Comment by SOLAR_FIELDS

For a long time up until about a couple of years ago the project was stagnated and was missing some pretty critical features. I'd say it was only halfway usable until then and it doesn't have near the ecosystem that things like Hashicorp Vault does. But for my self hosted infra stuff it is perfect. It just really doesn't gel well with compliance frameworks and audits, mainly because the auditability of the solution goes out the window the second someone is able to decrypt the secret - its access patterns are untraceable. These auditors really prefer to see a situation where access to the secret is tightly controlled and audited on rotation and sops, by nature of how it works, cannot really easily offer that.