
Welcome to Unlocking the Secrets: Hands-on HashiCorp Vault!
This course offers you a comprehensive exploration of HashiCorp Vault, a robust secrets management tool. We will cover Vault fundamentals, installation, CLI usage, authentication methods, API interaction, advanced secret engines, policy management and more!
Prerequisites:
Basic Linux command line knowledge
Basic shell scripting skills
General understanding of cloud technologies
Who Should Take this Course?
Those managing secrets for applications
Individuals interested in HashiCorp Vault and its usage
Anyone looking to work with HashiCorp Vault, including installation
Software developers keen on Vault API, CLI, and policy creation
Course Resources:
Course materials available in the "Resources" section of each lecture
Q&A for issue resolution and support
This course will equip you with practical skills for effective secrets management with HashiCorp Vault!
In this lecture, "What is HashiCorp Vault?" you'll gain a fundamental understanding of HashiCorp Vault, a powerful tool for secrets management and data security.
Discover the core principles and functionalities of HashiCorp Vault and how it can address real-world security challenges. Whether you're new to Vault or looking for a refresher, this concise lecture provides essential insights into this critical technology
In this informative lecture, "Use Cases: What Problems Does HashiCorp Vault Solve?", you'll explore the practical applications of HashiCorp Vault in solving real-world challenges.
Delve into various use cases where Vault shines as a secrets management solution. Whether you're an IT professional, developer, or simply curious about Vault's capabilities, this lecture will illuminate the problems it addresses and the value it brings to data security and secrets management.
In this comprehensive lecture, "HashiCorp Vault Architecture," you'll dive deep into the intricate architecture that powers HashiCorp Vault.
Gain a detailed understanding of how Vault's components work together to provide robust secrets management and data security. Whether you're a newcomer to Vault or looking to enhance your knowledge, this lecture offers valuable insights into the inner workings of Vault, empowering you to make informed decisions in your secrets management strategy.
In this lecture, "Ways You Can Install HashiCorp Vault," you'll explore a range of installation methods to set up HashiCorp Vault according to your specific needs and environment.
Learn how to find the right installation method for your specific need; whether it's a Linux, MacOS, Windows or an infrastructure solution like Kubernetes, you'll explore different ways you can install HashiCorp Vault in your system.
In this lecture, "Storage Backend Options for Vault," you'll gain valuable insights into the critical component of HashiCorp Vault's configuration: storage backend options.
Explore the various choices available for storing Vault data, understand their implications, and learn how to select the most suitable option for your specific use case. Also understand why the Integrated Storage Backend is the best option and why we are choosing it.
Whether you're new to Vault or seeking to optimise your data storage strategy, this lecture provides essential knowledge to make informed decisions about Vault's storage backends.
In this focused lecture, "Installing HashiCorp Vault" we will install HashiCorp Vault step-by-step specifically on a Debian-based system.
The lecture covers the process of downloading and configuring Vault from the binary distribution, ensuring a smooth installation experience. Whether you're a Linux enthusiast or a system administrator, this lecture equips you with the knowledge needed to set up Vault on Debian for effective secrets management and data security.
Commands used in the lecture:
wget https://releases.hashicorp.com/vault/1.14.1/vault_1.14.1_linux_arm64.zip
sudo unzip vault_1.14.1_linux_arm64.zip -d /usr/local/bin/
In this lecture, "Ways to Run Vault Server and "dev" Mode," you'll explore the different methods for launching a HashiCorp Vault server and gain a deeper understanding of the "dev" mode. Discover the options available for running Vault in various environments and scenarios, and learn how "dev" mode provides a simplified and isolated setup for testing and development purposes.
Whether you're a Vault beginner or an experienced user, this lecture offers essential insights into effectively deploying and testing Vault servers.
In this lecture, "Generate TLS Certificate for Vault," you'll learn the crucial process of creating TLS (Transport Layer Security) certificates for HashiCorp Vault.
Discover the importance of secure communication within Vault, and follow step-by-step instructions on generating TLS certificates to enhance the security of your Vault installation. Whether you're setting up Vault for the first time or looking to enhance its security, this lecture provides essential knowledge for a secure secrets management environment.
Commands used in the lecture:
vi cert.conf (for cert.conf, check out the downloadable materials)
openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout selfsigned.key -out selfsigned.crt -config cert.conf -days 365
sudo mkdir -p /etc/vault/tls
sudo mv selfsigned.* /etc/vault/tls
sudo cp /etc/vault/tls/selfsigned.crt /usr/local/share/ca-certificates
sudo update-ca-certificates
In this comprehensive lecture, "Configure Vault" you will receive a detailed guide on configuring HashiCorp Vault using the vault.hcl configuration file. Explore the essential settings and parameters within the configuration file, and gain practical insights into tailoring Vault to your specific requirements.
