Konubinix' opinionated web of thoughts

Difference Between Vault and Traditional Privilege Access Management?

Fleeting

What is the difference between Vault and traditional privilege access management?

difference between Vault and traditional privilege access management really comes out of what problems they were created to originally solve.

https://www.hashicorp.com/resources/difference-between-vault-and-traditional-pam

log in to the PAM tool, I get the database password, and then I connect to it. And, oftentimes, these tools will even do things like session recording and session brokering

https://www.hashicorp.com/resources/difference-between-vault-and-traditional-pam

low-trust or a zero-trust network, how do my applications

https://www.hashicorp.com/resources/difference-between-vault-and-traditional-pam

web server needs a database username and password.

https://www.hashicorp.com/resources/difference-between-vault-and-traditional-pam

how does my web server connect to a cloud and use read and write data from S3?

https://www.hashicorp.com/resources/difference-between-vault-and-traditional-pam

We need to centrally manage those credentials, encrypt them, access control, and only give them out as needed in the least privileged way

https://www.hashicorp.com/resources/difference-between-vault-and-traditional-pam

Vault’s focus has really always been on applications and how they get access to endpoints and systems versus traditional privilege access management, which looks at ‘how do people get access?’

https://www.hashicorp.com/resources/difference-between-vault-and-traditional-pam

highly available, distributed globally, and fine-tuned to application access patterns versus doing relatively infrequent low-scale privilege access management.

https://www.hashicorp.com/resources/difference-between-vault-and-traditional-pam

pretty key distinguisher, in terms of ‘what’s the focus area’ and ‘what are the systems optimizing for?’

https://www.hashicorp.com/resources/difference-between-vault-and-traditional-pam