Vault Learning Resources: 1.0, Auto-unseal, Agent, Kubernetes
We are excited to announce additional hands-on guides to help you learn and integrate Vault as your secrets management solution. Some of the pre-existing guides have also been updated.
New guides:
- Auto-unseal using GCP Cloud KMS
- Vault Agent with AWS
- Vault Agent with Kubernetes
- Vault Getting Started video guides
Updated guides:
- Getting Started - Install Vault
- Tokens
- Cubbyhole Response Wrapping
- Versioned Key/Value Secret Engine
- Policies
»Auto-Unseal Using GCP Cloud KMS
In Vault 1.0 we open sourced the auto-unseal feature which previously required Vault Enterprise Pro. Now you can opt-in to automatic unsealing via your trusted cloud provider: AliCloud KMS, Amazon KMS, Azure Key Vault, and Google Cloud KMS.
This guide demonstrates an example of using Terraform to provision a Vault node which is configured to auto-unseal using a GCP Cloud KMS encryption key.
NOTE: The Auto-unseal using AWS KMS guide has been updated to run Vault 1.0 OSS as well.
»Vault Agent With AWS
Vault Agent is a client daemon which automates the workflow of client login and token refresh to manage the token lifecycle without requiring custom logic.
This guide walks you through the steps needed to configure Vault Agent using the AWS auth method.
»Vault Agent With Kubernetes
One of the top requests from KubeCon was how to use Vault with Kubernetes. This guide demonstrates how to leverage the Vault Agent from a Kubernetes environment.
You will learn how to set up the Kubernetes auth method and then configure the Vault Agent to acquire and manage Vault tokens for the clients running in a pod.
» Vault Getting Started - Install Vault Video
Our existing Vault Getting Started guides are the easiest way to try Vault on your local machine and learn the core concepts. But we understand that your time is valuable and it's often easier to watch a video alongside or in place of the text. We created a 2-minute video which you can view on desktop, tablet, or mobile.
»Tokens
Vault 1.0 introduced batch tokens which support ephemeral, high performance workloads. This guide has been updated to highlight and compare the characteristics of service tokens and batch tokens.
NOTE: A Katacoda interactive tutorial is also available.
»Cubbyhole Response Wrapping
As of Vault 1.0, the Web UI supports response wrapping. The Additional Discussion: Web UI section has been added to walk you through an end-to-end example of leveraging response wrapping via the UI.
»Policies
A table listing the root protected API endpoints has been added to clarify which policy paths should include the sudo
capability.
Sign up for the latest HashiCorp news
More blog posts like this one
![Why use Vault-backed dynamic credentials to secure HCP Terraform infrastructure?](/_next/image?url=https%3A%2F%2Fwww.datocms-assets.com%2F2885%2F1572286031-vault-terraform-background.png&w=1920&q=75)
Why use Vault-backed dynamic credentials to secure HCP Terraform infrastructure?
Learn how HCP Terraform and Terraform Enterprise users can use Vault-backed dynamic credentials to secure their infrastructure during provisioning better than the base-level dynamic provider credentials.
![Solving the data security challenge for AI builders](/_next/image?url=https%3A%2F%2Fwww.datocms-assets.com%2F2885%2F1714171278-blog-library-product-vault-black.jpg&w=3840&q=75)
Solving the data security challenge for AI builders
This demo highlights the potential risks of using contextual data with LLMs and demonstrates how HashiCorp Vault can integrate with Pinecone to tackle AI data security challenges.
![PKI certificate metadata in Vault](/_next/image?url=https%3A%2F%2Fwww.datocms-assets.com%2F2885%2F1695238878-vault-keys-pki-imagery.png&w=3840&q=75)
PKI certificate metadata in Vault
Creating and using custom metadata helps you better manage and scale your PKI certificates with HashiCorp Vault.