Whether you're a Vault administrator or a system architect, this lecture equips you with the knowledge and skills needed to efficiently configure Vault for secure secrets management and data protection.
Commands used in the lecture:
sudo mkdir -p /etc/vault.d /opt/vault
sudo useradd -r -M -s /bin/false vault
sudo chown --recursive vault:vault /etc/vault* /opt/vault
sudo vi /etc/vault.d/vault.hcl (for vault.hcl check out the downloadable materials)
In this informative and practical lecture, "Creating a systemd Service for Vault," you'll learn the crucial process of setting up a systemd service for HashiCorp Vault. Dive into step-by-step instructions on creating and configuring the service unit to manage Vault as a background process.
Whether you're an IT professional or a system administrator, this lecture provides essential guidance for ensuring the reliable and automated operation of Vault, enhancing your secrets management capabilities.
Commands used in the lecture:
sudo vi /etc/systemd/system/vault.service (for vault.service check out the downloadable materials)
sudo systemctl enable vault.service
sudo systemctl start vault.service
sudo systemctl status vault.service
In this pivotal lecture, "Initializing and Unsealing Vault," you'll delve into the critical steps of initializing and unsealing HashiCorp Vault. Discover the foundational processes that secure and activate Vault's secrets management capabilities. Through a detailed walkthrough, you'll learn how to initialize Vault, generate initial root tokens, and understand the unsealing process, ensuring the security and accessibility of your secrets.
Whether you're new to Vault or an experienced user, this lecture provides essential knowledge for starting and maintaining a secure secrets management environment.
Commands used in the lecture:
export VAULT_ADDR='https://YOUR_IP_ADDRESS:8200'
vault operator init
vault operator unseal (3 times with each unseal key)
vault login
export VAULT_TOKEN=YOUR_VAULT_ROOT_TOKEN
In this optional lecture, "Installing Vault CLI Autocomplete," you'll explore the process of setting up autocompletion for the HashiCorp Vault command-line interface (CLI). Learn how to enhance your CLI experience by enabling autocompletion, allowing for quicker and more efficient interactions with Vault commands.
Whether you're a power user seeking to streamline your workflow or a Vault enthusiast looking to explore advanced features, this lecture provides valuable insights into optimizing your CLI experience with Vault.
Commands used in the lecture:
vault -autocomplete-install
In this informative lecture, "An Introduction to HashiCorp Vault Web UI," you will receive a comprehensive overview of the web user interface (UI) for HashiCorp Vault. Explore the user-friendly interface and learn how to navigate and utilize the web-based tools and features offered by Vault.
Whether you're new to Vault or looking to enhance your knowledge, this lecture provides essential insights into effectively managing secrets and data security through Vault's intuitive web interface.
In this illuminating lecture, "KV Secrets Engine v1 vs. v2," you'll delve into the differences and advancements between HashiCorp Vault's Key-Value (KV) Secrets Engine versions 1 and 2. Gain a comprehensive understanding of the key features, benefits, and use cases of each version.
Whether you're a Vault administrator, developer, or security professional, this lecture offers essential insights to help you make informed decisions regarding the choice of KV Secrets Engine version for your secrets management needs.
In this insightful lecture, "Working with v1 and v2 Secrets Engines," you'll gain hands-on experience and practical knowledge in managing secrets using both Key-Value (KV) Secrets Engine versions 1 and 2 within HashiCorp Vault. Explore the differences between these versions, learn how to create, manage, and retrieve secrets, and understand the implications for your secrets management strategy.
Whether you're a Vault user, administrator, or developer, this lecture equips you with essential skills to efficiently work with Vault's secrets engines and adapt to different use cases.
Commands used in the lecture:
vault secrets enable -version=1 kv
vault kv put kv/my-secret my-value=mysecret
vault kv enable-versioning kv/
vault secrets enable -path=confidential kv-v2
vault kv put confidential/address homeaddress=myhomeaddress
vault kv get confidential/address
vault kv get -mount=confidential address
In this instructive lecture, "Listing Secret Engines," you will discover how to enumerate and manage the secret engines available within HashiCorp Vault using Vault CLI. Explore the essential commands and techniques for retrieving a comprehensive list of active secret engines.
Whether you're a Vault administrator, developer, or security professional, this lecture equips you with the knowledge and skills needed to navigate and utilize Vault's secret engine ecosystem effectively, ensuring streamlined secrets management and enhanced security.
Commands used in the lecture:
vault secrets list
In this informative lecture, "Writing and Updating Secrets," you will delve into the crucial processes of creating and updating secrets within HashiCorp Vault using Vault CLI. Explore the step-by-step instructions and best practices for securely adding or modifying sensitive data in Vault's secret storage.
Whether you're a Vault user, administrator, or developer, this lecture provides essential knowledge and practical insights to ensure the secure management of secrets, enhancing data protection and access control in your environment.
