Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You don't want to pay $1/month to store a single secret. You want a nicer workflow for creating ephemeral users and tokens than AWS themselves have. You want to do on-the-fly encryption of all sorts of things. You want a real PKI without every bit of know-how.


1$ per secret a month sounds extremely cheap considered on how much does it host to run vault


You can run vault on a single t3.medium backed by s3 with auto unseal and get pretty decent performance.


If you don’t care about silly things like high availability and reliability. Hashicorp even recommends a cluster of three.

https://www.vaultproject.io/docs/concepts/ha/

And what business at scale is optimizing over 0.25 per secret and doesn’t care about HA?


It’s 0.25 cent per month to use the Secrets Manager and you can store multiple key/value pairs per secret. If you’re not using the automatic key rotation, you can store a “SecretString” in parameter store for free for low volume usage or for higher volume It’s close to free.

Besides with vault you now need to set up a cluster for HA. But is your time worth nothing?

As far as users and tokens. That’s what Cognito is for for external users or associating your AD with IAM roles for internal users.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: