You can use a mix of secrets manager and certificate manager products in AWS and accomplish essentially the same things Vault promises for much cheaper (and easier to manage).
I’m underselling of course the vast capabilities of vault. but most companies don’t need those advanced features, and they don’t really sell them, they sell and lock you into features that once you implement are going to become an extraodinary hurdle to migrate out of.
On the oidc - yes we were using okta as that. but at some point mid-contract the “okta” management features that connected to it became enterprise only, and we had reasoned that if we didnt need more advanced features (dr, replication) we could go back to OSS when we wanted. In fact that was even told to us, until that was no longer the case.