Commands used in the lecture:
vault kv put confidential/address homeaddress="Park Street 1" workaddress="Grand Avenue 10"
In this instructive lecture, "Working with Secret Versions in CLI and UI," you will learn how to manage secret versions effectively within HashiCorp Vault through both the command-line interface (CLI) and the web user interface (UI). Explore the processes of creating, accessing, and managing different versions of secrets, and understand how versioning can enhance your secrets management strategy.
Whether you're a Vault user, administrator, or developer, this lecture equips you with essential skills to track and control secret versions, ensuring data security and auditability in your Vault environment.
Commands used in the lecture:
vault kv put confidential/address homeaddress="Park Street 10" workaddress="Grand Avenue 1"
vault kv get confidential/address
vault kv get -version=1 confidential/address
In this lecture, "Using a Secret Policy to Generate Secrets," you will explore the concept of secret policies within HashiCorp Vault and learn how to leverage them to generate random secrets securely.
Whether you're a Vault user, administrator, or developer, this lecture provides you a way to implement secret generation policies where you can dynamically generate any kind of secrets for your users, applications and services.
Commands used in the lecture:
vault write sys/policies/password/example policy=-<<EOF
length=16
rule "charset" {
charset = "abcdefghij0123456789"
min-chars = 1
}
rule "charset" {
charset = "!@#$%^&*STUVWXYZ"
min-chars = 1
}
EOF
vault kv put -mount=confidential generated-secret \
password=$(vault read -field password sys/policies/password/example/generate)
vault kv get confidential/generated-secret
In this concise and informative lecture, "Deleting a Secret," you will learn the essential steps and best practices for securely removing sensitive data from HashiCorp Vault. Explore the process of deleting secrets and understand the implications of this action.
Whether you're a Vault user, administrator, or developer, this lecture equips you with the knowledge and skills needed to effectively manage the lifecycle of secrets, ensuring data security and privacy in your Vault environment.
Commands used in the lecture:
vault kv delete confidential/address
vault kv get confidential/address
In this insightful lecture, "Undeleting a Secret to Recover a Version," you'll gain an understanding of the process to recover a deleted version of a secret within HashiCorp Vault. Explore the steps and techniques to efficiently restore lost or accidentally deleted secret data, ensuring data integrity and resilience in your Vault environment.
Whether you're a Vault user, administrator, or developer, this lecture equips you with essential knowledge and practical skills to effectively manage secret version recovery, enhancing your data security and access control capabilities.
Commands used in the lecture:
vault kv undelete -versions=2 confidential/address
vault kv get confidential/address
In this crucial lecture, "Destroying a Secret for Permanent Deletion," you'll learn the steps and considerations for securely and permanently deleting sensitive data within HashiCorp Vault. Explore the process of destroying secrets, ensuring that they are irretrievably removed from the system to meet stringent data privacy and compliance requirements.
Whether you're a Vault user, administrator, or developer, this lecture provides essential guidance on managing data lifecycles, enhancing security, and maintaining data integrity in your Vault environment.
Commands used in the lecture:
vault kv destroy -versions=2 confidential/address
vault kv get confidential/address
In this lecture, "Working with Secret Metadata," you'll explore the significance of secret metadata within HashiCorp Vault and learn how to leverage it effectively. Delve into the practical applications of secret metadata, such as tracking, auditing, and enhancing access control for secrets. Whether you're a Vault user, administrator, or developer, this lecture equips you with essential knowledge and hands-on guidance for managing secret metadata, ensuring data security, compliance, and data lifecycle management in your Vault environment.
Commands used in the lecture:
vault kv metadata get confidential/address
vault kv metadata put -max-versions 2 -delete-version-after="3h25m19s" confidential/address
vault kv metadata delete confidential/address
In this insightful lecture, "Vault Tokens Explained," you will gain a comprehensive understanding of Vault tokens within HashiCorp Vault. Explore the significance, lifecycle, and practical applications of tokens in secrets management and access control.
Whether you're a Vault user, administrator, or developer, this lecture provides essential insights into the role of tokens, how they grant access to secrets, and how to effectively manage them to enhance data security and access control in your Vault environment.
In this lecture, "Authentication with HashiCorp Vault," you'll dive into the critical topic of authentication methods within HashiCorp Vault. Explore the various authentication mechanisms available, understand their significance in ensuring secure access to secrets, and learn how to implement them effectively.
Whether you're a Vault user, administrator, or developer, this lecture provides essential insights and practical guidance for establishing robust authentication practices, enhancing security, and controlling access to sensitive data in your Vault environment.
Commands used in the lecture:
vault auth enable <auth-method>
In this lecture, "Basic Authentication with Username and Password," you will explore the fundamentals of setting up secure authentication within HashiCorp Vault using simple username and password credentials. Learn how to configure Vault to authenticate users based on this straightforward method, and understand the significance of this approach in various access control scenarios.
