Vault Learning Resources: Transit Secrets Engine, OpenID Connect Auth Method
We are excited to announce additional hands-on tutorials to help you learn and integrate Vault as your secrets management solution. Several pre-existing tutorials have also been updated.
What's New?
- Auto-Unseal with Transit Secrets Engine tutorial demonstrates the Transit seal configuration introduced in Vault 1.1.
- OpenID Connect (OIDC) Auth Method tutorial demonstrates OIDC support which was introduced in Vault 1.1.
- