
In this lecture, students will get a better understanding of the journey they are about to embark on - to learn HashiCorp Vault from a proven and experienced instructor. Students will learn more about the course itself as well as what to expect on the HashiCorp Certified: Vault Associate exam.
This lecture will provide students with a general introduction to HashiCorp Vault.
From a high level, how does Vault actually work? Well, this lesson shows students how it works using a familiar analogy to help them easily understand the basic concepts.
Learn why organizations are choosing Vault to help secure their secrets.
Learn all the cool things that Vault has to offer organizations that decide to use it to protect their secrets and other data.
Open-source, Enterprise, Vault on HCP? WHAT? So many options to get Vault and not sure which one to choose? I'll break it down for you in this section so you're ready to make an educated decision for yourself.
Now that we know quite a bit about Vault, how do we get it running in our environment? This section will discuss that.
Sometimes it's good to understand how to do things manually before you being automating workflows. That's what we'll do in this lab so you fully understand how to get Vault running via the command line.
This lecture will walk you through how to create an image that includes the Vault binary and other configuration files using HashiCorp Packer.
Running Vault dev server is a quick and easy way to play around with Vault. In this lesson, you'll learn when and how to use Dev server mode.
Let's see how we can use Vault dev server to play around with some of Vault's features.
Ok, here comes the good stuff. Let's learn how we can deploy Vault in a production setting using much of the information we've learned so far.
Alright, let's look at a Vault node and how we'd configure everything to get Vault running as a service on a Linux machine.
There are a few critical components to Vault that I feel you should understand before jumping into anything further, so that's exactly what this session will walk you through. Get ready to learn!!!
This lecture will walk students through the basic architecture of Vault and helps students understand the pathing structure that Vault uses.
Remember our hotel analogy from earlier and all the different ways we can interact with Vault? We'll go into a little bit more detail here and show you where you can get even more information later in the course.
In this lab, you will go beyond basic Vault commands and focus on how to use the CLI efficiently. You will explore the most important Vault environment variables, control output formatting, extract values for use in scripts, interact with Vault using raw API paths, and work with advanced KV operations including patch updates, versioning, and metadata management.
You're storing lots of sensitive data in Vault, we Vault wants to protect it for you. Learn about the processes that Vault uses to encrypt and protect your data.
Seal and Unseal is a critical concept in Vault, so this session will help students understand what it is and why it is important.
Let's learn more about unsealing Vault with Key Shards - the default method
In this lecture, we'll walk through how to initialized and unseal Vault using the default option of unseal keys.
Now that you understand Seal and Unseal, how the heck do we do it? Well, this lecture explains how to unseal using Cloud Auto Unseal. Trust me, you'll want to go this route in a production environment if you can.
This lab will walk through the process of configuring and using the Cloud Auto Unseal mechanism.
So many options for unsealing Vault, including this option that allows you to unseal using another Vault cluster. It's a pretty cool option.
We've learned a lot about Seal and Unseal options, but which do I use? This short session will walk you through the pros and cons of each Unseal option to help you decide.
You'll need to initialize Vault when it's first provisioned, so this session will help you understand what initialization does and why you need to do it.
In this lab, you will learn how to initialize and unseal a Vault server using Shamir's Secret Sharing. You will create 5 unseal keys with a threshold of 3, demonstrate the threshold requirement, rekey the unseal configuration, rotate the encryption key, generate a new root token, and practice revoking the root token as a security best practice.
Oh, the lovely Vault configuration file. It's not as scary as it might seem at first. So this session will walk you through the ins and outs of writing a configuration file.
Vault needs a place to store its data, and that "place" is called a storage backend. Learn the ins and outs of Vault storage backends in this lecture.
This lab introduces you to basic Vault operations using the CLI, including authenticating, enabling secrets engines, and managing secrets using key-value storage.
Audit devices help you....well....audit things happening within Vault. This lecture will help students better understand what Audit Devices are and how to use them.
In this lab, you will enable and configure a file audit device in Vault, generate audit log entries through a series of Vault operations, and analyze the resulting log output. You will also practice common audit device management tasks such as disabling and re-enabling audit devices at different paths.
In this lecture, students will get a better understanding of what we'll cover in this section focused on Vault Auth Methods.
Ok, here we go. Time to start learning more about Vault authentication, how it works, and how it's used with client interaction with Vault.
Cool, so now that we know more about auth methods, how do we start configuring them within Vault. That's exactly what we'll cover in this lecture.
Let's focus on the CLI for a second, since it's very common to start enabling and configuring these authentication components using the command line.
Ahh...yeah. Let's get down to business and start configuring auth methods in the CLI.
Yep, you can configure auth methods using the Vault API as well, if that's your thing. Jump into this lecture to learn more.
