Vault is a tool for securely accessing secrets and provides a unified interface to any secret while providing tight access control. Learn different secrets engines that are available.
Vault supports generating new unseal keys as well as rotating the underlying
encryption keys. This tutorial covers rekeying and rotating Vault's encryption
Vault 0.10.0 introduced version 2 of the key-value secrets engine which supports versioning your secrets so that you can undo the accidental deletion of secrets or compare different versions of a secret.
Vault provides the capability to wrap the Vault response and store it in a
cubbyhole where the holder of the one-time use wrapping token can unwrap it to
uncover the secret.
Dynamically generate, manage, and revoke database credentials that meet your
organization's password policy requirements.
Vault enables the combined database secrets engines to automate the rotation of root credentials.
Vault 1.2 extended the database secrets engine so that the users can create a
static database role and rotate its password periodically.
Provide and rotate credentials for configured Active Directory (AD) accounts
as well as check-out and check-in shared credentials.
Vault 1.4 introduces a secrets engine designed to help manage existing OpenLDAP entry passwords for UNIX and Linux applications to use.
Vault can dynamically generate Azure service principal for applications to use.
Demonstrate the use of PKI secrets engine as an Intermediate-Only certificate
authority which potentially allows for higher levels of security.
Configure the Vault SSH secrets engine to issue one-time passwords (OTP)
every time a client wants to SSH into a remote host.
Learn how to configure how passwords are generated for secret engines.
Vault 1.6 introduces a secrets engine designed to help with cloud provider key lifecycle management.
Vault 1.2 introduced a Key Management Interoperability Protocol (KMIP) secrets
engine which allows Vault to serve as a KMIP server.
Learn how to build, register, and mount a custom plugin.
Configure the Nomad secrets engine in Vault to deliver Vault-managed Nomad
Use Vault and consul-template to create and configure Vault-managed mTLS
certificates for Nomad's API and RPC traffic.
Generate and use Vault-managed PostgreSQL credentials as part of a
Nomad job specification.
Configure the AWS Secrets Engine in Vault through Terraform, then use the short-lived, Vault-generated, dynamic secrets to provision EC2 instances