Whether you're a Vault user, administrator, or developer, this lecture provides essential insights and practical guidance for implementing basic yet effective authentication practices, enhancing security, and controlling access to sensitive data in your Vault environment.
Commands used in the lecture:
vault auth enable userpass
vault write auth/userpass/users/myuser \
password=mypassword \
policies=admins
vault login -method=userpass \
username=myuser \
password=mypassword
In this lecture, "AWS Authentication with HashiCorp Vault," you will delve into the intricacies of integrating HashiCorp Vault with Amazon Web Services (AWS) for secure authentication and access control. Explore the AWS authentication method within Vault, learn how to establish trust between Vault and AWS, and understand how this integration enhances security and secrets management in AWS environments. Whether you're a Vault user, AWS administrator, or developer, this lecture provides valuable insights and step-by-step guidance for implementing secure authentication practices in your cloud infrastructure.
Commands used in the lecture:
vault auth enable aws
vault write auth/aws/config/client secret_key=AWS_SECRET_KEY access_key=AWS_SECRET_ACCESS_KEY_ID
vault write auth/aws/role/dev-role-iam auth_type=iam bound_iam_principal_arn=arn:aws:iam::AWS_ACCOUNT_ID:user/vault-user policies=dev,prod max_ttl=500h
vault login -method=aws header_value=YOUR_IP_ADDRESS role=dev-role-iam
In this lecture, "GitHub Authentication with HashiCorp Vault," you'll explore the seamless integration of HashiCorp Vault with GitHub for secure authentication and access control. Learn how to leverage GitHub authentication methods within Vault, configure trust relationships between Vault and GitHub, and enhance security and secrets management for your applications and services.
Whether you're a Vault user, GitHub administrator, or developer, this lecture offers valuable insights and step-by-step guidance for implementing robust authentication practices within your GitHub-integrated Vault environment.
Commands used in the lecture:
vault auth enable github
vault write auth/github/map/teams/dev value=dev-policy
vault write auth/github/config organization=YOUR_GITHUB_ORG
vault login -method=github token="YOUR_GITHUB_TOKEN"
In this lecture, "Getting Started with HashiCorp Vault API," you will embark on a journey to explore the foundational aspects of interacting with HashiCorp Vault programmatically through its Application Programming Interface (API). Discover the key concepts, tools, and techniques to utilize the Vault API effectively.
Whether you're a developer, system administrator, or security professional, this lecture provides essential insights and practical guidance for leveraging Vault's API to automate tasks, manage secrets, and enhance your integration capabilities with Vault in your applications and infrastructure.
In this enlightening lecture, "Vault API Explorer," you'll delve into the powerful tools and capabilities of HashiCorp Vault's API Explorer. Learn how to navigate and leverage this essential feature to interact with Vault's API programmatically. Explore the API documentation, discover available endpoints, and understand how to craft API requests effectively. Whether you're a developer, administrator, or security professional, this lecture provides valuable insights and hands-on guidance for maximizing your efficiency when working with Vault's API, streamlining automation, and enhancing secrets management practices.
In this instructive lecture, "Using Vault CLI to Generate Vault API Curl Commands," you will learn a practical approach to interact with HashiCorp Vault's API through the command-line interface (CLI). Explore how to leverage the Vault CLI to generate API curl commands, enabling you to perform API operations programmatically. Discover the techniques for crafting and executing API requests, whether you're reading, writing, deleting secrets, or managing secret metadata.
Whether you're a developer, system administrator, or security professional, this lecture equips you with essential skills and knowledge for efficient and automated interactions with Vault's API, enhancing your secrets management capabilities.
Commands used in the lecture:
vault kv get -output-curl-string confidential/address
In this lecture, "Working with v2 Secrets Engine using Vault API," you'll explore the advanced capabilities of HashiCorp Vault's v2 Secrets Engine and learn how to interact with it programmatically through the Vault API. Delve into the details of managing v2 secret engines using Vault API.
Whether you're a developer, system administrator, or security professional, this lecture provides valuable insights and hands-on guidance for harnessing the power of the v2 Secrets Engine to enhance your secrets management practices and automation capabilities within HashiCorp Vault.
Commands used in the lecture:
vault kv get -output-curl-string confidential/address
curl \
-H "X-Vault-Request: true" \
-H "X-Vault-Token: ${VAULT_TOKEN}" \
https://YOUR_VAULT_IP_ADDRESS:8200/v1/confidential/data/address | jq
cat <<EOF > payload.json
{
"max_versions": 5,
"cas_required": false,
"delete_version_after": "5h25m30s"
}
EOF
curl \
-H "X-Vault-Request: true" \
-H "X-Vault-Token: ${VAULT_TOKEN}" \
--request POST \
--data @payload.json \
https://YOUR_VAULT_IP_ADDRESS:8200/v1/confidential/config | jq
curl \
-H "X-Vault-Request: true" \
-H "X-Vault-Token: ${VAULT_TOKEN}" \
https://YOUR_VAULT_IP_ADDRESS:8200/v1/confidential/config | jq
In this lecture, "Writing or Updating a Secret," you will learn the essential techniques and best practices for securely creating or modifying secrets within HashiCorp Vault using Vault API. Explore step-by-step instructions on how to add or update sensitive data in Vault's secret storage, ensuring data security and integrity.
