The CNCF End User Technology Radar is a guide for evaluating cloud native technologies, on behalf of the CNCF End User Community. Read more...

Secret Management, February 2021

ASSESSGCP SecretsManagementSopsTRIALBitnami SealedSecretsEncryptedrepositoriesADOPTcert-managerAWS SecretsManagerHashicorpVaultAWS KMS
Download as svg or png

The Themes

1. Vault has the broadest adoption across many companies and industries.

Much of the Radar team was initially surprised to see such widespread adoption of HashiCorp Vault among the companies that responded. Vault has often been considered in the industry as a rather complex tool with high operational burden. However, the broad adoption makes sense when you consider many smaller organizations likely would prefer to outsource their secrets management rather than creating and maintaining an in-house solution. This is backed up by our conclusion that commercial tools have a higher adoption rate since they remove the complexity of creating an in-house tool. Show More

2. After Vault, groups tend to use the native solutions provided by their public cloud provider.

Offerings from cloud providers were also widely adopted among participating companies. This finding was not surprising since it is much easier for an organization to use a service if that same provider is already managing the infrastructure. Show More

3. cert-manager has become a popular choice in the Kubernetes ecosystem.

We found that there is a lot of fragmentation and specialization in general among the tools included in the Radar, but this was especially the case with Kubernetes and with certificates appearing in tools and services from vendors. Show More

4. Other solutions in the space are fragmented across various levels of maturity and complexity.

Behind Vault, cloud vendor solutions, and Certificate Manager, we saw a lot of fragmentation in responses which included tools designed for more specific use cases like frameworks, encrypted files in git repositories, and other overlapping tools in the Kubernetes ecosystem. Some of these were not included in the original list of tooling but did appear as one-off instances in responses. However, they did not receive enough adoption/trial/asses votes to be included on the Radar. Show More

The End User companies

AppleCanada Health InfowayAuthKeysZalandoMeltwaterThe New York TimesPeloton InteractiveThermo Fisher ScientificEquityZenSnow SoftwareDB SystelUswitchShopifyWorkdayGMXN26Sony Interactive EntertainmentBoxUPchieveLunarPriceSpiderProSiebenSat.1PayItNetMatchtrivagoVerizon MediaZendeskIntuitRStudio
Not all companies are shown

The Radar Team

Steve Nolen

Steve Nolen

Site Reliability Engineer at RStudio

Steve Nolen is a Site Reliability Engineer at RStudio, PBC working on RStudio’s SaaS offerings. Prior to RStudio, Steve worked at UCLA on a National Science Foundation grant-funded project, building the technology for a brand new data science high school curriculum.

Andrea Galbusera

Andrea Galbusera

Engineer and co-founder at AuthKeys

Engineering and co-founder at AuthKeys. Used to be an embedded engineer for more than a decade AuthKeys was my opportunity to turn into cloud native aware technologies. Going up and down the stack there, my main interests fall into revision control, CI/CD and anything in tech that helps managing complexity yet allowing things to scale at need.





The data

The CNCF End User Community was asked to describe what their companies recommend for different solutions: Adopt, Trial, Assess or Hold. This table shows how the End User companies rated each technology.

The industries

Financial Services3
Consumer Electronics1
Show More

Total number of employees