Interactive Labs

8 hr 58 min38 tutorials

Learn by doing! Use Vault on real infrastructure in your web browser.

Your First Secret

With the Vault server running, let's read and write our first secret.

3 min VideoInteractive

Deploy Vault

Learn how to deploy Vault, including configuring, starting, initializing, and unsealing it.

8 minInteractive

Policies

Policies in Vault control what a user can access.

7 minInteractive

Rekeying & Rotating Vault

Vault supports generating new unseal keys as well as rotating the underlying encryption keys. This tutorial covers rekeying and rotating Vault's encryption keys.

4 minInteractive

Generate Root Tokens Using Unseal Keys

Generate a new root token using a threshold of unseal keys.

3 minInteractive

Configure Vault as a Certificate Manager in Kubernetes with Helm

Configure Vault as a certificate manager in Kubernetes with Helm.

13 minInteractive

Integrate a Kubernetes Cluster with an External Vault

Integrate a Kubernetes cluster with an existing Vault service.

15 minInteractive

Vault Installation to Minikube via Helm

Deploy Vault on Kubernetes locally using Minikube with the official Helm chart.

15 min VideoInteractive

Vault Installation to Red Hat OpenShift via Helm

Deploy Vault on Red Hat OpenShift through with the official Helm chart.

12 minInteractive

Mount Vault Secrets through Container Storage Interface (CSI) Volume

Mount Vault secrets in your pods and deployments through a Container Storage Interface (CSI) Volume

10 minInteractive

Injecting Secrets into Kubernetes Pods via Vault Helm Sidecar

Deploy Vault-unaware applications on Kubernetes that consume Vault Secrets.

19 minInteractive

Tokens are the core method for authentication within Vault. For every authentication token and dynamic secret, Vault creates a lease containing information such as duration, renewability, and more. This tutorial helps you understand the lifecycle of tokens.

21 min VideoInteractive

AppRole Pull Authentication

Authentication is a process in Vault by which user or machine-supplied information is verified to create a token with a pre-configured policy.

15 minInteractive

OpenLDAP Secrets Engine

Vault 1.4 introduces a secrets engine designed to help manage existing OpenLDAP entry passwords for UNIX and Linux applications to use.

12 minInteractive

Vault Policies

Policies provide a declarative way to grant or forbid access to certain paths and operations in Vault. This tutorial walks through policy creation workflows.

11 minInteractive

Identity: Entities and Groups

This tutorial demonstrates the commands to create entities, entity aliases, and groups. For the purpose of the demonstration, the userpass auth method will be used.

20 minInteractive

ACL Policy Path Templating

As of 0.11, ACL policies support templating to allow non-static policy paths.

12 min VideoInteractive

Versioned Key/Value Secrets Engine

Vault 0.10.0 introduced version 2 of the key-value secrets engine which supports versioning your secrets so that you can undo the accidental deletion of secrets or compare different versions of a secret.

20 minInteractive

Cubbyhole Response Wrapping

Vault provides the capability to wrap the Vault response and store it in a cubbyhole where the holder of the one-time use wrapping token can unwrap it to uncover the secret.

13 minInteractive

Dynamic Secrets: Database Secrets Engine

Dynamically generate, manage, and revoke database credentials that meet your organization's password policy requirements.

14 minInteractive

User Configurable Password Generation for Secret Engines

Learn how to configure how passwords are generated for secret engines.

6 minInteractive

Build Your Own Certificate Authority (CA)

Demonstrate the use of PKI secrets engine as an Intermediate-Only certificate authority which potentially allows for higher levels of security.

14 min VideoInteractive

Encryption as a Service: Transit Secrets Engine

HashiCorp Vault's transit secrets engine handles cryptographic functions on data in-transit. It can also be understood as encryption as a service.

18 min VideoInteractive

Transit Secrets Re-wrapping

Demonstrate one possible way to re-wrap data after rotating an encryption key in the transit engine in Vault.

14 minInteractive

Auto-unseal using Transit Secrets Engine

An example for enabling Auto-unseal with Vault's Transit Secrets Engine.

