Organizations need to protect application data at rest and in transit (especially in a cloud environment). Vault can provide encryption as a service as a consistent API for key management and cryptography.
Based on your organization's needs, refer to some or all of the guides provided on this track to get you started.
The Encryption as a Service: Transit Secrets Engine guide walks you through the basic mechanism of the
transitsecrets engine.Refer to the Transit Secrets Re-wrapping guide for a code example to re-wrap the ciphertexts which were encrypted with an older version of the encryption key.
The Java Application Demo uses Spring Cloud Vault library to show an example of integrating Vault. This guide provides a comprehensive example using not only the
transitsecrets engine but also thedatabasesecrets engine which is introduced in the Secrets Management learn track.If you are running Vault Enterprise and integrating Vault with HSM, read the HSM Integration - Seal Wrap guide which introduces the Seal Wrap capability provided by Vault.