Transit secrets engine
The primary use case for transit is to encrypt data from applications while still storing that encrypted data in some primary data store.
Use case
Data encryption and tokenization
Secure application data with one centralized workflow that resides in untrusted or semi-trusted systems outside of Vault.
Challenge
Protecting sensitive data across clouds, applications, and systems
Adhering to PCI-DSS and HIPAA guidlines when choosing the right data protection solution can be complicated. Securely handeling data such as social security numbers, credit card numbers, and other types of compliance-regulated information can be complication when it resides within your systems, such as on a file systems, or in a database, so it must be protected in the event of a compromise.
Solution
Vault’s various data protection capabilities are designed to satisfy a full range of security and usability needs such as providing traditional data encryption, format-preserving encryption (FPE), data masking, data tokenization, centralized key management, and much more to simplify protecting data in transit and at rest across clouds and datacenters.
Resources
Docs
Explore all
Tutorials
Explore all
Transit secrets engine
The transit secrets engine handles cryptographic functions on data in transit.
Transform secrets engine
Transform secrets engine handles secure data transformation and tokenization against the provided secrets.
Tokenize data with Transform secrets engine
Transform secrets engine has a data transformation method to tokenize sensitive data stored outside of Vault.
Encrypting data while preserving formatting with HashiCorp Vault
Transform is a secrets engine that allows Vault to encode and decode sensitive values residing in external systems such as databases or file systems.