Oh, you didn't think I'd leave out our old friend "user interface", did you? I'm not skipping anything in this course. Although it's pretty easy, I figured I'd make sure you can do this in the UI as well.
Now that our Vault auth methods are enabled, how do we start using them?
Back to the lab, we'll start consuming these auth methods using the Vault CLI.
This is probably a big topic for many, so I made sure to include enough content to get you started here. You'll find information about authenticating to Vault using the Vault API in this lecture.
More labs. This time showing you how to authenticate to Vault using the Vault API.
Our old friend the "user interface" is back with new tricks, now that auth methods have been enabled.
Learn all about Vault entities in this lecture, which is an essential topic when it comes to understanding how identity works in Vault.
I know that you know what groups are, but hear me out....they are slightly different in Vault. You have your internal groups and your external groups. Learn more in this lecture.
Objective 1B is all about being able to choose the proper auth method. We'll walk through some of these options in this lesson.
Objective 1C is all about knowing what auth methods are used for machines vs. which ones should be used for human-based access.
What's a good Vault course without a ton of demos on all the cool integrations and methods available? In this lab, we'll walk through how to enable and configure the AppRole auth method.
In this lab, you will configure and use Vault's AppRole authentication method to enable machine-to-machine authentication. AppRole is designed for applications and automated workflows that need to authenticate with Vault without human interaction. You will create an AppRole role, retrieve its RoleID and SecretID credentials, log in using those credentials, and verify that the resulting token enforces the permissions defined in your policy.
Okta is hugely popular, so I wanted to make sure to include a demo in this course for the Okta integration. Learn how to enable, configure, and use the Okta auth method in this lab.
Userpass and I go way back....I've been using userpass for demos and configurations for many years now because it's so easy. Learn how to enable, create, and use the Userpass Auth method here.
In this lab, you will configure and test Vault's username and password authentication method. You will enable the auth method, create users with different policies, and verify that each user's permissions are enforced correctly.
In this lab, you will configure and test Vault's Kubernetes authentication method using a mock setup. You will generate mock credentials to simulate a Kubernetes cluster, enable and configure the auth method, create a policy and role for an application, and simulate a Kubernetes service account login. Note that this lab does not have a REAL Kubernetes cluster to connect to.
Taking the HashiCorp Certified: Vault Associate exam? Check out some exam tips for Auth Methods to ensure you're ready to tackle the questions related to this topic.
In this lecture, students will get a better understanding of what we'll cover in this section focused on Vault policies.
Learn why policies are important in Vault and how they are used to secure your environment.
Learn the common commands used when managing policies using the Vault CLI
Learn how to use the Vault UI to easily manage Vault policies.
Using the API to manage policies should be pretty easy, and students can learn more about it here.
When writing policies, it's important to understand the two parts that make up a policy.
Defining the path is often the most important piece of creating a Vault policy.
Learn the capabilities available in Vault to create your policies and we'll wrap this section up with some examples and a few pop quizzes.
Learn how you can customize the path in a policy using the wildcard (*), segment replacement (+), or ACL templating.
In this section, students will learn about working with policies on a day-to-day basis.
In this lab, you will learn how to create and manage HashiCorp Vault policies. Policies are used to define what actions users and entities can perform within Vault. You will create different types of policies and test their effectiveness using the Vault CLI.
Taking the HashiCorp Certified: Vault Associate exam? Check out some exam tips for Objective 2 to ensure you're ready to tackle the questions related to this objective.
In this lecture, students will get a better understanding of what we'll cover in this section focused on Vault tokens.
Let's dive into Vault tokens and understand the base level of Vault tokens. This is merely an introduction and we'll dive much deeper into tokens throughout this section.
In this lection, students can expect to understand more about how Vault tokens follow a token hierarchy. This is important to consider when using Vault tokens to authenticate and retrieve secrets.
What if I don't like the default behavior of the token hierarchy if my apps can't handle it? Well, that's what we'll introduce in this section.
Do you need a token that needs to live forever because your application can't handle the regeneration of a token? Well, that's what a Periodic Token is used for and what this section is all about.
A token with use limits will define the number of times a token can be used. After the last use, the token is automatically revoked.
Need to create a token with no parent? In this lecture, you'll learn more about creating an Orphan token that isn't influenced by its parent.
In this lecture, you will learn how to specify the type of token that you want if you are looking for something other than a traditional service token.
This lecture will discuss how to use the Vault CLI to manage Vault tokens.
There are a few features in the Vault UI that I wanted to call out in this lecture so students are aware.
In this lecture, you'll learn how to use a Vault token when using the Vault API
Learn all about roots tokens, what they are, and how they are created.
In this lecture, students can expect to understand more about token accessors and how they can be used to perform limited actions in Vault.
This lecture will discuss an important feature of Vault tokens, namely TTL and Max TTL.
When would you create a periodic token? When would you opt to use an orphan token instead? Make sure you review this section to better understand.
