AWS Certificate Manager is a service that lets users provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and internal connected resources.
N/A
HashiCorp Vault
Score 8.8 out of 10
N/A
HashiCorp offers Vault, an encryption tool of use in the management of secrets including credentials, passwords and other secrets, providing access control, audit trail, and support for multiple authentication methods. It is available open source, or under an enterprise license.
I would always recommend AWS Certificate Manager for anyone using AWS cloud services. The perfect scenario would be with your domain managed by AWS Route 53 as you can obtain auto renewal of certificates with really good security for all your public facing application that uses CloudFront, ALB or API Gateway.
HashiCorp Vault, in my opinion, is a defacto standard for any cloud or automation implementation. They're the best of the best as far as products for secrets management and the ability to use it against relatively any service you have is unheard of for other products. HashiCorp has really taken out all the stops when it comes to creating a nice, extensible tool that people can use to suit their needs.
HashiCorp Vault is the best there is out there, and it has become critical to our secret management use cases. It would be difficult to find anything that would suit our needs better and that would be beneficial for us to switch over to.
AWS historically has had very confusing interfaces. But in recent times they have improved them. AWS Certificate Manager is a clear sample of this. The interface is clear and straightforward, with no useless or cryptic options. Really I can't think of a way the interface could be better with the actual options available.
We spent a little more time than we imagined to conceptually understand how HashiCorp Vault operates, as well as how it is configured. This is not trivial, and keep in mind that you will need to take some time to get a thorough understanding of the tool. The documentation could be more helpful in this regard.
Hashicorp has been very responsive to our questions and inquiries up to this point. We are currently working on them to develop a more granular permissions model within Vault. We are very close to achieving our objectives with the help of their support team. We do not seem to be in the same time zone which makes it hard for escalated issues.
Easy to implement within a few clicks, or even from command line, the alternatives doesn't integrate that easy with AWS Application Load Balancers or AWS CloudFront
