mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-06 14:47:01 +02:00
Code Issues Projects Releases Wiki Activity
04e75372fb
vault/website/content/docs/interoperability-matrix.mdx
Adam Rowan 2076decac0
Update interoperability-matrix.mdx (#29189) 
Updating to include new Blockdaemon integration
2024-12-13 15:48:44 -05:00

199 lines
12 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: Vault interoperability matrix
description: >-
Reference list of Vault integration partners
---
# Vault interoperability matrix
To support a variety of use cases, Vault verifies protocol implementation and
integrations with partner products, appliances, and applications that support
advanced data protection features.
<Highlight title="Is your integration missing?">
Join the [Vault integration program](/vault/docs/partnerships) to get your
integration verified and added or reach out to
[technologypartners@hashicorp.com](mailto:technologypartners@hashicorp.com)
with questions.
</Highlight>
## IPv6 validation and compliance
[Vault Enterprise supports IPv6](https://www.hashicorp.com/trust/compliance/vault-enterprise)
in compliance with OMB Mandate M-21-07 and Federal IPv6 policy requirements
for the following operating systems and storage backends.
**Self-attested testing covers functionality related to HSM, FIPS 140-2, and
HSM/FIPS 140-2.**
Operating system | OS version | Validation | Vault version
---------------- | ------------------------------ | ------------ | -----------------------
FreeBSD | N/A | N/A | Untested
Linux | Amazon Linux (versions 2023) | Self-attested | ent-1.18+
Linux | openSUSE Leap (version 15.6) | Self-attested | ent-1.18+
Linux | RHEL (versions 8.10, 9.4) | Self-attested | ent-1.18+
Linux | SUSE SLES (version 15.6) | Self-attested | ent-1.18+
Linux | Ubuntu (versions 20.04, 24.04) | Self-attested | ent-1.18+
MacOS | N/A | N/A | Untested
NetBSD | N/A | N/A | Untested
OpenBSD | N/A | N/A | Untested
Windows | N/A | N/A | Untested
<span style={{display:'block', textAlign:'right', fontSize:'12px'}}>
<em>
<b>Last Updated</b>:
October 14, 2024
</em>
</span>
<Note title="IPv6 limitations for Windows">
IPv6 does not work with external plugins (plugins not built into Vault) when
running on Windows in server mode because they default to IPv4 and Vault
cannot override that behavior.
</Note>
Backend storage system | Validation | Vault version
----------------------- | ------------- | -----------------------
Consul | N/A | Untested
Integrated Raft storage | Self-attested | ent-1.18+
<span style={{display:'block', textAlign:'right', fontSize:'12px'}}>
<em>
<b>Last Updated</b>:
October 14, 2024
</em>
</span>
## Auto unsealing and HSM support
Hardware Security Module (HSM) support reduces the operational complexity of
securing unseal keys by delegating the responsibility of securing unseal keys to
trusted devices or services (instead of humans). At startup, Vault connects to
the delegate device or service and provides an encrypted root key for
decryption.
Vault implements HSM support with the following features:
Feature | Introduced
-------------------------------------------------------------------- | ----------
[Auto unsealing](/vault/docs/concepts/seal#auto-unseal) | Vault 0.9
[Entropy augmentation](/vault/docs/enterprise/entropy-augmentation) | Vault 1.3
[Seal wrapping](/vault/docs/enterprise/sealwrap) | Vault 0.9
The following table outlines the implementation status of HSM-related features
for partners products and the minimum Vault version required for verified
functionality.
| Partner | Product | Auto unseal | Entropy augment | Seal wrap | Managed keys | Vault verified
| ----------------- | -------------------------------------- | ----------- | --------------- | --------- |------------- | -------------
| AliCloud | AliCloud KMS | Yes | **No** | Yes | **No** | 0.11.2+
| Atos | Trustway Proteccio HSM | Yes | Yes | Yes | **No** | 1.9+
| AWS | AWS KMS | Yes | Yes | Yes | Yes | 0.9+
| Blockdaemon | Blockdaemon Builder Vault | Yes | **No** | Yes | **No** | 1.17.5+
| Crypto4a | QxEDGE&tm; HSP | Yes | Yes | Yes | Yes | 1.9+
| Entrust | nShield HSM | Yes | Yes | Yes | Yes | 1.3+
| Fortanix | FX2200 Series | Yes | Yes | Yes | **No** | 0.10+
| FutureX | Vectera Plus, KMES Series 3 | Yes | Yes | Yes | Yes | 1.5+
| FutureX | VirtuCrypt cloud HSM | Yes | Yes | Yes | Yes | 1.5+
| Google | GCP Cloud KMS | Yes | **No** | Yes | Yes | 0.9+
