A credential vault is a database used to store passwords and similar cryptographic key material. The most common data stored in a credential vault are current and historical passwords to privileged accounts.
Credential vaults present unique design requirements, as compared to databases with other contents:
- All passwords and keys must be encrypted, to protect against disclosure to an attacker who has compromised the physical storage media where credentials are stored or backed up.
- Contents of the vault must replicated to and accessible in multiple physical locations, so that a service disruption at one location does not make passwords or keys unavailable at other locations.
- Access to contents of the vault must be subject to access controls, so that different (authenticated) users are able to fetch different sets of passwords or keys.
- Access to contents of the vault must be audited, to create accountability for use of privileged IDs.
Hitachi ID Privileged Access Manager includes a robust, geographically replicated, multi-master credential vault.