Overview
Generate dynamic secrets, manage PKI certificates, and encrypt application data. Vault consolidates secrets storage, encryption, private PKI, and short-lived credentials for databases, cloud, SSH, and Kubernetes into a single console, with every operation recorded, fully auditable and consistent wherever your infrastructure runs.
Vault keeps the sensitive bytes in qibdo’s own vault engine; the control plane stores only
metadata, so secret payloads, key material, and private keys never leave the engine. Every resource belongs to a workspace, every change returns an operation that
completes in the same call, and every operation is recorded for audit.
Core resources
Section titled “Core resources”- Secrets: named, versioned containers of opaque secret bytes. Each version is immutable, so you can keep history and roll back to an earlier value.
- Encryption keys: named, versioned cryptographic keys you use without ever handling the key material. The service encrypts, decrypts, re-encrypts, signs, verifies, and generates data-encryption keys and random bytes on your behalf, with the key staying inside the engine.
- Private PKI: a certificate authority you run yourself. Define the certificate profiles you allow, then issue and revoke certificates against them and publish a revocation list.
- Dynamic credentials: short-lived credentials minted on demand for databases, cloud providers (AWS, GCP, and Azure), SSH, and Kubernetes, from per-source templates and workload identities. Each is tracked by a lease with a time-to-live and a maximum lifetime, so credentials expire on their own.
- Access policies: workspace-scoped policies layered on top of IAM that grant permissions on a pattern of resources, optionally narrowed by source IP or a time window.
- Operations and audit: every change returns an operation record that comes back already completed. Vault keeps an audit trail you can ship to a security pipeline, and never records a secret in the clear: any payload is reduced to a one-way hash.
Get started
Section titled “Get started” Store and read a secret Create a secret, add a version, and rotate it.
Access policies How workspace policies layer on IAM.
Secret versioning Immutable versions and their lifecycle.
Use cases
Section titled “Use cases”Reference architectures
Section titled “Reference architectures”Training and tutorials
Section titled “Training and tutorials”Related
Section titled “Related” IAM Gates every Vault call before policy evaluation.
Taxonomy Owns the workspace every resource is scoped to.
Security baseline Platform rules for handling secret material.