When comparing Ansible Vault vs Conjur, the Slant community recommends Ansible Vault for most people. In the question“What are the best shared secret managers?” Ansible Vault is ranked 1st while Conjur is ranked 5th. The most important reason people chose Ansible Vault is:
The official documentation of Ansible vault does a great job at explaining how Ansible Vault works and how to use the easy UI for encrypting, decrypting, and re-keying your secrets for storing in source control.
Ranked in these QuestionsQuestion Ranking
Pros
Pro The documentation does a good job on explaining how to use it
The official documentation of Ansible vault does a great job at explaining how Ansible Vault works and how to use the easy UI for encrypting, decrypting, and re-keying your secrets for storing in source control.
Pro Allows keeping encrypted data in ansible playbooks easily
Ansible uses configuration files called playbooks which are used to describe a policy that the remote system needs to follow. Though there is often a need to keep data from these configurations files encrypted when using source control.
Doing this in Ansible's Vault is pretty easy, simply running: ansible-playbook site.yml --ask-vault-pass
will run a playbook which uses encrypted data.
Pro Can bundle different cloud services into a single interface
If a company uses more than a cloud service on which they run their platform, you don't need to use a different service to manage secrets for each of them, instead Conjur bundles all of them in a simple to use user interface.
Pro Easy setup
Setting up Conjur is pretty easy. All a user has to do is install the client, set up an account and through the guidance of the user interface, choose the operations with which the developers will use to control their data and servers.
Pro Provides tools for monitoring activity
Conjur provides detailed information on activity of all users and changes within the secret storage. It also provides graphs and comes with a warning system to make monitoring easier.
Cons
Con No way of exposing just the key in the key-value pair
Ansible vault files are encrypted YAML key-value stores. The entire file is encrypted, and so it's impossible to indicate which keys are defined within the vault without also viewing values.