Vault Fundamentals

Familiarize yourself with strategies to address these areas of concern and get tactical by implementing various security measures using Vault. Understand the capabilities and design of the HashiCorp Vault application then apply your knowledge by solving a variety of real-world scenarios.

Prerequisites

Solid grasp of cloud fundamentals and some experience creating services in a public cloud (AWS - preferred, GCP, Azure, etc.). Good understanding of identity access management (IAM) concepts and terminology. You should be comfortable working on the command line.

Course Goals

By the end of this course, students should be able to:

• Explain the motivations for secret management
• Recognize problems that Vault’s capabilities are well positioned to solve
• Understand Vault’s application design
• Administer, configure, and use Vault
• Locate valuable resources and references to continue using Vault

• Introduction
• Course Introduction
• Vault Overview
• Understanding the Problem Domain
• Core Capabilities
• Complementary Technologies
• Alternative Technologies
• Secret Storage
• Environment Setup
• Launching "Dev" Server
• Key/Value CRUD Ops
• Key/Value CRUD Ops with JSON
• Vault Concepts
• Architecture
• Sealing and Unsealing
• Server Configuration File
• Plugins Part 1
• Plugins Part 2
• Access Management
• Basic ACL Policies
• Basic ACL Policies Lab
• Entities, Aliases and Groups Lecture
• Entities, Aliases and Groups Lab
• Policy Templating
• Secret Storage Continued
• Secret Versioning
• Cubbyhole Secrets Engine
• Cubbyhole Response Wrapping
• AppRole Auth Method
• Dynamic Secrets in Action
• AWS Secrets Engine Lecture
• AWS Secrets Engine Lab
• AWS Secrets Engine Scenario
• DB Engines Setup
• DB Secrets Engine Lab
• Encryption as a Service
• Encrypt/Decrypt Operations
• Encrypted Message Re-Wrapping
• Datakey Generation
• HMAC
• Summary
• Course Summary