Vault Transform
Fleeting- External reference: https://learn.hashicorp.com/tutorials/vault/transform
- External reference: https://www.vaultproject.io/docs/secrets/transform
- External reference: https://www.hashicorp.com/products/vault/transform
Vault Transform
Transform is part of the
Vault Enterprise Advanced Data Protection (ADP) module
, allowing for Vault to protect secrets that reside in untrusted or semi-trusted systems outside of Vault. This includes data such as social security numbers, credit card numbers, and other types of compliance-regulated data that must reside within systems such as file systems or databases for performance but must be protected in the event of their residence system’s compromise.
Transform secrets engine handles secure data transformation and tokenization against provided input value
Tokenization exchanges a sensitive value for an unrelated value called a token. The original sensitive value cannot be recovered from a token alone, they are irreversible
Vault’s Transit secrets engine provides encryption service; however, the resulting ciphertext does not preserve the original data format or length