The official documentation of Ansible vault does a great job at explaining how Ansible Vault works and how to use the easy UI for encrypting, decrypting, and re-keying your secrets for storing in source control.
Ansible uses configuration files called playbooks which are used to describe a policy that the remote system needs to follow. Though there is often a need to keep data from these configurations files encrypted when using source control.
Doing this in Ansible's Vault is pretty easy, simply running: ansible-playbook site.yml --ask-vault-pass will run a playbook which uses encrypted data.
Ansible vault files are encrypted YAML key-value stores. The entire file is encrypted, and so it's impossible to indicate which keys are defined within the vault without also viewing values.
Box EKM is built as a complementary but still separate service than the storage service that Box provides. As such, it costs extra to use EKM to store secrets of data hosted with Box's cloud hosting.
Box provides dedicated hardware (HSMs) that the enterprise has complete control over and can provide access to Box in a granular way with Box in turn providing cloud services such as deduplication, search indexing, information rights management, etc.
Red October is fully open source, from the encryption library to the UI modules. Everyone can inspect the code hosted on GitHub or fork it and implement it to suit their needs if they have to.
Red October was built to add an extra layer of security inside organizations. The "two-man rule" that Red October employs means that data can only be decrypted if two or more users provide the necessary keys.
Red October uses its own crypto implementation in to encrypt secrets. While it's not necessarily a security risk, it would be safer to use a crypto library that has proven it's worth and that has been used for a long time in a lot of projects.
If a company uses more than a cloud service on which they run their platform, you don't need to use a different service to manage secrets for each of them, instead Conjur bundles all of them in a simple to use user interface.
Setting up Conjur is pretty easy. All a user has to do is install the client, set up an account and through the guidance of the user interface, choose the operations with which the developers will use to control their data and servers.
Conjur provides detailed information on activity of all users and changes within the secret storage. It also provides graphs and comes with a warning system to make monitoring easier.
LastPass provides a straightforward graphical user interface for creating and managing shared folders, secrets and user-groups. It does not require understanding the underlying technology to use.
SE Blackbox works with Git, Mercurial, Subversion and Perforce to store encrypted secrets file in a repository. Files are automatically encrypted and decrypted using GNU Privacy Guard.
Keywhiz is still in a very early stage of its development and may not be ready for production yet since it's prone to changes and may have some security issues.
Amazon has used a lot of techniques to harden the process of storing and securing keys in its service. For example, keys are not stored on disk, nor are they allowed to persist in memory.
Amazon employees can not access a user's secret keys physically and the keys themselves are stored in the same geographical region as the application they belong to.
AWS Key Management Service offers a single unified dashboard that teams can use to manage and store their secrets used in applications hosted on AWS services. In the dashboard users can create keys, retrieve them and audit key usage through detailed information offered to them
To gain a quote, you need to contact Thycotic Sales; prices are not published openly on their site.
You can obtain a quote via: https://thycotic.com/products/request-a-quote/