Whether you're a Vault user, administrator, or developer, this lecture equips you with the knowledge and skills needed to effectively manage secrets, enhancing data protection and access control within your Vault environment.
Commands used in the lecture:
cat <<EOF > payload.json
{
"data": {
"homeadress": "Main Street 25",
"workadress": "Grand Avenue 8"
}
}
EOF
curl \
-H "X-Vault-Request: true" \
-H "X-Vault-Token: ${VAULT_TOKEN}" \
--request POST \
--data @payload.json \
https://YOUR_VAULT_IP_ADDRESS:8200/v1/confidential/data/address | jq
cat <<EOF > payload.json
{
"data": {
"homeadress": "Hamilton Street 9",
"workadress": "Main Street 1"
}
}
EOF
curl \
-H "X-Vault-Request: true" \
-H "X-Vault-Token: ${VAULT_TOKEN}" \
--request POST \
--data @payload.json \
https://YOUR_VAULT_IP_ADDRESS:8200/v1/confidential/data/address | jq
In this lecture, "Getting a Secret," you'll explore the essential steps and techniques for securely retrieving secrets from HashiCorp Vault using Vault API. Learn how to access sensitive data stored in Vault's secret storage, ensuring data security and controlled access.
Whether you're a Vault user, administrator, or developer, this lecture provides valuable insights and practical guidance for effectively retrieving secrets, enhancing data protection, and enabling secure access to sensitive information within your Vault environment.
Commands used in the lecture:
curl \
-H "X-Vault-Request: true" \
-H "X-Vault-Token: ${VAULT_TOKEN}" \
https://YOUR_VAULT_IP_ADDRESS:8200/v1/confidential/data/address | jq
In this lecture, "Getting an Older Version of a Secret," you will explore the process of retrieving previous versions of secrets stored within HashiCorp Vault using Vault API. Discover how to access historical versions of sensitive data, ensuring data traceability and auditability.
Whether you're a Vault user, administrator, or developer, this lecture provides essential insights and step-by-step guidance for effectively accessing older versions of secrets, enhancing data management and compliance within your Vault environment.
Commands used in the lecture:
curl \
-H "X-Vault-Request: true" \
-H "X-Vault-Token: ${VAULT_TOKEN}" \
https://YOUR_VAULT_IP_ADDRESS:8200/v1/confidential/data/address?version=1 | jq
In this lecture, "Deleting a Secret," you will learn the essential steps and considerations for securely removing sensitive data from HashiCorp Vault using Vault API. Explore the process of deleting secrets, understand the implications of this action, and discover how to maintain data integrity and compliance.
Whether you're a Vault user, administrator, or developer, this lecture equips you with the knowledge and skills needed to effectively manage the lifecycle of secrets, ensuring data security and privacy in your Vault environment.
Commands used in the lecture:
curl \
-H "X-Vault-Request: true" \
-H "X-Vault-Token: ${VAULT_TOKEN}" \
--request DELETE \
https://YOUR_VAULT_IP_ADDRESS:8200/v1/confidential/data/address | jq
curl \
-H "X-Vault-Request: true" \
-H "X-Vault-Token: ${VAULT_TOKEN}" \
https://YOUR_VAULT_IP_ADDRESS:8200/v1/confidential/data/address | jq
In this lecture, "Undeleting a Secret," you will delve into the essential process of recovering deleted secrets within HashiCorp Vault using Vault API. Explore the steps and best practices to restore lost or mistakenly removed sensitive data, ensuring data integrity and auditability.
Whether you're a Vault user, administrator, or developer, this lecture equips you with the knowledge and practical skills needed to effectively recover deleted secrets, enhancing data security and resilience in your Vault environment.
Commands used the lecture:
cat <<EOF > payload.json
{
"versions": [5]
}
EOF
curl \
-H "X-Vault-Request: true" \
-H "X-Vault-Token: ${VAULT_TOKEN}" \
--request POST \
--data @payload.json \
https://YOUR_VAULT_IP_ADDRESS:8200/v1/confidential/undelete/address | jq
curl \
-H "X-Vault-Request: true" \
-H "X-Vault-Token: ${VAULT_TOKEN}" \
https://YOUR_VAULT_IP_ADDRESS:8200/v1/confidential/data/address | jq
In this lecture, "Destroying a Secret," you will learn the steps and considerations for securely and permanently deleting sensitive data within HashiCorp Vault using Vault API. Explore the process of destroying secrets, ensuring that they are irretrievably removed from the system to meet stringent data privacy and compliance requirements.
