How I passed Hashicorp Vault exam

Reading Time: 3 minutes

In this post, I will discuss how I prepared for and passed the Hashicorp vault exam.

Note: I only used vault for PoC with a limited scope before I start preparing for the exam and hence some concepts were really new to me.

This exam is very developer-focused and if you are not comfortable with development terms, you might have some difficulties but not impossible.

It took me a total of two weeks to prepare for the exam and during those two weeks, I worked on hands-on activities and read the documentation and some of which I will cover by making short videos in the coming days.

For preparing for this exam I used the official study guide published by Hashicorp and can be found here.

Vault Concepts

What is Vaulthttps://www.vaultproject.io/docs/what-is-vault

Watch video from Mike Møller Nielsen

Intro to Vault (Armon)

11 fundamentals conceptshttps://www.vaultproject.io/docs/concepts – Read them and re-read them as they are really important! Some core topics you should focus on

Vault Fundamentals

Describe authentication methods:

Authentication – https://www.vaultproject.io/docs/auth

Concepts https://www.vaultproject.io/docs/concepts/auth

AWS Auth methodhttps://www.vaultproject.io/docs/auth/aws

Also, I recommend that you complete all the labs for “Authentication” as this is a major topic for the exam.

https://learn.hashicorp.com/collections/vault/auth-methods

CLI and UI – Understand what all CLI commands do and also review all CLI options.

CLI access to Vault https://www.vaultproject.io/docs/commands/index.html

Vault UIhttps://www.vaultproject.io/docs/configuration/ui

Also, review the Vault CLI options within UI why it is different from binary cli.

Vault Policies

This is a very important topic and I recommend that you create a dev mode server, create some policies, create users with policies associated, and play around with concepts.

Knowing how policies work for the exam will help you answer questions quickly as there are many questions related to polices. Also, it is important to understand what “*” does and what “+” does. My recommendation is to go over the following labs:

https://learn.hashicorp.com/tutorials/vault/policies?in=vault/policies

https://learn.hashicorp.com/tutorials/vault/getting-started-policies?in=vault/getting-started

https://learn.hashicorp.com/tutorials/vault/policy-templating?in=vault/policies

Tokens

You have to know this very well! This is the heart and soul of the Vault engine so knowing this and going through hands-on labs will help you understand Vault really well.

Root Token – https://www.vaultproject.io/docs/concepts/tokens

Learn what is the difference between service and batch tokens. Token with parent and orphan tokens.

Also, understand how token lease works TTL on token – token Accessors

See the following video on auto-unseal and batch token:

Secrets Management

It is the core topic and you must know ins and outs of this – understand how each secret engine works and what is the use case for each secret engine. Understand

Review the following topics:

https://www.vaultproject.io/docs/secrets

https://www.vaultproject.io/docs/secrets/databases

https://www.vaultproject.io/docs/secrets/aws

Complete the following labs:

Vault API

You will see questions from Vault API, review the following topics, and understand how token header is sent via CURL:

https://www.vaultproject.io/docs/auth/approle.html

Understand when to use Approle vs other authentication methods.

https://learn.hashicorp.com/tutorials/vault/getting-started-apis

Watch this video from Mike Møller Nielsen – He explains how the API and curl works with response wrapping.

Vault Architecture

This is an important topic as well, you don’t necessarily have to create an HA vault cluster but it helps to understand how the deployment works. I used the following exercises to deploy Vault HA with AWS:

https://github.com/hashicorp/vault-guides/tree/master/operations/provision-vault/quick-start/terraform-aws (you must know how to use #Terrafrom)

Watch Bryan Krausen Vault HA video:

Overall, You must go through all the topics in the study guide here – As the questions are asked from a wide variety of topics but topics and items I have shared should get you comfortable with Vault.

Some tips for taking exams:

  • Arrive 15 mins before the exam starts
  • Read the questions and answers carefully
  • If you don’t know the answer, mark the question and move on
  • You have 60 minutes to answer all the questions
  • Take Ned Bellavance Pluralsight course if you can here