Securing Secrets-Management Against Insider Threats

Hashicorp Vault is one of the most popular secrets-management solutions available today. Hashicorp helps manage API keys, passwords, certificates, and other important information in one centralized location.

However, Vault, like many applications, leverages a master key that is exposed in plaintext in memory—making it easily accessible to insiders. With that master key, a bad actor can simply decrypt Vault secrets and gain unfettered access to protected assets.

Now there’s a simple way to prevent this kind of threat—on premises, or in private and hybrid clouds. Anjuna Enterprise EnclavesTM software protects Vault secrets on any server or cloud that support secure enclaves.


Making the Vault accessible only when running in a secure enclave prohibits even an attacker with root-access from obtaining the authentication credentials needed for a zero-day protection attack. Anjuna also protects the auto-unseal process by encrypting key files with a seal key only accessible to a Vault running inside a secure enclave. This private key is protected at-rest and at runtime, eliminating any possibility of being stolen or a bad actor maliciously assuming the Vault’s identity.

And this broader level of protection happens within minutes—without changes to application code, processes, or the use of SDKs.

It’s simple to get started with the Azure confidential computing platform and Intel® Software Guard Extensions (SGX)-enabled CPUs to automatically establish a secure enclave that isolates and encrypts all application resources—in runtime, at rest, and on the network.

Anjuna Enterprise Enclave for Hashicorp is available on the Microsoft Azure confidential computing marketplace, or directly from Anjuna.



Anjuna Enterprise Enclaves encrypt Vault’s full stack, thus preventing any administrator from gaining access to Vault keys.

See the power of protection for yourself.

Contact us to learn how to protect your Hashicorp Vault now.