Whether you're a Vault user, administrator, or developer, this lecture provides essential guidance on managing data lifecycles, enhancing security, and maintaining data integrity in your Vault environment.
Commands used in the lecture:
cat << EOF > payload.json
{
"versions": [1, 2]
}
EOF
curl \
-H "X-Vault-Request: true" \
-H "X-Vault-Token: ${VAULT_TOKEN}" \
--request PUT \
--data @payload.json \
https://YOUR_VAULT_IP_ADDRESS:8200/v1/confidential/destroy/address | jq
curl \
-H "X-Vault-Request: true" \
-H "X-Vault-Token: ${VAULT_TOKEN}" \
https://YOUR_VAULT_IP_ADDRESS:8200/v1/confidential/data/address | jq
In this lecture, "Working with Secret Metadata using Vault API" you'll discover the significance of secret metadata within HashiCorp Vault and how to utilize it effectively using Vault API. Explore practical applications such as tracking, auditing, and enhancing access control for secrets by leveraging metadata.
Whether you're a Vault user, administrator, or developer, this lecture provides essential insights and hands-on guidance for managing secret metadata, ensuring data security, compliance, and effective data lifecycle management in your Vault environment.
Commands used in the lecture:
curl \
-H "X-Vault-Request: true" \
-H "X-Vault-Token: ${VAULT_TOKEN}" \
--request LIST \
https://YOUR_VAULT_IP_ADDRESS:8200/v1/confidential/metadata | jq
curl \
-H "X-Vault-Request: true" \
-H "X-Vault-Token: ${VAULT_TOKEN}" \
https://YOUR_VAULT_IP_ADDRESS:8200/v1/confidential/metadata/address | jq
curl \
-H "X-Vault-Request: true" \
-H "X-Vault-Token: ${VAULT_TOKEN}" \
--request DELETE \
https://YOUR_VAULT_IP_ADDRESS:8200/v1/confidential/metadata/address | jq
curl \
-H "X-Vault-Request: true" \
-H "X-Vault-Token: ${VAULT_TOKEN}" \
https://YOUR_VAULT_IP_ADDRESS:8200/v1/confidential/data/address | jq
In this lecture, "Secret Engines Overview," you'll gain a fundamental understanding of HashiCorp Vault's secret engines and their role in secrets management. Explore the various secret engines available, from Key-Value (KV) to dynamic and database-specific engines.
Whether you're new to Vault or seeking to expand your knowledge, this lecture provides essential insights into the capabilities and use cases of secret engines, enabling you to make informed decisions for your secrets management strategy within HashiCorp Vault.
In this enlightening lecture, "AWS Secret Engine for Temporary Credentials," you will delve into the practical implementation of HashiCorp Vault's AWS Secret Engine. Explore how to leverage this engine to generate temporary credentials for Amazon Web Services (AWS), enhancing security and access control in your AWS environments.
Whether you're a Vault user, AWS administrator, or developer, this lecture offers valuable insights and step-by-step guidance for seamlessly integrating Vault and AWS, ensuring secure secrets management and temporary credential provisioning for your applications and services.
Commands used in the lecture:
For AWS IAM Role Policy, check out the downloadable materials.
vault secrets enable aws
vault write aws/config/root \
access_key=YOUR_AWS_ACCESS_KEY_ID \
secret_key=YOUR_AWS_SECRET_ACCESS_KEY \
region=YOUR_AWS_REGION
vault write aws/roles/support-role \
credential_type=iam_user \
policy_document=-<<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:Describe",
"Resource": "*"
}
]
}
EOF
vault read aws/creds/support-role
In this lecture, "Dynamic PostgreSQL Database Credentials," you will explore the dynamic secrets management capabilities of HashiCorp Vault in the context of PostgreSQL databases. Learn how to dynamically generate and manage database credentials on-the-fly, enhancing security and access control for your PostgreSQL-based applications.
Whether you're a Vault user, database administrator, or developer, this lecture provides essential insights and practical guidance for implementing dynamic credential management with Vault, optimizing your secrets management strategy, and bolstering data security in PostgreSQL environments.
