Cyberlands.io - API Penetration Testing
VAULT comparison №4

Hashicorp VS CyberArk Conjur

Secrets management space has two major powers - those are Hashicorp and CyberArk. The vendors are known powerhouses for managing secrets.

Hashicorp is a younger one, CyberArk is a kind of incumbent facing fierce competitive pressure from Hashicorp in relation to the management of application secrets.
Which solution is better?
Deployment and setup
There are multiple reviews and end-user feedback on Hashicorp - it's difficult to implement when using Open Source edition. Enterprise edition is easier to implement and manage but still not really straightforward.


CyberArk Conjur has much smaller reviews in public, and overall is not such proven as Hashicorp in application secrets management space. At the same time, CyberArk definitely has a decent professional services organisation capable of helping with its installations across the entire lifecycle.
Scalability and flexibility
Hashicorp Vault is a known and proven solution used by leading banks and technology giants specifically for application-level secrets (Docker etc).

CyberArk might be even a leader in managing enterprise secrets, but make sure it supports the scale of your microservices architecture.
Hashicorp and CyberArk Conjur: Key Differences
Pricing
While Hashicorp has a free (Open Source) edition, its Enterprise edition can be priced hugely. At the same time, CyberArk also has Open Source edition and is known as flexible on pricing matter.

Also, please do not forget the basic rule of bargaining - keep your requirements to fit both vendors to ensure competition. Competition makes prices smaller and smaller, especially if you apply a tender procedure.
Summary
Hashicorp is an obvious choice if you need to manage secrets on application-level, and vice-versa - consider CyberArk if your use case is managing secrets from a broader enterprise perspective - not just application-level but also infrastructure level.


Each option solves a secrets management problem but bring a new problem - you'd have to implement and maintain it. If you consider getting help with this - check out our DevSecOps as a Service.


If you are not ready to consider the implementation of a tool - you can check out our Kubernetes Penetration Testing Service.
Cyberlands.io Team