I can give an insight! We tried buying into Vault Enterprise and let me tell you, it was incredibly expensive. We're talking Splunk levels of prohibitive cost here, maybe even worse.
Their pricing models are actually insane. For Vault Enterprise, you buy into a fixed limited number of clients with a pricing ladder that would make Apple blush. You start at 100 “service tokens” with the next level being 1000, 2500, and 50000 tokens. Any “service” that needs to connect to vault is a client, and the definition of a service is pretty loose. For Kubernetes / compose stacks, any one pod / running container is a service.
It gets worse: Once a token has been claimed, it can no longer be used by a different client for the entire billing period (meaning: a year). This means that you can run out of valid client tokens, even if you're only actively using half if you spent the other half for testing purposes or no longer run the architecture that used up those tokens. Oh, and users are clients, too.
All in all, the ballpark moved somewhere in the low six figures for their 100-token agreement, if I remember correctly. We had to decline because Vault alone would've cost a large part of our infrastructure budget.
Their pricing models are actually insane. For Vault Enterprise, you buy into a fixed limited number of clients with a pricing ladder that would make Apple blush. You start at 100 “service tokens” with the next level being 1000, 2500, and 50000 tokens. Any “service” that needs to connect to vault is a client, and the definition of a service is pretty loose. For Kubernetes / compose stacks, any one pod / running container is a service.
It gets worse: Once a token has been claimed, it can no longer be used by a different client for the entire billing period (meaning: a year). This means that you can run out of valid client tokens, even if you're only actively using half if you spent the other half for testing purposes or no longer run the architecture that used up those tokens. Oh, and users are clients, too.
All in all, the ballpark moved somewhere in the low six figures for their 100-token agreement, if I remember correctly. We had to decline because Vault alone would've cost a large part of our infrastructure budget.