Commands used in the lecture:
vault secrets enable database
vault write database/config/my-postgresql-database \
plugin_name="postgresql-database-plugin" \
allowed_roles="my-role" \
connection_url="postgresql://{{username}}:{{password}}@localhost:5432/vault_users" \
username="YOUR_POSTGRES_USERNAME" \
password="YOUR_POSTGRES_PASSWORD" \
password_authentication="scram-sha-256"
vault write database/roles/my-role \
db_name="my-postgresql-database" \
creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
GRANT SELECT ON ALL TABLES IN SCHEMA public TO \"{{name}}\";" \
default_ttl="1h" \
max_ttl="24h"
vault read database/creds/my-role
If you also want to install PostgreSQL database on Debian, you can run these commands to do so:
sudo apt update
sudo apt install postgresql postgresql-contrib -y
sudo systemctl status postgresql
sudo passwd postgres
su -- postgres
psql
CREATE DATABASE vault_users;
In this lecture, "Dynamic RabbitMQ Credentials," you'll explore how to leverage HashiCorp Vault's dynamic secrets management capabilities to generate and manage credentials for RabbitMQ messaging systems. Discover how to dynamically create and control access to RabbitMQ resources, enhancing security and scalability in your messaging infrastructure.
Whether you're a Vault user, RabbitMQ administrator, or developer, this lecture provides essential insights and step-by-step guidance for implementing dynamic credential management with Vault, optimizing secrets management, and bolstering access control in RabbitMQ environments.
Commands used in the lecture:
vault secrets enable rabbitmq
vault write rabbitmq/config/connection \
connection_uri="http://localhost:15672" \
username="YOUR_RABBITMQ_USERNAME" \
password="YOUR_RABBITMQ_PASSWORD"
vault write rabbitmq/roles/my-role \
vhosts='{"/":{"write": ".*", "read": ".*"}}'
vault read rabbitmq/creds/my-role
If you also want to install RabbitMQ on Debian, you can run these commands to do so:
1. Download the script "install-rabbitmq.sh" in downloadable materials
2. Make it executable and run:
set +x rabbitmq.sh
sh rabbitmq.sh
3. Check RabbitMQ service status:
systemctl status rabbitmq-server
4. Enable management plugin and restart the service
sudo rabbitmq-plugins enable rabbitmq_management
sudo systemctl stop rabbitmq-server
sudo systemctl start rabbitmq-server
In this comprehensive lecture, "Policies Overview," you'll gain a foundational understanding of policies within HashiCorp Vault and their pivotal role in access control and authorization. Explore the concept of policies, learn how they define permissions and access privileges, and understand how they shape the security landscape within Vault.
Whether you're new to Vault or seeking to deepen your knowledge, this lecture provides essential insights into the principles of policy management, enabling you to effectively control and manage access to secrets and resources in your Vault environment.
In this lecture, "Creating Secrets to Work with Vault Policies", we will create several secret engines and secrets to get started on working on Vault policies. In the upcoming lectures, we will apply Vault policies on these secrets and generate tokens based on these policies to see how Vault policies work with secrets and their paths.
Commands used in the lecture:
export VAULT_TOKEN=YOUR_VAULT_TOKEN
vault secrets enable -path=app1 kv-v2
vault secrets enable -path=app2 kv-v2
vault secrets enable -path=app3 kv-v2
vault kv put app1/database-config username=admin password=mysecretpassword
vault kv put app2/cloud-config username=cloud_user password=cloud_password
vault kv put app3/token-config username=reader password=reader_password
In this informative lecture, "Creating Policies," you'll dive into the crucial process of defining and configuring access control policies within HashiCorp Vault. Explore the fundamentals of policy creation, learn how to specify permissions and restrictions, and understand how to tailor policies to your specific security requirements.
Whether you're a Vault administrator, developer, or security professional, this lecture provides essential insights and practical guidance for authoring policies that effectively manage and control access to secrets and resources in your Vault environment, enhancing data security and governance.
Commands used in the lecture:
cat <<EOF > developer-policy.hcl
path "app1/*" {
capabilities = ["read", "list"]
}
path "app2/*" {
capabilities = ["read", "list", "update"]
}
path "app3/*" {
capabilities = ["create", "read", "list", "update", "delete"]
}
EOF
vault policy write developer-policy developer-policy.hcl
In this lecture, "Working with Tokens Based on Policies," you'll explore the critical role of tokens in access control within HashiCorp Vault. Learn how to create, manage, and leverage tokens that are closely aligned with specific policies to grant controlled access to secrets and resources.
Whether you're a Vault user, administrator, or developer, this lecture provides essential insights and hands-on guidance for implementing fine-grained access control through token and policy management, enhancing security and data governance in your Vault environment.
Commands used in the lecture:
vault token create -policy=developer-policy
export VAULT_TOKEN=YOUR_GENERATED_VAULT_TOKEN
vault token lookup YOUR_VAULT_TOKEN
vault kv put app1/database-config username=myuser password=myownpassword
vault kv get app1/database-config
vault kv delete app1/database-config
vault kv put app3/test-config username=test password=test
vault kv delete app3/test-config
vault secrets enable -path=app4 kv-v2
In this enlightening lecture, "Updating Policies to Observe Token Behavior," you'll delve into the vital process of refining and updating access control policies within HashiCorp Vault. Explore how to adjust policies to align with token behavior, ensuring precise control over permissions and access privileges.
