What is Password Vault?
A password vault is a system that stores passwords for various privileged accounts in a privileged account management system. Typically, passwords for privileged accounts are automatically changed (rotated) several times every day, and the current passwords are stored in the vault.
Password vaults are key element of traditional privileged access management (PAM). Many password vaults have evolved from securing passwords to storing other types of secrets as well, including SSH keys, API tokens and certificates. These are often called secrets vault.
However, other technologies have emerged to rival password vaults. In an ephemeral access paradigm, there is no need for storing, vaulting or rotating passwords or other types of secrets at all. In contrast, all secrets needed to establish a privileged connection are contained in an ephemeral certificate that is created on the fly at the time of establishing the connection. When the connection is made, the certificate - and the secrets within - simply expire. The privileged user never sees or handles the secrets, mitigating credential sharing risks.
In most cases, organizations use a hybrid model where they vault the secrets they need to while using a certificate based and passwordless authentication when viable.
Learn more about how to manage your secrets in a hybrid way with PrivX Secrets Vault.