Use case

Inject secrets into Terraform

Automate the usage of dynamically generated secrets and credentials.


Long-living credentials pose a major risk for users and organizations

Many organizations have credentials hard coded in source code, littered throughout configuration files and configuration management tools, and stored in plain text in version control, wikis, and shared volumes. Safeguarding and ensuring that a credential isn’t leaked, or in the likelihood it is, that the organization can quickly revoke access and remediate, is a complex problem to solve.


Create automated short-lived dynamic credentials across your environments

A dynamic secret is generated on demand and is unique to a client, as opposed to a static secret, which is defined ahead of time and shared. HashiCorp Vault associates each dynamic secret with a lease and automatically destroys the credentials when the lease expires. Vault supports dynamic secrets with a wide range of systems and is easily extensible with plugins.

Customer case study

A unified plan for secrets

This business planning software company uses HashiCorp Vault to cut the time spent on secrets management in half.

Ready to get started?

Automate the usage of dynamically generated secrets and credentials.

What are dynamic secrets and why do I need them?

Keeping the same keys, passwords, and credentials for months or years is extremely risky. Modern security principles dictate that you should rotate your secrets to make it more difficult for hackers to exploit them long-term if they get them.