HashiCorp Vault is a tool that is used to store, process, and generally manage any kind of credentials. It removes the need for traditional databases that are used to store user credentials. Even though it provides storage for credentials, it also provides many more features. You are able to create and revoke secrets, grant time-based access, IP-based access, and much more.
As part of this course, we will get acquainted with HashiCorp Vault and its features. We will see and examine the life cycle of a secret: How is it created? Where does it exist? Of what type is it? For AWS, GCP, Azure? HashiCorp Vault has specific predefined types of secrets that work well with existing cloud service providers.
Vault provides you with the ability to clearly and precisely define who can access which secret and what sort of access they will have. Do you want the user to only be able to read the credentials, or can the user update them? All of these actions can be logged, and you will be able to see who accessed what and when at all times.
The course will begin with a light introduction to HashiCorp Vault, taking a look at the high-level architecture and then progressing slowly over to basic command-level interaction. Once we learn how to install, configure, and interact with the tool, we will move on to performing specific tasks and reviewing real world scenarios.
It would be impossible to demonstrate all the possible scenarios, but the most common ones will be included such as configuring Vault to work with SSH and provide access, setting up Vault to work with GCP and create GCP-type secrets, and setting up Vault to work with MySQL databases. There will also be an opportunity to analyze how Vault can be easily integrated into third-party custom applications for which there are no specific types of secrets.