10 min VideoInteractive

SSH Secrets Engine: One-Time SSH Password

Configure the Vault SSH secrets engine to issue one-time passwords (OTP) every time a client wants to SSH into a remote host.

12 min VideoInteractive

Enterprise

Transform Secrets Engine

Vault 1.4 introduced Tokenization secrets engine which allows generation of cryptographically secure tokens mapped to sensitive data such as credit card numbers.

20 minInteractive

Enterprise

[Tech Preview] Tokenize Data with Transform Secrets Engine

Transform secrets engine introduced tokenization data transformation in Vault 1.6. This functionality provides maximum resistance to data being compromize.

12 minInteractive

Direct Application Integration

Demonstrates the use of Consul Template and Envconsul tools to retrieve secrets from Vault.

8 min VideoInteractive

Vault Agent with AWS

This tutorial is an introduction the Vault Agent which was introduced in Vault 0.11. Its basic usage is demonstrated using AWS auth method as an example.

14 min VideoInteractive

Vault Agent Caching

Introduce the Agent Caching feature of Vault Agent.

17 min VideoInteractive

Vault Agent Templates

This tutorial demonstrates the Vault Agent Templates feature which was introduced in Vault 1.3. This enables easy integration with Vault making your applications to be Vault-unaware.

9 minInteractive

Vault HA Cluster with Integrated Storage

Build a highly available (HA) Vault cluster using integrated storage as a data persistence layer on your local machine.

18 minInteractive

Use Integrated Storage for HA Coordination

Demonstrate the ha_storage stanza to enable high availability (HA) when non-HA storage backend needs to be used.

12 minInteractive

Monitor Telemetry & Audit Device Log Data with Splunk

This tutorial walks you through monitoring Vault telemetry metrics and audit device log data with Splunk, including configuration, key metrics for monitoring and alerting, and information about the Vault Enterprise Splunk app.

1 hr 12 minInteractive

Protecting Vault with Resource Quotas

Resource quotas allows the Vault operators to implemement protections against misbehaving applications and Vault clients overdrawing resources from Vault.

13 minInteractive

Enterprise

Codify Management of Vault Enterprise

Use HashiCorp Terraform's Vault provider to codify Vault management to increase repetability while reducing human errors.

14 minInteractive

Codify Management of Vault

Use HashiCorp Terraform's Vault provider to codify Vault management to increase repetability while reducing human errors.

8 minInteractive

Infrastructure

Security

Networking

Applications

Your First Secret

Deploy Vault

Policies

Rekeying & Rotating Vault

Generate Root Tokens Using Unseal Keys

Configure Vault as a Certificate Manager in Kubernetes with Helm

Integrate a Kubernetes Cluster with an External Vault

Vault Installation to Minikube via Helm

Vault Installation to Red Hat OpenShift via Helm

Mount Vault Secrets through Container Storage Interface (CSI) Volume

Injecting Secrets into Kubernetes Pods via Vault Helm Sidecar

Tokens

AppRole Pull Authentication

OpenLDAP Secrets Engine

Vault Policies

Identity: Entities and Groups

ACL Policy Path Templating

Versioned Key/Value Secrets Engine

Cubbyhole Response Wrapping

Dynamic Secrets: Database Secrets Engine

User Configurable Password Generation for Secret Engines

Build Your Own Certificate Authority (CA)

Encryption as a Service: Transit Secrets Engine

Transit Secrets Re-wrapping

Auto-unseal using Transit Secrets Engine

SSH Secrets Engine: One-Time SSH Password

Transform Secrets Engine

[Tech Preview] Tokenize Data with Transform Secrets Engine

Direct Application Integration

Vault Agent with AWS

Vault Agent Caching

Vault Agent Templates

Vault HA Cluster with Integrated Storage

Use Integrated Storage for HA Coordination

Monitor Telemetry & Audit Device Log Data with Splunk

Protecting Vault with Resource Quotas

Codify Management of Vault Enterprise

Codify Management of Vault