| The comparison with Vault is somewhat misleading. - There are several free UIs available for Vault like https://github.com/djenriquez/vault-ui, they just aren't provided by Hashicorp - I'm not sure what "file secrets" might refer to other than storing the contents of a file, for which Vault's CLI provides shortcuts. - While Vault's generic k/v backend doesn't support purging expired values in order to avoid accidental data loss, there are plenty of other backends that integrate with AWS STS, Postgres, etc. to provide dynamic, short-lived credentials. - I'm not sure how Vault doesn't support encrypted backups seeing as the data is already encrypted on disk. Take EBS snapshots or something. - Versioning of secrets is a popular request and Hashicorp has some "vague plans" which is an improvement from "no plans." https://github.com/hashicorp/vault/issues/1364#issuecomment-... Plus you get a full REST API, a ton of auth methods, granular access policies, etc. |
Vault is a well regarded project that is designed to solve a broader set of problems than Strongbox (i.e. Vault has many different backends, more auth solutions etc.). While there are third party solutions and plans to get more convenience functionality into Vault, we decided to focus on what you would get out of the box today.
"file secrets" was intended to be that you can input a binary file directly either in the CLI or GUI without having to manually base64 encode it first. Please correct me if I'm wrong, but I think that is not currently possible with Vault? Strongbox used to require the user to base64 encode the binary file first as well.