Secret Server (originally from Thycotic, now from Delinea since the 2021 Thycotic merger with Centrify) is an enterprise password management application, which is available with either a cloud-based or on-premise deployment which emphasizes fast deployment, scalability, and simplicity.
N/A
HashiCorp Vault
Score 8.4 out of 10
N/A
HashiCorp offers Vault, an encryption tool of use in the management of secrets including credentials, passwords and other secrets, providing access control, audit trail, and support for multiple authentication methods. It is available open source, or under an enterprise license.
Great for managing access to secrets and servers and is more secure than storing passwords in a browser. The browser plugin to autofill passwords works well. Being able to schedule access ahead of time is a big plus for me as I can be forgetful. If you want a lightweight password vault, however, it may not be the best choice.
Vault is a reliable and resilient as the Key Management System. It is not for the novice user that does not have a background in information security. It requires a significant time investment into the different key engines that the solution offers to get started. It works very well once implemented and is very flexible in general.
The sharing functionality NEEDS improvement. We share most passwords at a group level, but then it becomes impossible to share them with a dynamic group and one or two one-off people as well. This is a major shortcoming.
I don't love the interface. I feel like there is an attempt at a dashboard, but it is really not effective.
I've heard, but never seen, that the software can actually change passwords in the target systems. If this is part of its deliverable, I do not know how to use it, and I don't know how you would do that. Seems like a great feature for password management.
HashiCorp Vault is the best there is out there, and it has become critical to our secret management use cases. It would be difficult to find anything that would suit our needs better and that would be beneficial for us to switch over to.
My rating is purely based on the configurational activities, as feature-wise delineation has all the features that are very beneficial for customers, though the implementation is a bit more manual work, which can be reduced with a low-code platform. Along with that, we can have a better UI to have intuitiveness and can manage the platform for shared customers in a better way. Overall, it is a very good tool for PAM.
We spent a little more time than we imagined to conceptually understand how HashiCorp Vault operates, as well as how it is configured. This is not trivial, and keep in mind that you will need to take some time to get a thorough understanding of the tool. The documentation could be more helpful in this regard.
Hashicorp has been very responsive to our questions and inquiries up to this point. We are currently working on them to develop a more granular permissions model within Vault. We are very close to achieving our objectives with the help of their support team. We do not seem to be in the same time zone which makes it hard for escalated issues.
We explored Jum Cloud and ManageEngine. Delinea is comparable in terms of features; however, the implementation of these tools differs. Delinea is a bit more manual than the other two. However, the licensing and overall ROI are better for Delinea, as it provides almost all market-ready solutions and has a robust licensing mechanism, resulting in a better ROI.
HashiCorp Vault integrates with a lot of tools and systems, and the documentation was pretty robust with a lot of community help. Because HashiCorp Vault is also older than other solutions, it is already well developed with a lot of features you need for storing secrets and configuration. HashiCorp Vault is also friendlier towards application build and is focused in providing security and a lot of customization for almost any use case scenario. Bitwarden is more limited to password management of enterprise accounts, but for application usage is not that great or easy to integrate. It does not scale well also. AWS Secrets Manager on the other hand is really good but more limited to AWS applications and vendor lock is problematic as well for such a critical piece of infrastructure.
The best return on investment is that all of our passwords are now up to date and usable by everyone in the department. The old way could only be accessed by one person at a time, and it was frequently wrong.
We save a lot of time in IT by having the passwords easily accessible. We also meet our security audit objectives by using this app instead of, say, an Excel spreadsheet or an old application that is no longer supported, as was the case at a previous workplace.
With the size of our department, we don't have enough passwords to go beyond the free version. It's fully functional, but it costs nothing (except some resources on a VM). ROI on free can't be beat.
