Case Study: Banca Popolare di Sondrio secures application secrets with HashiCorp Vault

Taming Application Secrets at BPS with HashiCorp Vault

Banca Popolare di Sondrio, a long-established Italian retail bank, struggled with managing a huge number of application secrets across hundreds of services, legacy backends, and mixed Linux/Windows infrastructure. While identity management helped with human users, application credentials were still being stored in plain text configuration files and even source code, creating major security, rotation, and compliance challenges. The bank turned to HashiCorp Vault to address these issues.

HashiCorp implemented Vault first for cloud-native Kubernetes applications, then expanded it to traditional application servers, Oracle/Postgres databases, and Active Directory-backed services. Using Vault policies, automated password rotation, auditing, and the Vault Agent for application decoupling, Banca Popolare di Sondrio reduced manual secret handling, improved security controls, and increased visibility for compliance and logging. While no exact numeric business impact was provided, the bank reported successful adoption across multiple application environments and a move toward stronger internal and regulatory security adherence.

Banca Popolare di Sondrio

Diego Braga

Banca Popolare di Sondrio