Skip to content

Adoption & Ecosystem

Who uses it

The repository's ADOPTERS.md lists production adopters. The table below is a sample of named organizations from that file with the use case each one reports (source: https://github.com/bank-vaults/bank-vaults/blob/main/ADOPTERS.md).

OrganisationUse caseSource
Outshift (by Cisco)Provisions and configures Vault on Kubernetes and injects secrets into applications.ADOPTERS.md
Thought MachineProvisions Vault for its cloud native core banking engine (also called Vault).ADOPTERS.md
PostmanManages High Availability (HA) Vault services inside Kubernetes.ADOPTERS.md
VonageUses AWS KMS, S3, and DynamoDB; provides secrets to cloud and on-premise workloads, with a planned move to the raft backend.ADOPTERS.md
Wildlife StudiosRuns the Vault Secrets Webhook on more than a dozen clusters with vault-env and vault-agent.ADOPTERS.md
SHE BASH LLCDelivers Vault secret storage for Kubernetes environments in the Department of Defense.ADOPTERS.md

The full file also lists Aspect, Mintel, PhishLabs, PITS Global Data Recovery Services, Pulselive, Samarkand Global, Tinkoff, TripleLift, Vase.ai, and ViaBill.

Adoption signals

Measured from the GitHub REST API on 2026-06-26: 2,257 stars, 485 forks, 13 open issues, and 213 contributor entries (245 including anonymous contributors). The repository was created on 2018-03-07 and last pushed on 2026-06-22. Governance is documented in MAINTAINERS.md, which lists 7 active maintainers plus 3 alumni; the maintainers are spread across several organizations rather than a single vendor (source: https://github.com/bank-vaults/bank-vaults/blob/main/MAINTAINERS.md).

Ecosystem

Bank-Vaults sits on top of HashiCorp Vault and does not depend on other CNCF projects (source: https://github.com/cncf/sandbox/issues/54). The umbrella adds the Vault Operator for CRD-driven Vault provisioning, the Secrets Webhook for injecting secrets into Pods, and the Vault SDK the CLI imports. On the integration side, the CLI's --mode constants cover AWS KMS plus S3, Google Cloud KMS plus GCS, Azure Key Vault, Alibaba KMS plus OSS, Oracle KMS, a remote Vault, Kubernetes Secrets, HSM, and local files (cmd/bank-vaults/main.go:39). It also exposes Prometheus metrics through cmd/bank-vaults/metrics.go and supports Velero-based backup.

Alternatives

The closest neighbours differ in where the secret lands and how much of Vault's lifecycle the tool owns.

AlternativeDiffers by
External Secrets Operator (ESO)Syncs an external secret store into Kubernetes Secret objects; the Bank-Vaults webhook instead injects secrets straight into Pod memory and skips the Kubernetes Secret (source: https://bank-vaults.dev/docs/mutating-webhook/).
HashiCorp Vault Agent Injector / Vault Secrets OperatorHashiCorp's own Pod injection and sync mechanisms; Bank-Vaults has a wider scope that also covers Vault provisioning and unseal automation (comparison: https://bank-vaults.dev/docs/mutating-webhook/webhooks-comparision/).