Comparing Versions of Vault

Vault provides flexible secret management tailored to your deployment needs. You can run Vault:

Self-Hosted: Open Source or Enterprise edition managed by you.
Managed (HCP): Fully-hosted Vault service on HashiCorp Cloud Platform.

The image compares three versions of Vault: Open Source, Enterprise, and Vault on HCP, highlighting their features and management options.

Vault Editions Comparison

Edition	Deployment Model	Key Features
Open Source	Self-Hosted	Dynamic Secrets, ACL Policies, Auto Unseal, Local HA
Enterprise	Self-Hosted	DR & Performance Replication, Namespaces, HSM, Sentinel
HCP (Managed)	Fully Hosted (AWS; Azure/GCP planned)	Push-button Deploy, Auto Upgrades, Scalable HA

Vault Open Source

The Open Source edition of Vault is licensed freely and supports core secret-management capabilities:

Dynamic Secrets
Access Control Policies & ACL Templates
Auto Unseal (backported in Vault 1.0)
Unseal Workflows & Vault Agent
Local High Availability (3+ node clusters)
Full HTTP API for integrations

Although feature-rich, Open Source runs within a single data center or region and lacks:

Cross-datacenter replication
Built-in HSM or MFA integrations
Automated backup workflows

The image is a slide about "Vault – Open Source," highlighting its features and integrations, such as high availability and API integration, and noting limitations like no replication capabilities and limited scalability.

Vault Enterprise

Designed for large-scale, mission-critical deployments, Vault Enterprise extends the Open Source platform with:

Disaster Recovery & Performance Replication across regions
Multi-tenant Namespaces
Read Replicas for scaling read-heavy workloads
HSM Integration, FIPS 140-2, Seal Wrap
Sentinel policy-as-code enforcement
Automated Snapshot Agent for backups

Note

Vault Enterprise modules are sold separately. Contact your HashiCorp representative for licensing and feature add-ons.

The image is a slide titled "Vault – Enterprise" that lists features included in the enterprise version of Vault, such as access to all features, replication capabilities, and integration with applications. It also notes that it is not self-managed by HashiCorp.

Enterprise Modules

The base Enterprise Platform includes:

Namespaces
Disaster Recovery Cluster

Additional modules unlock advanced capabilities:

The image is a comparison chart of features between "Enterprise Platform" and "Enterprise Modules" for Vault Enterprise, highlighting categories like "Multi-Datacenter & Scale," "Governance & Policy," and "Advanced Data Protection."

Multi-Datacenter & Scale
- Replication (Performance & DR)
- Read Replicas
- Path Filtering
Governance & Policy
- Control Groups
- MFA Integration
- HSM & Seal Wrap
- Sentinel Policy Engine
Advanced Data Protection
- KMIP Interface
- Transform Secrets Engine

Vault on HashiCorp Cloud Platform (HCP)

HashiCorp Cloud Platform (HCP) delivers Vault Enterprise features as a managed service:

Push-button Deployment (Dev or Prod clusters)
Hourly Billing for proof-of-concept testing
Automatic Upgrades and Patching
Scalable, Highly Available Infrastructure
Reduced Operational Overhead

The image is a presentation slide about Vault on HashiCorp Cloud Platform (HCP), highlighting features like full management, click-button deployment, and expert support, with a diagram showing HashiCorp-managed and customer-managed components.

In HCP deployments, HashiCorp provisions your Vault cluster in their cloud account. Connect your applications using:

VPC Peering
Transit Gateway

Warning

Vault on HCP is currently available only on AWS. Azure and GCP support are planned for future releases.

To get started, visit:
https://cloud.hashicorp.com

Links and References

Watch Video

Watch video content