Vault
Exam content list - Vault Associate (002)
This direct mapping of each exam objective to HashiCorp's documentation or tutorials provides experienced exam candidates a place to review only the objectives they need extra help with before taking the exam.
Exam Objective | Documentation | Tutorial | |
---|---|---|---|
1 | Compare authentication methods | ||
1a | Describe authentication methods | Authentication | Authentication |
1b | Choose an authentication method based on use case | Authentication | AppRole Pull Authentication - Authentication |
1c | Differentiate human vs. system auth methods | Authentication | AppRole Pull Authentication - Authentication |
2 | Create Vault policies | ||
2a | Illustrate the value of Vault policy | Policies | Vault Policies |
2b | Describe Vault policy syntax: path | Policy Syntax | Vault Policies– Write ACL policies in HCL format |
2c | Describe Vault policy syntax: capabilities | Capabilities | Vault Policies– Write ACL policies in HCL format |
2d | Craft a Vault policy based on requirements | Vault Policies– Policy requirements | |
3 | Assess Vault tokens | ||
3a | Describe Vault token | Tokens | Tokens |
3b | Differentiate between service and batch tokens. Choose one based on use case | Tokens | Batch Tokens |
3c | Describe root token uses and lifecycle | Root Tokens | Generate Root Tokens Using Unseal Keys |
3d | Define token accessors | Token Accessors | |
3e | Explain time-to-live | Token Accessors | Service Token Lifecycle |
3f | Explain orphaned tokens | Token Hierarchies and Orphan Tokens | Tokens– Orphan tokens |
3g | Create tokens based on need | Tokens | |
4 | Manage Vault leases | ||
4a | Explain the purpose of a lease ID | Lease, Renew, and Revoke | Secrets as a Service: Dynamic Secrets |
4b | Renew leases | Lease, Renew, and Revoke | Secrets as a Service: Dynamic Secrets |
4c | Revoke leases | Lease, Renew, and Revoke | Secrets as a Service: Dynamic Secrets |
5 | Compare and configure Vault secrets engines | ||
5a | Choose a secret method based on use case | Secrets Engines | |
5b | Contrast dynamic secrets vs. static secrets and their use cases | Use Cases | |
5c | Define transit engine | Transit Secrets Engine | Encryption as a Service: Transit Secrets Engine |
5d | Define secrets engines | Secrets Engines – Overview | |
6 | Utilize Vault CLI | ||
6a | Authenticate to Vault | Authentication | Authentication |
6b | Configure authentication methods | Authentication | |
6c | Configure Vault policies | Policies Vault Policies | |
6d | Access Vault secrets | Secrets Engines Secrets Management Learning Track | |
6e | Enable secrets engines | Secrets Engines Secrets Management Learning Track | |
6f | Configure environment variables | Environment Variables | Deploy Vault |
7 | Utilize Vault UI | ||
7a | Authenticate to Vault | Authentication | |
7b | Configure authentication methods | Authentication | |
7c | Configure Vault policies | Vault Policies | |
7d | Access Vault secrets | Manage Secrets Engine | |
7e | Enable secrets engines | Manage Secrets Engine | |
8 | Be aware of the Vault API | ||
8a | Authenticate to Vault via Curl | API – Auth Methods | AppRole Pull Authentication |
8b | Access Vault secrets via Curl | API – Secrets Engines | Using the HTTP APIs with Authentication |
9 | Explain Vault architecture | ||
9a | Describe the encryption of data stored by Vault | Introduction to Vault | |
9b | Describe cluster strategy | Vault Reference Architecture | |
9c | Describe storage backends | storage stanza | Deploy Vault |
9d | Describe the Vault agent | Vault Agent | Vault Agent with AWS |
9e | Describe secrets caching | Vault Agent | Vault Agent Caching |
9f | Be aware of identities and groups | Identity: Entities and Groups | |
9g | Describe Shamir secret sharing and unsealing | Deploy Vault – Seal/Unseal | |
9h | Be aware of replication | Vault Enterprise Replication | [Enterprise] Setting up Performance Replication |
9i | Describe seal/unseal | Deploy Vault – Seal/Unseal | |
9j | Explain response wrapping | Response Wrapping | Cubbyhole Response Wrapping |
9k | Explain the value of short-lived, dynamically generated secrets | Secrets as a Service: Dynamic Secrets Dynamic Secrets | |
10 | Explain encryption as a service | ||
10a | Configure transit secrets engine | Encryption as a Service: Transit Secrets Engine | |
10b | Encrypt and decrypt secrets | Encryption as a Service: Transit Secrets Engine | |
10c | Rotate the encryption key | Encryption as a Service: Transit Secrets Engine |
Next steps
Review the learning path to practice all of the exam objectives. Check out the sample questions to review the exam question format.