Whether you're a Vault administrator, developer, or security professional, this lecture provides essential insights and practical guidance for enhancing your policy management practices to accommodate evolving token requirements. By effectively updating policies, you'll bolster security and governance in your Vault environment, providing precise access control to secrets and resources.
Commands used in the lecture:
vault kv put app3/api-credentials username=test password=test
vault kv put app3/database-credentials username=test password=test
In this insightful lecture, "Fine-Grained Policies for Further Token Limitations," you'll explore advanced access control techniques within HashiCorp Vault by leveraging fine-grained policies. Learn how to tailor policies to impose specific limitations on tokens, granting precise access to secrets and resources based on business requirements.
Whether you're a Vault administrator, developer, or security professional, this lecture provides valuable insights and hands-on guidance for implementing granular access controls that enhance security and compliance in your Vault environment. By fine-tuning policies, you'll ensure that tokens have only the access they truly need, strengthening your data protection strategies.
Commands used in the lecture:
path "app3/api-credentials" {
capabilities = ["update"]
required_parameters = ["username", "password"]
denied_parameters = {
"enabled" = [false, "false"]
}
}
vault kv put app3/api-credentials username=test password=test enabled=false
path "app5/api-credentials" {
capabilities = ["create"]
required_parameters = ["username", "password"]
denied_parameters = {
"enabled" = [false, "false"]
}
}
In this lecture, "Root Protected API Endpoints," you'll delve into the concept of root-protected API endpoints within HashiCorp Vault. Explore how these endpoints are essential for maintaining the security and integrity of your Vault instance. Learn how to manage and control access to critical administrative functions and settings, ensuring the overall security and governance of your Vault environment.
Whether you're a Vault administrator, developer, or security professional, this lecture provides essential insights and practical guidance for securing your Vault's most sensitive resources and configurations, enhancing the overall security posture of your Vault deployment.
In our final lecture, whether you were new to Vault or were looking to advance your skills, I want to sincerely thank you for joining me in this course!
Welcome to Unlocking the Secrets: Hands-On HashiCorp Vault, the ultimate guide to mastering secrets management and data security using HashiCorp Vault. In this comprehensive course, you will embark on a transformative learning journey divided into eight sections, each designed to equip you with essential knowledge and hands-on skills to harness the full potential of HashiCorp Vault.
Section 1 - Introduction
In the opening section, "Introduction," you'll get a clear overview of the course structure, who is this course for and what to expect in the upcoming sections.
Section 2 - Understanding HashiCorp Vault
In Understanding HashiCorp Vault, you'll explore the core concepts of HashiCorp Vault, including its purpose, use cases, and the underlying architecture. Gain a deep understanding of how Vault can solve real-world problems related to secrets management.
Section 3 - Installing HashiCorp Vault
Installing HashiCorp Vault is all about setting up Vault in your environment. You'll discover various installation methods, explore storage backend options, and learn how to configure Vault for optimal performance. By the end of this section, you'll have a fully operational Vault instance.
Section 4 - Getting Started with Vault and Vault CLI
Getting Started with Vault and Vault CLI introduces you to Vault's Web UI, explores the differences between KV Secrets Engine versions, and teaches you how to work with secrets in both the CLI and UI. Dive into practical tasks like creating, managing secrets, handling secret versions and more.
Section 5 - Vault Tokens and Authentication Methods
In Vault Tokens and Authentication Methods, you'll unravel the mysteries of Vault tokens, learn about authentication methods, and explore various ways to securely access Vault, including basic authentication with username and password, AWS authentication, and GitHub authentication.
Section 6 - Working with HashiCorp Vault API
Working with HashiCorp Vault API takes a hands-on approach to interacting with Vault programmatically. Learn how to use Vault's API Explorer, generate API curl commands with the Vault CLI, and perform operations programmatically using Vault API. Dive deep into the v2 Secrets Engine, covering operations like writing, reading, and managing secrets through the API.
Section 7 - More on Secret Engines with Vault
More on Secret Engines with Vault provides an overview of different secret engines and practical use cases. Explore the AWS Secret Engine for temporary credentials, dynamic PostgreSQL database credentials, and dynamic RabbitMQ credentials to enhance your secrets management capabilities.
Section 8 - Working with Vault Policies
The final section, Working with Vault Policies, dives into policies in detail. Learn how to create secrets, define policies, and work with tokens based on policies. Explore advanced access control with fine-grained policies and understand the importance of root-protected API endpoints.
By the end of this course, you'll be well-versed in HashiCorp Vault, equipped to manage secrets effectively, and confident in enhancing your organization's security practices. Join me on this exciting journey and unlock the secrets to secure secrets management with HashiCorp Vault!