Blog post 3 min read

Hashicorp Vault Pricing | Complete Guide [2024]

Published on
Authors
Blog image

What is Hashicorp Vault?

HashiCorp Vault is a source-available (note that HashiCorp recently made their products non-open-source) tool used for securely storing and accessing sensitive information such as credentials, API keys, tokens, and encryption keys. It provides a centralized solution for managing secrets and protecting critical data in modern cloud and application environments.

Note: If you are looking for alternatives to Vault, you can read this article. Whether you are looking for an On-prem installation or a Cloud SaaS product, Infisical might be a good option for you.

Hashicorp Vault Pricing

Hashicorp’s offerings can be broadly broken down into two products: Hashicorp Vault and Hashicorp Vault Secrets.

In addition, Hashicorp Vault has both community open source version as well as the Cloud version. The discussion below is mostly relevant to the Cloud version of Hashicorp Vault. The open source version comes with certain features available for free, though some of the most important features are hidden behind an enterprise license. In addition, when self-hosting, you also need to remember about hosting costs as well as the amount of resources (both financial and in terms of time) that it takes to set up a highly available version of Hashicorp Vault.

We will discuss both of these products in detail.

TL;DR

TierPriceExplanation
HCP Vault SecretsFree up to 25 secrets. Further pricing is unclear.New product that came out in June 2023. Note that this product is different from standard Hashicorp Vault.
Open Source & Self-hostedStarts for free (outside of personal hosting costs). Can scale dramatically as soon as you need any advanced features.Beware of price hikes.
DevelopmentStarts at $21.60/month.According to Hashicorp, this tier is only suitable for development and testing purposes as it does not scale.
StandardStarts at $13,634/year. Scales with the cluster size up to USD 65,604 per year. No clients are included by default - each additional client costs USD 1349 per year.This is the cheapest Vault tier that is suitable for production workflows. Beware of price hikes.
PlusStarts at $16,145/year. Scales with the cluster size up to USD 82,397 per year. No clients are included by default - each additional client costs USD 1349 per year.Includes features like cross-region performance replication as well as sentinel policies and control groups.
EnterpriseCustom; determined during a POC.Vault Enterprise comes with features like disaster recovery replication and resource quotas.

HCP Vault Secrets

In June 2023, Hashicorp announced a product called Vault Secrets. Please not that, as of January 2024, a fairly limited feature set with most of the functionality available only in Beta. This plan comes as a SaaS Cloud-only product, unlike other Hashicorp products which are typically open source.

This tier has recently come out of Beta. Because of that, according to Hashicorp's documentation, HCP Vault Secrets does not have an SLA or production-grade guarantee of availability. This makes this tier only ideal for testing out Hashicorp Vault or for personal projects.

In addition, some of the most important features in secrets management, inlcuding secret rotation, dynamic secrets, automated snapshots, and various authentication types (e.g., MFA, SSO) are unavailable.

Finally, the maximum number of secrets in an organization is limited to 200 for Hashicorp Vault Secrets, which makes it not a suitable option for even slightly larger projects. Teams are forced to move to any of the paid plans for more serious projects.

Hashicorp Vault

Hashicorp Vault is the original secret management product released by Hashicorp in 2015. It is important to note that there is no direct transition from the Hashicorp Vault Secrets to Hashicorp Vault. In fact, those can be considered as completely separate products (which can also be seen on the hashicorp web dashboard).

Hashicorp Vault pricing can seem fairly complex. Hashicorp provides 4 different plans: Development, Standard, Plus, and Enteprise. Each of this tiers has a base price and starts scaling with clients and clusters after that. Clients can be a fairly vague concept, but, in theory, they are unique applications, services, and/or users that authenticate to a HashiCorp Vault cluster.

Let's try to understand the differences among all 4 different pricing tiers.

1. Development

  • HCP Vault Development starts at $21.60/month (billed hourly).

  • This tier is only designed for development purposes as, according to Hashicorp, it will likely not scale even for slightly larger production use cases.

  • This tier includes up to 25 clients by default and can not scale any more than that.

2. Standard

  • HCP Vault Standard starts at $13,634/year (billed hourly).