| Marvell | Cavium HSM | Yes | Yes | Yes | Yes | 1.11+
| Microsoft | Azure Key Vault | Yes | **No** | Yes | Yes | 0.10.2+
| Oracle | OCI KMS | Yes | **No** | Yes | **No** | 1.2.3+
| PrimeKey | SignServer Hardware Appliance | Yes | Yes | Yes | **No** | 1.6+
| Private Machines | ENFORCER Blade | Yes | **No** | Yes | **No** | 1.17.3+
| Qrypt | Quantum Entropy Service | **No** | Yes | **No** | **No** | 1.11+
| Quintessence Labs | TSF 400 | Yes | Yes | Yes | **No** | 1.4+
| Securosys SA | Primus HSM | Yes | Yes | Yes | Yes | 1.7+
| Thales | Luna HSM | Yes | Yes | Yes | Yes | 1.4+
| Thales | Luna TCT HSM | Yes | Yes | Yes | Yes | 1.4+
| Thales | CipherTrust Manager | Yes | Yes | Yes | **No** | 1.7+
| Utimaco | HSM | Yes | Yes | Yes | Yes | 1.4+
| Yubico | YubiHSM 2 | Yes | Yes | Yes | Yes | 1.17.2+
<span style={{display:'block', textAlign:'right', fontSize:'12px'}}>
<em>
<b>Last Updated</b>:
May 03, 2023
</em>
</span>
## External key management (EKMS)
Vault centrally manages and automates encryption keys across environments so
customers can [manage external encryption keys](/vault/docs/secrets/key-management)
used in third party services and products with the following plugins:
Abbreviation | Full plugin name
------------ | ----------------
EKMMSSQL | [Vault EKM provider for SQL server](/vault/docs/platform/mssql)
KV | [Key/Value secrets engine](/vault/docs/secrets/kv)
KMSE | [Key Management secrets engine](/vault/docs/secrets/key-management)
KMIP | [KMIP secrets engine](/vault/docs/secrets/kmip)
PKCS#11 | [PKCS#11 provider](/vault/docs/enterprise/pkcs11-provider)
Transit | [Transit secrets engine](/vault/docs/secrets/transit)
<Note title="Vault verified vs HCP Vault verified">
HCP Vault verified integrations work with the current version HCP Vault
Dedicated. Self-managed Vault instances must meet the required minimum version
for verification guarantees.
</Note>
The table below indicates the plugin support for partner products, the
verification status for HCP Vault Dedicated and the minimum Vault version
required for verified behavior in self-managed Vault instances:
| Partner | Product | Vault plugin | Vault verified | HCP Vault verified
| ----------------- | ------------------------ | ------------ | -------------- | ------------------
| AWS | AWS KMS | KMSE | 1.8+ | Yes
| Baffle | Shield | KV | 1.3+ | **No**
| Bloombase | StoreSafe | KMIP | 1.9+ | N/A
| Cloudian | HyperStore 7.5.1 | KMIP | 1.12+ | N/A
| Cockroach Labs | Cockroach Cloud DB | KMSE | 1.10+ | N/A
| Cockroach Labs | Cockroach DB | Transit | 1.10+ | Yes
| Cohesity | Cohesity DataPlatform | KMIP | 1.13.2+ | N/A
| Commvault Systems | CommVault | KMIP | 1.9+ | N/A
| Cribl | Cribl Stream | KV | 1.8+ | Yes
| DataStax | DataStax Enterprise | KMIP | 1.11+ | Yes
| Dell | PowerMax | KMIP | 1.12.1+ | N/A
| Dell | PowerProtect DDOS 8.0.X | KMIP | 1.15.2+ | N/A
| EnterpriseDB | Postgres Advanced Server | KMIP | 1.12.6+ | N/A
| Garantir | GaraSign | Transit | 1.5+ | Yes
| Google | Google KMS | KMSE | 1.9+ | N/A
| HPE | Exmeral Data Fabric | KMIP | 1.2+ | N/A
| Intel | Key Broker Service | KMIP | 1.11+ | N/A
| JumpWire | JumpWire | KV | 1.12+ | Yes
| Micro Focus | Connected Mx | Transit | 1.7+ | **No**
| Microsoft | Azure Key Vault | KMSE | 1.6+ | N/A
| Microsoft | MSSSQL | EKMMSSQL | 1.9+ | **No**
| MinIO | Key Encryption Service | KV | 1.11+ | **No**
| MongoDB | Atlas | KMSE | 1.6+ | N/A
| MongoDB | MongoDB Enterprise | KMIP | 1.2+ | N/A
| MongoDB | Client Libraries | KMIP | 1.9+ | N/A
| NetApp | ONTAP | KMIP | 1.2+ | N/A
| NetApp | StorageGrid | KMIP | 1.2+ | N/A
| Nutanix | AHV/AOS 6.5.1.6 | KMIP | 1.12+ | N/A
| Ondat | Trousseau | Transit | 1.9+ | Yes
| Oracle | MySQL | KMIP | 1.2+ | N/A
| Oracle | Oracle 19c | PKCS#11 | 1.11+ | N/A
| Percona | Server 8.0 | KMIP | 1.9+ | N/A
| Percona | XtraBackup 8.0 | KMIP | 1.9+ | N/A
| Rubrik | CDM 9.1 (Edge) | KMIP | 1.16.2+ | N/A
| Scality | Scality RING | KMIP | 1.12+ | N/A
| Snowflake | Snowflake | KMSE | 1.6+ | N/A
| Veeam | Karsten K10 | Transit | 1.9+ | N/A
| Veritas | NetBackup | KMIP | 1.13.9+ | N/A
| VMware | vSphere 7.0, 8.0 | KMIP | 1.2+ | N/A
| VMware | vSan 7.0, 8.0 | KMIP | 1.2+ | N/A
| Yugabyte | Yugabyte Platform | Transit | 1.9+ | **No**
<span style={{display:'block', textAlign:'right', fontSize:'12px'}}>
<em>
<b>Last Updated</b>:
August 25, 2023
</em>
</span>
Reference in New Issue View Git Blame Copy Permalink