HashiCorp Vault

Vault is the swiss army knife of secret storage — one system for static secrets, dynamic database creds, PKI, encryption-as-a-service, and more. Applications authenticate, receive short-lived tokens, and read secrets from logical paths instead of baking credentials into config files. A sealed Vault cannot serve requests until unsealed; policy misconfiguration and expired tokens are common production issues.