Vault

Vault is the industry standard for secrets management — API keys, database credentials, certificates, encryption keys — all centralized, audited, and rotated automatically. If you're storing secrets in .env files or hardcoding them, Vault is the grown-up solution.

For indie hackers, Vault is probably overkill until you're managing multiple services with different secrets across environments. Infisical is the modern, developer-friendly alternative with a better UI. AWS Secrets Manager and GCP Secret Manager work if you're cloud-native. Doppler is the slick SaaS option.

The catch: HashiCorp switched Vault from MPL to BSL (Business Source License) in 2023, which means you can't build a competing product with it. The community forked it as OpenBao under the Linux Foundation. Self-hosting Vault is an ops burden — it needs unsealing, HA configuration, and careful backup strategies. For most small teams, Infisical or Doppler gets you 80% of the value with 20% of the complexity.