Vault
Modular vaulting in Hyperswitch
Hyperswitch offers flexible vault deployment options to suit different merchant PCI profiles and hosting preferences. Whether you’re self-hosting Hyperswitch with your own PCI setup or leveraging the fully managed SaaS orchestration layer, Hyperswitch’s modular vault architecture adapts seamlessly to your compliance boundary. This section outlines the various Vault Flavors supported by Hyperswitch - covering self-hosted and SaaS environments, in-house and outsourced PCI models, and integrations with Juspay-hosted or third-party vaults such as VGS and Tokenex. Each model includes sequence diagrams, supported feature sets, and references to relevant configuration guides.
Vault Architecture & Deployment Models
Merchant Profile
Hosting Type
Vault Option
PCI Responsibility
Example Use Case
Juspay hosts Hyperswitch orchestration
Juspay hosted vault
PCI handled by Juspay
Enterprise or mid-scale merchants using Hyperswitch SaaS
Juspay hosts Hyperswitch orchestration
Third-party vault or vault + SDK
PCI shared with external vault provider
Merchants already invested in external token vaults
Merchant hosts Hyperswitch orchestration
Native vault within self deployed Hyperswitch
Merchant manages PCI DSS compliance
Large enterprise merchants with full PCI scope
Self-hosted & outsourced PCI (similar to SaaS with 3rd party vault)
Merchant hosts Hyperswitch orchestration
Juspay hosted vault + SDK or third-party vault + SDK (VGS, Tokenex)
PCI outsourced to third-party provider
Merchants who want control over orchestration but offload PCI
-
Juspay hosted vault + SDK
PCI handled by Juspay
Merchants looking for unified token vault with Proxy API
Modular vaulting in Hyperswitch
Modular Vaulting is a key component of Juspay’s payment system, offering merchants the flexibility to either use Hyperswitch’s built-in PCI-compliant vault with advanced tokenization and security features or connect to any third party vault provider. This flexibility enables businesses to start simple and scale confidently without re-architecting their entire system.
Last updated
Was this helpful?