  • This tier comes with most basic vault features as well as some auditing functionalities.

  • By default it comes with a small cluster size (2 vCPU and 8 GiB RAM). If you increase the cluster size to 4 vCPU and 16 GiB RAM, the base price will start at $27,708 per year. Finally, if you would like to increase the cluster size to 8 vCPU and 32 GiB RAM, the base price will start at USD 65,604 per year.

  • This tier includes no clients by default. Every client should be paid on top of the base price at the rate of $1349 per year for 1 client. The number of clients that you will have will largely depend on your usage. Typically, you can expect to have at least 50 clients for a mid-market company.

  • Depending on your negotiation skills and the desire to talk to sales, you should be able to get a discount from Hashicorp which can vary depending on your estimated contract size.

3. Plus

  • HCP Vault Plus starts at $16,145/year (billed hourly).

  • By default it comes with a small cluster size (2 vCPU and 8 GiB RAM). If you increase the cluster size to 4 vCPU and 16 GiB RAM, the base price will start at $32,342 per year. Finally, if you would like to increase the cluster size to 8 vCPU and 32 GiB RAM, the base price will start at USD 82,397 per year.

  • This tier includes no clients by default. The clients are priced the same as in the Standard Tier.

  • This tier includes features like cross-region performance replication as well as sentinel policies and control groups.

4. Enterprise:

  • Vault Enterprise comes with features like disaster recovery replication and resource quotas.

  • Enterprise pricing is largely hidden. It is very custom depending on your company's needs and can only be decided after talking to Hashicorp's sales team.

  • It is worth mentioning that Hashicorp is known for increasing prices after the first year of using their products. This can be seen here among other forums online.

Should you use Hashicorp Vault?

  • Hashicorp Vault is considered one of the best secret management products on the market.

  • Hashicorp Vault does not have a free tier (outside of Hashicorp Vault Secrets which is a different product currently in the beta stage), which can make it harder to be adopted by smaller companies. The cheapest production-ready tier starts at $13,634/year.

  • Hashicorp Vault's pricing may become completely unaffordable depending on the total number of clients you have – especially for companies that use Kubernetes and have a large number of microservices.

  • Enterprise pricing is not available on the website and requires talking to a sales representative. Hashicorp is known for increasing the pricing at every contract resigning.

Hashicorp Vault Alternative: Infisical

Infisical is an open source full-fledged secrets management platform. It helps you organize your secrets in a single end-to-end encrypted storage. From there on, you are able to distribute secrets wherever you need them:

  1. Locally as a replacement for .env files (automatically pull the latest version of secrets using Infisical CLI without any manual syncing needed).
  2. Into your CI/CD and production-level 3rd-party tools using Infisical's automatic integrations (e.g., Circle CI, GitHub Actions, Vercel, AWS).
  3. Into the infrastructure tools that you might already be using (e.g., Docker, Kubernetes, Terraform, Ansible).
  4. In production environment using SDKs, API, Infisical Agent, etc.

On top of that, Infisical provides automatic code scanning capabilities to prevent hardcoding secrets and leaking those to git.

If you want to read how Infisical compares to Hashicorp Vault, you can do so here.

Infisical Dashboard

Infisical Pricing

Infisical is free for teams up to 5 people. It includes all the integrations for free – whether it's an automatic sync to platforms like GitHub Actions, Vercel, Circle CI or a native integration with Docker, Kubernetes, Terraform.

If you need features like secret versioning, point-in-time recovery, access controls, SSO, or you simply want to get a larger team onboard – you can upgrade to one of Infisical's paid tiers which start at just $8 per months. If you need help figuring out the right tier, you can always schedule a quick cal with us here.

Starting with Infisical is simple, fast, and free.
Full Infisical Logo

PRODUCT

Secret Management

Secret Scanning

Share Secret

Pricing

Security

RESOURCES

Blog

Infisical vs Vault

Careers

Hiring

Forum

Open Source Friends

Customers

Company Handbook

Trust Center

LEGAL

Terms of Service

Privacy Policy

Subprocessors

Service Level Agreement

CONTACT

Team Email

Sales

Support