Configure Authentication with HashiCorp Vault

1 hour
  • 4 Learning Objectives

About this Hands-on Lab

As part of this lab, we will be required to create a policy, and a token, that can be used to authenticate against a vault server.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Unseal the Vault and Log in with the Root Token
  1. In the Vault Server, retrieve the vault keys.
  2. Unseal the vault.
  3. Log in with the Initial Root Token.
Enable KV Secrets Engine and Write a Generic Test Secret
  1. Enable a kv secrets engine at the secrets-kv path.
  2. Write a secret to the secrets-kv path.
Create a Policy That Gives Read Permissions to the KV Secrets Engine
  1. Create a policy file named my_token_policy.hcl.
  2. Populate the policy file.
  3. Write the policy.
Create a Token, Test It Out, and Then Revoke It
  1. Create a token.
  2. Copy the client_token.
  3. Log in with the newly created token.
  4. Attempt to read the secret.
  5. Attempt to write a new secret.
  6. Log in with the Initial Root Token.
  7. Revoke the client_token.

Additional Resources

  1. Use dig to get the domain name of the server or open the Domain file:
    dig -x <SERVER PUBLIC IP>
    cat /home/cloud_user/Domain
  2. Vault keys and root token are located at:

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?