing a centralized system for controlling access to sensitive data across distributed infrastructure. 32K+ GitHub stars.
Dynamic secrets are generated on-demand for databases, cloud providers, and SSH, with automatic revocation after TTL expiry. This eliminates long-lived credentials and reduces blast radius of compromises.
Encryption as a service provides centralized key management and cryptographic operations without exposing keys to applications. Identity-based access ties authentication to trusted identity providers with fine-grained policies.
Supports 100+ auth methods and secret engines. Self-hosted or HCP Vault (managed cloud). Enterprise features include disaster recovery, performance replication, and namespaces for multi-tenancy.