I spent about 1 month setting up an in-depth PoC Vault Server, hosted on Kubernetes, 99% Infrastructure as Code. (Kubernetes yamls, Configuration, scripts, Vault Infrastructure Provisioning Secrets(encrypted), all stored as Code in Git.)
My primary purpose was to evaluate its versioned key-value store. I ended up abandoning it for that purpose. After finding Cloud KMS + Mozilla SOPS + Git to be a better and easier to maintain solution. (Did a write up on it if you want to learn more.)
That being said, I just think it's versioned key value engine isn't worth the trouble compared to KMS + Mozilla SOPS, other than that:
Vault's a well-designed product that seems to best in class when it comes to dynamic secrets. I'd definitely recommend it for industries that have high absolute security requirements of short-lived ssh credentials, and auto-rotating database passwords. But if this is just a "nice to have", then weigh it against the fact that it'll take at least 2-4 weeks if not more figuring out how to install, configure, maintain, and secure it + ongoing costs to host the infrastructure.
The only security Flaw I'm aware of is root access of a live vault server -> memory dump -> cleartext master decryption key -> powned. That being said there's several ways to prevent this, the best being to use a SCONE security enclave (think docker container with encrypted ram). (That can 99.99% protect against root access vs other countermeasures center around preventing root access.)