In this lab, you will learn about the different Vault token types and how to manage them. You will create and compare service tokens, batch tokens, periodic tokens, and orphan tokens, and practice working with token roles.
Taking the HashiCorp Certified: Vault Associate exam? Check out some exam tips for Vault Tokens to ensure you're ready to tackle the questions related to this topic.
In this lecture, I'll introduce this very important section - probably the most important section of the course outside of architecture and getting Vault up and running.
Before we understand the solution, we need to learn more about the problem. In this section, you'll learn the differences between static and dynamic secrets and why you should look to use dynamic secrets where possible.
Let's start diving deeper into secrets engines for Vault.
Let's dive a lot deeper into the KV secrets engine
In this lecture, we'll go even deeper into KV while comparing KV V1 and KV V2.
In this lab, you will learn the differences between KV v1 and KV v2 secrets engines through hands-on practice. You will perform basic read and write operations on both versions, then explore KV v2 specific features including versioning, soft delete, rollback, and metadata management.
In this lab, you will learn how to create and use response wrapping tokens to securely share Vault secrets. Response wrapping allows you to pass a secret to another party without exposing the secret itself, using a single-use token that expires after a configurable TTL.
In this lecture, we'll introduce the Transit secrets engine and talk about its features and how to use it
In this lab, you'll learn how to use the AWS Secrets Engine while using the Assumed_Role credential type. This video is from my Integrating HashiCorp Vault with AWS course.
Let's dive into the PKI secrets engine. This demo was from my Vault Advanced course but I wanted to make it available to students in this course as well.
In this lab, you will use Vault's PKI secrets engine to create and manage a Public Key Infrastructure. You will set up a root CA, create an intermediate CA, and generate certificates for services using both direct CLI output and file-based methods. You will also create a Vault policy to authorize an application to request certificates.
In this lab, you will configure the Vault Agent to authenticate automatically using AppRole, write a managed token to a file sink, and render a KV secret into a plain configuration file using Consul Template syntax. Update the secret in Vault and observe the agent re-render the file without restarting.
Learn more about the Vault Secrets Operator and how you can use it to securely synchronize secrets from Vault to Kubernetes for a more native way of secret management for your Kubernetes workloads.
In this video, you will learn the difference between the Vault Secrets Operator and the Vault Agent Injector for Vault and Kubernetes integrations. You will also know when to choose one over the other based on your needs.
This video will demonstrate (via PowerPoint) how to install the Vault Secrets Operator and the commands required for the installation. You will also be able to use the included commands to verify that VSO was installed and is working correctly.
Are you interested in becoming an expert in HashiCorp Vault and obtaining the HashiCorp Certified: Vault Associate 003 certification?
Look no further than this comprehensive course on Udemy. With free access to live, hands-on labs, you'll learn how to deploy and maintain Vault properly, covering all objectives for passing the certification exam.
Led by HashiCorp expert Bryan Krausen, this course is designed for students with little to no experience with Vault. You'll gain in-depth knowledge of all core Vault components, how to configure and deploy key services, and learn about core HashiCorp concepts.
In this all-new version of the course, you'll have access to many demos, lab sessions, exam tips, and practice questions. As HashiCorp Vault grows exponentially in the market, it's crucial to have the skillset needed to manage it effectively.
By the end of the course, you'll have a thorough understanding of HashiCorp Vault, how to deploy it, and all the components you will use, and you will be on your way to becoming an expert in HashiCorp Vault.
What you will learn:
All about HashiCorp Vault, how to deploy it, and all the components that you will use
How to configure and deploy key HashiCorp Vault services
Core HashiCorp concepts
How to get started on your journey to becoming an expert in HashiCorp Vault
Course Curriculum:
Course Introduction
Introduction to Vault
Learning the Vault Architecture
Installing Vault
Comparing Auth Methods
Creating Vault Policies
Assess Vault Tokens
Secrets Engines
Vault CLI, API, and UI
Vault Secrets Operator
About HashiCorp Vault
Vault is one of HashiCorp's most popular tools and an extremely feature-rich secrets management platform. So naturally, the folks who deploy and manage it need to understand how it all works (that's you!). Plus, I'm sure you're interested in obtaining the HashiCorp Vault Associate certification to prove your expertise to colleagues and employers!
About the Instructor
Bryan Krausen is highly regarded as a HashiCorp expert. He has been working with HashiCorp Vault for 10+ years, deploying Vault for countless large Enterprise customers. He holds multiple Vault certifications, including being one of the first to pass the HashiCorp Certified: Vault Associate certification while it was in the ALPHA stage and one of the only people in the world to hold the HashiCorp Vault Expert partner certification.
Enroll in this course and join over 50,000 students who have learned from Bryan Krausen's expertise on HashiCorp Vault.