Vaultwarden vs Vault

scooke

We have two password managers here. I've been using Bitwarden (now called Vaultwarden) and like it. But I've noticed Vault... what's the difference in use? I've read the tech behind Vault, but I'm more curious if Vaultwarden covers all my bases; and for what would I use Vault instead of Vaultwarden (or vice versa)? Thanks!

necrevistonnezr

@scooke Vault is not a password-manager in the classical sense. AFAIK it's a tool to distribute passwords (and other secrets / files) in a secure way to other parties (e.g. provide the password to you MySQL database to an external developer).

Vault comes with various pluggable components called secrets engines and authentication methods allowing you to integrate with external systems. The purpose of those components is to manage and protect your secrets in dynamic infrastructure (e.g. database credentials, passwords, API keys).

See https://learn.hashicorp.com/tutorials/vault/getting-started-intro?in=vault/getting-started

rmdes

@scooke Vault is not Bit/Vaultwarden

Vault : https://www.vaultproject.io/

scooke

@rmdes Yep, that was clear. I'm curious if anyone uses both, and how the uses differ. Or has anyone picked one of them over the other, and why?

marcusquinn

@scooke Vault is really a developer tool. You'll be good with Bit/Vaultwarden.

fbartels

@scooke I think it really depends on the use case. Vaultwarden is a personal password manager. You store something in it and then you as the user look up entries in it (ok, with the bw cli you could also script this part).

Vault "manages secrets". Its a central webservice that automated processes query to get exactly the secrets they should have access to based on a pre-defined acl.

scooke

@fbartels Yes, I've been poking around and am quite lost. I don't I need this yet!

Quick question since I have your attention... the secrets/access/policies/tools that I enter.... are these for me and my various automated processes to access, and if so, they are access this through an API or something?? So far I still have to login in to view the details I've entered which is what I do with Vaultwarden. AND, since it's touted as a way to provide said secrets/access/policies/tools to others... they access it automatedly, or through an API which I guess I provide?

EDIT: No one needs to bother answering. I realize I'm asking alot. But if you have a few minutes to spare to answer, that would be fine. I'm reading that one link shared, https://learn.hashicorp.com/tutorials/vault/getting-started-intro?in=vault/getting-started, and thus far it hasn't answered my specific question above.

marcusquinn

@scooke Think of Vault as kinda like Bitwarden but for code to lookup with. Unless you're coding access to things, I don't think you'd need it.