Skip to main content
  1. Blogs/

HashiCorp Vault Secrets Public Beta

·3 mins
Vault Cloud Golang Security Secrets
There’s a new cloud-based secret management solution on the block.

Vault
Photo by 8385 on Pixabay

Last month, HashiCorp, the company behind Terraform, Packer, and Vault, released a new public beta of their SaaS-based secrets management platform called HCP Vault Secrets. It’s a new offering of Vault that doesn’t require users to manage their own Vault cluster or think about the deployment aspects behind Vault. It can be spun up instantly in the HashiCorp Cloud Platform. Vault Secrets simplifies secret storage in the cloud and allows developers to get up and running quickly with a trusted platform to centrally manage secrets.

HashiCorp looks to be selling this as a means for syncing secrets to other CI and secret management tools like GitHub Actions and AWS Secrets Manager which would make it a great solution for centralising secrets and pushing them into tooling where required. It’s great to finally have an instantaneous “free” secret management solution from HashiCorp, but I’m curious to see how they end up pricing this after it’s out of beta. There are limitations during the beta as well that you should think about before attempting to use this solution for anything:

Resource Limit per organisation
Secrets 200
Secret Versions 20
Applications 20
Activity Logs Last 7 days
HashiCorp have more details on the current limitations here.

I’m going to attempt to use Vault Secrets in a small pet project I’m working on in my free time, so I had a go at writing a library to make the API easier to consume in my project’s backend. It’s called vlt-go and I pushed it onto my GitHub earlier today.

The main constraint I can see impacting my project in the near future is the limit to only 20 secret versions since there isn’t a way currently to throw away the first version of a secret in favour of the 21st. If someone needs to update a secret past version 20, they’ll either need to make an entirely new secret with a new name or delete the original secret in-order to re-create it with the same name. I made sure to add an error catch for the 20th version of a secret into the CreateSecret function in my library.

I decided to write this after I found another SDK from ssbostan which was a great start, but didn’t have all the functionality I was looking for in a library for this API. Specifically I was looking for one that supported creating and deleting a secret in Vault Secrets.

This is my first attempt at writing a library/SDK of any kind, so I welcome any feedback or comments on how I’ve gone about it.

Check out my vlt-go repo on GitHub