Need advice about which tool to choose?Ask the StackShare community!

AWS Key Management Service

208
148
+ 1
13
Vault

621
640
+ 1
68
Add tool

AWS Key Management Service vs Vault: What are the differences?

AWS Key Management Service: Easily create and control the encryption keys used to encrypt your data. AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys. AWS Key Management Service is integrated with other AWS services including Amazon EBS, Amazon S3, and Amazon Redshift. AWS Key Management Service is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs; Vault: Secure, store, and tightly control access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log.

AWS Key Management Service and Vault are primarily classified as "Data Security Services" and "Secrets Management" tools respectively.

Some of the features offered by AWS Key Management Service are:

  • Centralized Key Management
  • Integrated with AWS services
  • Encryption for all your applications

On the other hand, Vault provides the following key features:

  • Secure Secret Storage: Arbitrary key/value secrets can be stored in Vault. Vault encrypts these secrets prior to writing them to persistent storage, so gaining access to the raw storage isn't enough to access your secrets. Vault can write to disk, Consul, and more.
  • Dynamic Secrets: Vault can generate secrets on-demand for some systems, such as AWS or SQL databases. For example, when an application needs to access an S3 bucket, it asks Vault for credentials, and Vault will generate an AWS keypair with valid permissions on demand. After creating these dynamic secrets, Vault will also automatically revoke them after the lease is up.
  • Data Encryption: Vault can encrypt and decrypt data without storing it. This allows security teams to define encryption parameters and developers to store encrypted data in a location such as SQL without having to design their own encryption methods.

"Integrated with AWS CloudTrail" is the top reason why over 3 developers like AWS Key Management Service, while over 11 developers mention "Secure" as the leading cause for choosing Vault.

Vault is an open source tool with 13.2K GitHub stars and 1.98K GitHub forks. Here's a link to Vault's open source repository on GitHub.

DigitalOcean, Redox Engine, and SoFi are some of the popular companies that use Vault, whereas AWS Key Management Service is used by Slack, StreetHawk, and Giant Swarm. Vault has a broader approval, being mentioned in 71 company stacks & 17 developers stacks; compared to AWS Key Management Service, which is listed in 27 company stacks and 5 developer stacks.

Get Advice from developers at your company using Private StackShare. Sign up for Private StackShare.
Learn More
Pros of AWS Key Management Service
Pros of Vault
  • 5
    Integrated with AWS CloudTrail
  • 4
    Backed by Amazon
  • 4
    KMS
  • 16
    Secure
  • 11
    Very easy to set up and use
  • 11
    Variety of Secret Backends
  • 8
    Dynamic secret generation
  • 5
    AuditLog
  • 3
    Leasing and Renewal
  • 3
    Privilege Access Management
  • 2
    Open Source
  • 2
    Consol integration
  • 2
    Handles secret sprawl
  • 2
    Variety of Auth Backends
  • 2
    Easy to integrate with
  • 1
    Multicloud

Sign up to add or upvote prosMake informed product decisions

- No public GitHub repository available -

What is AWS Key Management Service?

AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys. AWS Key Management Service is integrated with other AWS services including Amazon EBS, Amazon S3, and Amazon Redshift. AWS Key Management Service is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.

What is Vault?

Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log.

Need advice about which tool to choose?Ask the StackShare community!

What companies use AWS Key Management Service?
What companies use Vault?
See which teams inside your own company are using AWS Key Management Service or Vault.
Sign up for Private StackShareLearn More

Sign up to get full access to all the companiesMake informed product decisions

What tools integrate with AWS Key Management Service?
What tools integrate with Vault?

Sign up to get full access to all the tool integrationsMake informed product decisions

Blog Posts

May 21 2020 at 12:02AM

Rancher Labs

KubernetesAmazon EC2Grafana+12
3
1273
What are some alternatives to AWS Key Management Service and Vault?
Azure Key Vault
Secure key management is essential to protect data in the cloud. Use Azure Key Vault to encrypt keys and small secrets like passwords that use keys stored in hardware security modules (HSMs). For more assurance, import or generate keys in HSMs, and Microsoft processes your keys in FIPS 140-2 Level 2 validated HSMs (hardware and firmware). With Key Vault, Microsoft doesn’t see or extract your keys. Monitor and audit your key use with Azure logging—pipe logs into Azure HDInsight or your security information and event management (SIEM) solution for more analysis and threat detection.
F5
It powers apps from development through their entire life cycle, so our customers can deliver differentiated, high-performing, and secure digital experiences.
Acra
It provides data protection in distributed applications, web and mobile apps with PostgreSQL, MySQL, KV backends through selective encryption.
AWS CloudHSM
The AWS CloudHSM service allows you to protect your encryption keys within HSMs designed and validated to government standards for secure key management. You can securely generate, store, and manage the cryptographic keys used for data encryption such that they are accessible only by you. AWS CloudHSM helps you comply with strict key management requirements without sacrificing application performance.
IBM QRadar
It is an enterprise security information and event management (SIEM) product. It includes out-of-the-box analytics, correlation rules and dashboards to help customers address their most pressing security use cases — without requiring significant customization effort.
See all alternatives