HashiCorp Vault provides a simple and effective way to manage security in cloud infrastructure. The HashiCorp Vault service secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing.
This course will enable you to recognize, explain, and implement the services and functions provided by the HashiCorp Vault service.
Agenda
In this course we learn to recognize and implement the core HashiCorp Vault services in cloud infrastructure. The topics we cover are as follows:
- Vault architecture and its core components
- Vault policies and how they are used to grant or forbid access to operations in Vault
- Secrets and secret management as performed within Vault
- Vault cubbyholes and how they can be utilized
- Vault dynamic secrets
- Vault authentication and Vault identities
Intended Audience
This course will appeal to anyone looking to extend their knowledge of cloud security best practices, and to learn more about the tools and services available to help manage cloud security. If you are performing any of the roles below, we recommend completing this course.
- Architects and Developers
- System Administrators
- Security specialists
- DevOps specialists
- And anyone else interested in managing and maintaining secrets
Learning Objectives
At the end of this course you will be able to explain and implement the HashiCorp Vault service, and you will also be able to implement the Vault CLI and API to execute tasks related to Vault administration. By completing this course, you will:
- Understand the core principles of Vault, including how Vault can be used to manage and maintain secrets
- Understand the key benefits of using Vault, including how to deploy and configure it within your own environments
- Be able to evaluate and select HashiCorp Vault services
- Know how to implement the Vault CLI and API to execute tasks related to administration and configuration
Prerequisites
We recommend completing the Cloud Academy DevOps Fundamentals Learning Path so you have a basic understanding of system administration and configuration tasks.
Hello and welcome to this Cloud Academy and HashiCorp course on Vault!
In this lecture, we'll review the course agenda, intended audience, learning objectives, and course prerequisites. Before we start, I would like to introduce the Cloud Academy members who prepared this course. My name is John Chell and I'll be guiding you through the course prepared by Jeremy Cook, one of the trainers here at Cloud Academy who specializes in AWS. Feel free to connect with either myself, Jeremy, or the wider team here at Cloud Academy regarding anything about this course. You can email us at support@cloudacademy.com.
This training course begins with a brief introduction to Vault. But in order to talk about Vault, it is helpful to talk about the state of secrets management before Vault. Managing secrets involves many challenges. Some of the more common ones are Secret Sprawl, Decentralized Secrets, Limited Visibility, and the lack of defined Break-Glass procedures. Secret Sprawl is the fact that there are many different types of secrets. For example, you have API tokens, username and password credentials, and SSH keys. Often these secrets are spread across many different users, systems, and environments. Decentralized Secrets is closely related to Secret Sprawl and it refers to the lack of a centralized source and distribution center for secrets. This makes it very challenging for organizations to manage and maintain secrets. Due to Secret Sprawl and Limited Visibility, it's challenging for organizations to understand the use and impact of a secret. And finally, often there are no clearly defined Break-Glass procedures. What does an organization do when they detect an intrusion and how do they stop the bleeding? With these challenges in mind, Vault was created to provide a solution that secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets used within modern computing environments. Vault handles lacing, key revocation, key rolling, auditing, and so on.
The intended audience for this course includes architects and developers, system administrators, security specialists, DevOps specialists, and anyone else interested in managing and maintaining secrets. After completing this course, you will understand the core principles of Vault and how it can be used to manage and maintain secrets. You will understand the key benefits of using Vault and how to deploy and configure it within your own environments. And you will become familiar with Vault and know how to use the Vault CLI and API to perform tasks related to administration and configuration.
The agenda for the remainder of this course is as follows. We'll discuss the Vault architecture and its core components. We'll provide an in-depth review of Vault policies and how they are used to prevent or forbid access to particular operations in Vault. We'll introduce you to secrets and secret management as performed within Vault. We'll take a close look at Vault Cubbyholes and how they can be utilized. We'll then explore Vault Dynamic Secrets. And finally, we'll provide an in-depth review of both Vault Authentication and Vault Identities.
Finally, course prerequisites. One general prerequisite that is useful for this course is a basic understanding of system administration and configuration with respect to handling tokens, passwords, certificates, API keys, and other types of secrets.
Okay, this concludes our course introduction. If you're ready to continue, we'll see you shortly in the next lecture.
Jeremy is a Content Lead Architect and DevOps SME here at Cloud Academy where he specializes in developing DevOps technical training documentation.
He has a strong background in software engineering, and has been coding with various languages, frameworks, and systems for the past 25+ years. In recent times, Jeremy has been focused on DevOps, Cloud (AWS, Azure, GCP), Security, Kubernetes, and Machine Learning.
Jeremy holds professional certifications for AWS, Azure, GCP, Terraform, Kubernetes (CKA, CKAD, CKS).