Deploying HashiCorp Vault with AWS Secrets Engine
- 41 mins on-demand video
- 10 downloadable resources
- Full lifetime access
- Access on mobile and TV
- Certificate of Completion
Get your team access to 4,000+ top Udemy courses anytime, anywhere.Try Udemy for Business
- How to deploy HashiCorp Vault in AWS
- Integrating the AWS Secrets Engine into HashiCorp Vault to eliminate the need for access keys, secret access keys
- Working knowledge of AWS with access to deploy to AWS EC2, IAM, DynamoDB & Route53
- Intermediate understanding of AWS IAM Roles & Policies
- General understanding of encryption & PKI
HashiCorp Vault is a secure way to control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API. Adding the AWS Secrets Engine authentication method allows you to generate AWS access credentials dynamically based on IAM policies. This eliminates the need for access key & secret access key management and rotation as all keys are dynamically generated and have a lease time!
This course will demonstrate:
Setting up your AWS environment for a Vault deployment
High availability and scaling for HashiCorp Vault
AWS secrets engine authentication integration
Use cases and security hardening
- AWS Engineers, Architects, SRE's & Security Teams
In this lecture, we will cover the course content and the benefits of using HashiCorp Vault with the AWS secrets engine integration.
In this lecture we'll cover the terminology used in the remainder of the course. Also, we will cover what the actual deployment will look like once completed.
In this lecture, you will be provisioning the AWS resources needed to support the Vault environment. All steps are provided including the downloadable materials which need to be used. Please view Lecture 9 for a walk-through of deploying the 2 Availability Zone VPC using CloudFormation if needed.
An AWS CloudFormation and CDK (Cloud Development Kit) template will be available soon! We are also working on an Ansible Playbook that will deploy the resources. All of these future resources are included with your purchase. We will notify subscribers when it is available.
Various authentication methods (including user\pass, LDAP (including AD), token-based, key-value) are available to extend the abilities of Vault. Browse to the below external resource to view Vault's official documentation on extending Vault's capabilities to include additional authentication methods.
This lecture will cover a walk-through of using vault-credential-rotator (https://github.com/troydieter/vault-credential-rotator) which allows for:
Easy vault key rotation stored in your AWS credential store
Supported in Windows, Linux & MacOS
Supports LDAP authentication method
This lecture will cover the use of the AppRole authentication method, and how to generate the required credentials to distribute. The script referenced in the lecture is provided here as well (approle.py). Ensure the values are changed accordingly, which are demonstrated in the lecture video.
In this lecture, we'll briefly cover the deployment of HashiCorp Vault using a Helm Chart to a Kubernetes cluster. Feel free to follow Lecture 5 & 6 to configure the AWS secrets engine after deploying via Helm.
The guide used in the video is available via the External Resources links.