Implement HashiCorp Vault API Authentication

1 hour
  • 4 Learning Objectives

About this Hands-on Lab

The goal of this lab is to configure a HashiCorp vault in such a way that will provide authentication for a web application API. This can be achieved by creating a KV – Secrets Engine whose contents will be compared with what the user sends in the authentication header. If there is a positive match, the API GET request is authenticated by the secrets engine; if there is no positive match, then the request is classified as unauthorized.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Unseal the Vault and Log in with the Root Token
  1. Unseal the vaults.
  2. Log in with the root token.
Enable a `kv` Store and Limit its Access
  1. Enable a kv store.
  2. Create a kv secret.
  3. Create a policy for an access token.
  4. Create an access token.
  5. Test the token out.
Clone github repo, modify app code and then run the app on the web server
  1. Clone the GitHub repository.
  2. Install pip for python3.
  3. Install django framework.
  4. Add the Web Server host to the list of allowed hosts.
Test out the API call
  1. Run the Django app.
  2. Make a test call from the Client Server.

Additional Resources

  1. Use dig to get the domain name of the server or open the Domain file:
    dig -x <SERVER PUBLIC IP>
    cat /home/cloud_user/Domain
    1. Vault keys, and the root token, can be found using the information provided below:

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?