Important links
From official source,
- Exam details - https://developer.hashicorp.com/certifications/security-automation#vault-associate-(002)-details
Study materials
- Learning path - https://developer.hashicorp.com/vault/tutorials/associate-cert/associate-study
- Exam content list - https://developer.hashicorp.com/vault/tutorials/associate-cert/associate-review
- Sample questions - https://developer.hashicorp.com/vault/tutorials/associate-cert/associate-questions
Key points
1. Authentication Methods
Vault offers various ways to authenticate users and systems. Make sure you know the different authentication methods available, such as token-based, LDAP, and OAuth. Know how each method works, and understand when to use human versus system authentication. You should know when to choose the right method for different scenarios.
2. Vault Policies
Vault policies control who can access what within Vault. Revise how to create and manage these policies. Get comfortable with policy syntax, including paths and capabilities, so you can craft policies that meet specific requirements. Knowing how to manage these policies is very important for securing Vault environment.
3. Vault Tokens
Tokens are a core part of Vault’s security model. Learn about the different types of tokens eg service, batch, root along with their uses and lifecycles. Understand how to create and manage these tokens effectively. Also, make sure you understand the concept of token accessors and the significance of time-to-live (TTL) for tokens.
4. Vault Leases
Vault uses leases to manage the lifetime of secrets. Understand what a lease ID is, and how to renew or revoke leases. This knowledge is important in order for one to ensure that secrets are managed securely and are valid only for as long as needed.
5. Secrets Engines
Secrets engines are Vault components that store and manage secrets. Get familiar with different types of secrets engines and their use cases. Learn the difference between dynamic and static secrets, and understand the purpose of the transit secrets engine for encryption.
6. Vault CLI and UI
Vault provides both a command-line interface (CLI) and a user interface (UI) for managing Vault environment. Learn how to authenticate, configure policies, access secrets, and enable secret engines using both CLI and UI.
7. Vault API
The Vault API allows us to interact with Vault programmatically. Learn how to authenticate and access secrets using tools like curl, which is a common tool for interacting with APIs.
8. Vault Architecture
Vault’s architecture includes several important components. Learn about data encryption, cluster strategies, storage backends, and the Vault agent. Also, understand concepts like secrets caching, Shamir secret sharing, and replication.
9. Encryption as a Service
Learn how to configure the transit secret engine, what’s the benefit of using it, how to perform encryption and decryption, and rotate encryption keys.
Useful Links for Reference
These are some documents I reviewed when preparing
- Vault Agent Auto-Auth
- Vault Agent Caching
- Vault AppRole Auth Method
- Vault Auto-Unseal
- Vault Disaster Recovery
- Vault Dynamic Secrets
- Vault HTTP API Authentication
- Vault Identity Group
- Vault Key Rotation
- Vault KV Secrets Engine
- Vault LDAP Authentication
- Vault Lease Renew Command
- Vault Lease
- Vault Performance Replication
- Vault PKI Secrets Engine
- Vault Seal Configuration
- Vault Storage Configuration
- Vault Tokens
- Vault Userpass Auth Method
- Transit Secrets Engine
Leave a comment