etcd VS Vault

Compare etcd vs Vault and see what are their differences.


Distributed reliable key-value store for the most critical data of a distributed system (by etcd-io)


A tool for secrets management, encryption as a service, and privileged access management (by hashicorp)
Our great sponsors
  • InfluxDB - Access the most powerful time series database as a service
  • SonarLint - Clean code begins in your IDE with SonarLint
  • SaaSHub - Software Alternatives and Reviews
etcd Vault
48 136
42,871 27,160
1.1% 1.2%
9.9 9.9
5 days ago 4 days ago
Go Go
Apache License 2.0 Mozilla Public License 2.0
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.


Posts with mentions or reviews of etcd. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-02-19.
  • Why is the principle stating that "interfaces should belong to the package that uses values of the interface type, not the package that implements those values" sometimes violated?
    2 projects | | 19 Feb 2023
    While exploring popular projects such as etcd and especially traefik, I noticed a violation of the principle that states "interfaces should belong to the package that uses values of the interface type, not the package that implements those values." For example, Here we can see that ManagerFactory import Registry interface that placed here and implementations of this interface in the same package, which violates the aforementioned principle. Even if the interface is simply a specification, it should still be defined on the consumer side. Is it considered bad practice to follow what traefik does in this case or I doesn't understand somthing? P.S. I'm newcomer, so sorry if it's silly question.
  • How to implement a distributed /etc directory using etcd and JuiceFS
    2 projects | | 9 Feb 2023
    In case of data sensitivity, you can enable the encrypted communication function of etcd for encrypted data transmission. Refer to the sample script provided by the etcd project.
  • How to get a head start into contributing to open source projects
    3 projects | | 30 Jan 2023
    Step 0: You have a strong grasp on who uses the tool/product/service and for what purpose. That can take weeks, months, or years depending on the specific project you're contributing to. A little NodeJS module? Probably closer to days. etcd? Probably closer to months/years.
  • Secret Management in Kubernetes: Approaches, Tools, and Best Practices
    8 projects | | 23 Jan 2023
    etcd is not secure - etcd is where Kubernetes secrets are stored. Though etcd is a distributed key/value store with great performance, it lacks key features when it comes to handling sensitive data such as audit log, key rotation, and encryption of key.
  • šŸ’”Hosted ETCD aaS
    2 projects | | 10 Jan 2023
    You know how Kubernetes is absolutely blowing up? Well there's one piece of technology that it all depends on -- etcd.
  • ETCD Backup with K10 / Kanister
    2 projects | | 4 Jan 2023
    FROM as etcd FROM alpine:3.17 RUN apk add --no-cache tar # Taken from COPY --from=etcd /usr/local/bin/etcd /usr/local/bin/ COPY --from=etcd /usr/local/bin/etcdctl /usr/local/bin/ COPY --from=etcd /usr/local/bin/etcdutl /usr/local/bin/ COPY --from=etcd /etc/nsswitch.conf /etc/nsswitch.conf CMD ["/usr/local/bin/etcd"]
  • a tool for quickly creating web and microservice code
    28 projects | | 15 Dec 2022
    Service registry and discovery etcd, consul, nacos
  • Kubernetes: What It Is, How It Works, and Why It's A Game changer
    5 projects | | 3 Dec 2022
    Yes, Kubernetes, in fact, relies on a number of other free and open source software packages. As a base, it relies on the Docker container runtime and the CoreOS Linux distribution, and it utilizes other open source projects for a number of its components, such as etcd for distributed key-value storage. The tool's core and control plane are both built in GO programming language, making it a completely Go-based application. Kubernetes itself is an open source project and has been used as a building block for other open source projects.
  • A poor man's API
    9 projects | | 23 Nov 2022
    APISIX stores its configuration in etcd
  • How to choose the right API Gateway
    15 projects | | 22 Nov 2022
    Next, review deployment complexity such as DB-less versus database-backed deployments. For example, Kong does require running Cassandra or Postgres. Apigee requires Cassandra, Zookeeper, and Postgres to run, while other solutions like Express Gateway and Tyk only require Redis. Apache APISIX uses etcd as its data store, it stores and manages routing-related and plugin-related configurations in etcd in the Data Plane.


Posts with mentions or reviews of Vault. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-03-08.

What are some alternatives?

When comparing etcd and Vault you can also consider the following projects:

Keycloak - Open Source Identity and Access Management For Modern Applications and Services

consul - Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.

sops - Simple and flexible tool for managing secrets

minio - Multi-Cloud :cloud: Object Storage

sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets

Apache ZooKeeper - Apache ZooKeeper

OPA (Open Policy Agent) - An open source, general-purpose policy engine.

bitwarden_rs - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs [Moved to:]

Ory Kratos - Next-gen identity server (think Auth0, Okta, Firebase) with Ory-hardened authentication, MFA, FIDO2, TOTP, WebAuthn, profile management, identity schemas, social sign in, registration, account recovery, passwordless. Golang, headless, API-only - without templating or theming headaches. Available as a cloud service.

nsq - A realtime distributed messaging platform

traefik - The Cloud Native Application Proxy