In my opinion, HashiCorp Vault could improve its user interface. Right now, they don't offer much in terms of a graphical interface, which means you usually have to manage things manually through API calls. I think CyberArk has a better approach because it provides a UI that integrates features across all its components, making it easier, especially for new users or those from organizations with strict licensing policies. 

The onboarding is a challenge. It should be more self-service, but it involves reviews and approvals.

There is room for improvement in stability.

The product needs to improve its customization. It should be also more like easy to plug and play. 

There could be a plugin for the database to change the secret automatically. It would be an efficient feature for password security.

I don't think there are any major improvements required—so far, so good. However, I think that having more training materials, such as videos, and documentation available would be helpful. I would prefer to have more videos available either on the official site or on YouTube. 

The product is complicated to install. It could be easier. Additionally, its pricing model needs improvement.

They should include automation features for the solution's implementation process. It will make the deployment simple.

Its cost can be improved. It is really pricey, but to be fair, it did everything that we wanted it to do. Because of our requirements for high availability, redundancy, and resiliency, we needed a lot of clusters and a lot of nodes. We needed a massive architecture and the price of it was so inhibitive. It was going to cost us over a quarter of a million a year.

In terms of features, the only thing that I found a little bit hinky was that there was no revocation or deletion on the model we were using. Once in a financial year, a client interacts, and you pay for that client for the year. So, there are just little things like that in the pricing. There should be more clarity around the end of the key. I know there is no system like this. They all are the same. I tested Microsoft, Google, and some others, and none of them really want you to delete a key, which makes sense. You delete a key, and you lose everything that it has wrapped or encrypted, but it's actually just a language. Deletion isn't really deletion. It's really revocation, but overall, HashiCorp Vault ticked all the boxes for us, and I couldn't fault it.

We could use more documentation, primarily to do with integrations. Anybody who uses HashiCorp integrates with a public cloud, like Azure or AWS. Azure and AWS have their own secret management; how does this collaboration work between the key vault of HashiCorp to the key vault of Azure? Some of this documentation is not up to mark.

It would be helpful to have more advanced features.

I would like to see better integration of HashiCorp Vault with SAP products. 

We found that Microsoft Azure Vault is better due to the fact that it has integration with all of the Azure services.

It would be better if it integrated more broadly with cloud API such as Amazon Web services, et cetera. 

The error handling could be a bit better. 

The technical support was hard to get a hold of and lacking in service.

The initial setup could be simplified. 

A Service Mesh workflow connected within Vault workflow would be difficult to integrate, depending on the SI complexity and security compliance.

A drawback for some clients who have to be PCI compliant is that they still need to use and subscribe to an HSM (Hardware Security Module) solution. 

Compliance: www.pcicomplianceguide.org

The documentation is very general; it should have more examples and more use cases. Basically, they just tell you the syntax without a better explanation of how to do things.

We learned all of the Vault Commands (CLI) and they work fine, except when we are running on an EKS cluster then the syntax changes. Most of the commands are not working.

The solution could be much easier to implement. We are trying to implement it now.