This page collects brief definitions of some of the technical terms used in the documentation for HCP, HCP Consul, and HCP Vault.

»Audit Device Log

Audit devices are the components in Vault that keep a detailed log of all requests and response to Vault. Because every operation with Vault is an API request/response, the audit log contains every authenticated interaction with Vault, including errors.

To learn more, go through the Access the audit log for troubleshooting section of the Vault Operation Tasks tutorial.


Entity represents a Vault client which has one or more aliases mapped. For example, a single user who has accounts in both GitHub and LDAP can be mapped to a single entity in Vault that has 2 aliases, one of type GitHub and one of type LDAP.

To learn more about entities, go through the Identity: Entities and Groups tutorial.


HashiCorp Virtual Networks. It delegates an IPv4 CIDR (classless inter-domain routing) range to HCP which is then reflected on the cloud provider's virtual network CIDR range.

»Intra Region

The resources are all located within the same cloud provider region.

»Inter Region

The resources are located across the different cloud provider regions.

»Major Version

Vault releases major functionality and features in their major version releases. Examples of Vault major versions are 1.6, 1.7, etc.

»Minor Version

Minor versions releases of Vault contain bug fixes and small enhancements that do not have an impact on backward compatibility. Minor versions are released more frequently than major releases and provide a safe upgrade path for users. Examples of minor versions include 1.6.0, 1.6.1, 1.7.0, etc.


Namespaces is a set of features within Vault Enterprise that allows Vault environments to support secure multi-tenancy within a Vault deployment.

To learn more, go through the following tutorials:


When a Vault server is started, it starts in a sealed state. In this state, Vault is configured to know where and how to access the physical storage, but doesn't know how to decrypt any of it. There is also an API to seal the Vault. This will throw away the master key in memory and require another unseal process to restore it. Sealing only requires a single operator with root privileges.

To learn more, go through the Seal the cluster section of the Vault Operation Tasks tutorial.


Vault enables users to take a snapshot of all Vault data. The snapshot can be used to restore Vault to the point in time when a snapshot was taken.

To learn more about snapshots, go through the Data snapshots section of the Vault Operation Tasks tutorial.


Tokens are the core method for authenticating with Vault. Within Vault, tokens map to information. The most important information mapped to a token is the policies. Vault policies control access to secrets.

To learn more about Vault tokens, go through the Vault Tokens tutorials.


Unsealing is the process of obtaining the plaintext master key necessary to read the decryption key to decrypt the data, allowing access to the Vault. Prior to unsealing, almost no operations are possible with Vault.

To learn more, go through the Unseal the cluster section of the Vault Operation Tasks tutorial.