HashiCorp Cloud Platform (HCP) Vault is a fully managed platform of Vault which is operated by HashiCorp allowing organizations to get up and running quickly. HCP Vault provides a consistent user experience compared to a self-managed Vault cluster. You can use the same Vault clients to communicate with HCP Vault as you use to communicate with a self-managed Vault.
If an organization chooses to allow a public connection, the HCP Vault cluster will have an associated public address where clients can directly connect to Vault. Most often, an organization disables the public connection for security. The organization can establish a VPC peering from their VPC and HashiCorp Virtual Network (HVN). By doing so, you can ensure that trusted clients (users, applications, containers, etc.) running inside the VPC connect to Vault and avoid systems outside of your selected network attempting to connect.
»Self-managed vs. HCP Vault cluster
Here is a quick comparison between a self-managed Vault cluster and an HCP Vault cluster.
|Vault Edition||Vault OSS or Vault Enterprise||Vault Enterprise|
|Storage backend||Choose one and self-manage||Integrated Storage|
|Seal||Seal uses Shamir's Secret Sharing algorithm to generate key shares by default.||Auto-unseal is configured. A unique Key Management Service (KMS) key is created for each cluster.|
|Vault version||Self-manage the upgrade process||The minor versions are upgraded for you automatically. See the Vault Version documentation for more detail.|
|Root/admin token||Vault initialization process generates a ||Click on the Generate token button via HCP Vault Portal returns an |
|Advanced Data Protection (ADP) features||Available with license||Currently, not available|
|Enterprise Replication||DR Replication requires Enterprise Standard, and Performance Replication is part of Enterprise Premium.||Performance Replication is available with HCP Vault Plus.|
|Auth methods||No limitation||A subset of available auth methods have been validated on HCP Vault. Additional auth methods will be validated over time. Refer to Security Overview documentation for more details.|
|Secrets Engines||No restriction||A subset of available secrets engines have been validated on HCP Vault. Additional secrets engines will be validated over time. Refer to the Security Overview documentation for more details.|
|Cluster Scaling||No built in feature to scale the cluster size up or down.||Scale your cluster size dynamically via the HashiCorp Cloud Platform Portal or Terraform.|
Create your first HCP Vault cluster to get started. Go through each tutorial in this series for an overall tour of HCP Vault.