Deckhouse Stronghold is available as Community Edition (CE) and Enterprise Edition (EE).
Deckhouse Stronghold CE is available for use in any of the Deckhouse Kubernetes Platform editions.
Deckhouse Stronghold EE is licensed separately and available for use in any commercial edition of DKP.
The table below provides a brief comparison of the Deckhouse Stronghold editions, listing their main features and details:
| Feature | CE | EE |
|---|---|---|
| Secure management of the secret lifecycle (storage, creation, delivery, revocation, and rotation) |  |
|
| Support of IaC automation tools (Ansible, Terraform) | |
|
| Support of authentication methods | JWT, OIDC, Kubernetes, LDAP, Token | JWT, OIDC, Kubernetes, LDAP, Token |
| Support of KV, Kubernetes, Database, SSH, and PKI secret engines | |
|
| Deploying to an air-gapped environment | |
|
| Web interface | |
|
| Role and access policy management through a web interface |  |
|
| Support for namespaces | |
|
| Built-in automatic vault unsealing without requiring any external services or KMS | |
|
| Data replication | |
KV1/KV2 |
| Automatic backup creation on a schedule | |
|
| Audit logging support | |
|
| Delivered as a standalone executable file | |
|
| Can be launched in DKP CE | |
|
| Technical support under the “Standard” plan |  |
|
| Technical support under the “Standard +” plan | |
|