There is no joke? Stop implementing your own crypto. Vault has transit encryption out of the box, among other things.
"The transit secrets engine handles cryptographic functions on data in-transit. Vault doesn't store the data sent to the secrets engine. It can also be viewed as "cryptography as a service" or "encryption as a service". The transit secrets engine can also sign and verify data; generate hashes and HMACs of data; and act as a source of random bytes."[0]
Oh. I thought it was because there are at least a dozen ways to securely encrypt/decrypt data, most of which are audited.
Skimming their site they seem to offer some sort of encryption + service hosting? I don't see how this is much different than any of the other options out there. And not really an equivalent to using RSA as it looks to be tied to their hosting.
I also tend to not trust for profit companies with things like this (esp. if it's closed source or I can't know what the servers actually run).
Has this service been audited? Has it withstood against the US court system like veracrypt has multiple times? Do their founders have any history that goes against good data security?
Been trialing Vault as a CA for internal use and so far everything seems to work great and setting it up with the documentation provided was quite easy. Furthermore, unlike some other FOSS developers they also provide and support illumos (Solaris) binaries for which I am truly grateful for.
"The transit secrets engine handles cryptographic functions on data in-transit. Vault doesn't store the data sent to the secrets engine. It can also be viewed as "cryptography as a service" or "encryption as a service". The transit secrets engine can also sign and verify data; generate hashes and HMACs of data; and act as a source of random bytes."[0]
[0] https://www.vaultproject.io/docs/secrets/transit