In this post, I will discuss how I prepared for and passed the Hashicorp vault exam.
Note: I only used vault for PoC with a limited scope before I start preparing for the exam and hence some concepts were really new to me.
This exam is very developer-focused and if you are not comfortable with development terms, you might have some difficulties but not impossible.
It took me a total of two weeks to prepare for the exam and during those two weeks, I worked on hands-on activities and read the documentation and some of which I will cover by making short videos in the coming days.
For preparing for this exam I used the official study guide published by Hashicorp and can be found here.
Vault Concepts
What is Vault – https://www.vaultproject.io/docs/what-is-vault
Watch video from Mike Møller Nielsen
Intro to Vault (Armon)
11 fundamentals concepts – https://www.vaultproject.io/docs/concepts – Read them and re-read them as they are really important! Some core topics you should focus on
- Shamir Seals – https://www.vaultproject.io/docs/concepts/seal – Important topic
- Polices – https://www.vaultproject.io/docs/concepts/policies – Important topic, understand how policies work
- Dev Server – https://www.vaultproject.io/docs/concepts/dev-server
- Token – https://www.vaultproject.io/docs/concepts/tokens
- Response Wrapping – https://www.vaultproject.io/docs/concepts/response-wrapping
- Lease/Renew – https://www.vaultproject.io/docs/concepts/lease
- GPG/PGP encryption – https://www.vaultproject.io/docs/concepts/pgp-gpg-keybase
Vault Fundamentals
Describe authentication methods:
Authentication – https://www.vaultproject.io/docs/auth
Concepts – https://www.vaultproject.io/docs/concepts/auth
AWS Auth method – https://www.vaultproject.io/docs/auth/aws
Also, I recommend that you complete all the labs for “Authentication” as this is a major topic for the exam.
https://learn.hashicorp.com/collections/vault/auth-methods
CLI and UI – Understand what all CLI commands do and also review all CLI options.
CLI access to Vault – https://www.vaultproject.io/docs/commands/index.html
Vault UI – https://www.vaultproject.io/docs/configuration/ui
Also, review the Vault CLI options within UI why it is different from binary cli.
Vault Policies
This is a very important topic and I recommend that you create a dev mode server, create some policies, create users with policies associated, and play around with concepts.
Knowing how policies work for the exam will help you answer questions quickly as there are many questions related to polices. Also, it is important to understand what “*” does and what “+” does. My recommendation is to go over the following labs:
https://learn.hashicorp.com/tutorials/vault/policies?in=vault/policies
https://learn.hashicorp.com/tutorials/vault/getting-started-policies?in=vault/getting-started
https://learn.hashicorp.com/tutorials/vault/policy-templating?in=vault/policies
Tokens
You have to know this very well! This is the heart and soul of the Vault engine so knowing this and going through hands-on labs will help you understand Vault really well.
Root Token – https://www.vaultproject.io/docs/concepts/tokens
Learn what is the difference between service and batch tokens. Token with parent and orphan tokens.
Also, understand how token lease works TTL on token – token Accessors
See the following video on auto-unseal and batch token:
Secrets Management
It is the core topic and you must know ins and outs of this – understand how each secret engine works and what is the use case for each secret engine. Understand
Review the following topics:
https://www.vaultproject.io/docs/secrets
https://www.vaultproject.io/docs/secrets/databases
https://www.vaultproject.io/docs/secrets/aws
Complete the following labs:
- https://learn.hashicorp.com/tutorials/vault/static-secrets?in=vault/secrets-management
- https://learn.hashicorp.com/tutorials/vault/versioned-kv?in=vault/secrets-management (important)
- https://learn.hashicorp.com/tutorials/vault/cubbyhole-response-wrapping?in=vault/secrets-management (important)
- https://learn.hashicorp.com/tutorials/vault/database-secrets?in=vault/secrets-management
Vault API
You will see questions from Vault API, review the following topics, and understand how token header is sent via CURL:
https://www.vaultproject.io/docs/auth/approle.html
Understand when to use Approle vs other authentication methods.
https://learn.hashicorp.com/tutorials/vault/getting-started-apis
Watch this video from Mike Møller Nielsen – He explains how the API and curl works with response wrapping.
Vault Architecture
This is an important topic as well, you don’t necessarily have to create an HA vault cluster but it helps to understand how the deployment works. I used the following exercises to deploy Vault HA with AWS:
https://github.com/hashicorp/vault-guides/tree/master/operations/provision-vault/quick-start/terraform-aws (you must know how to use #Terrafrom)
Watch Bryan Krausen Vault HA video:
Overall, You must go through all the topics in the study guide here – As the questions are asked from a wide variety of topics but topics and items I have shared should get you comfortable with Vault.
Some tips for taking exams:
- Arrive 15 mins before the exam starts
- Read the questions and answers carefully
- If you don’t know the answer, mark the question and move on
- You have 60 minutes to answer all the questions
- Take Ned Bellavance Pluralsight course if you can here
Really helpful . Thanks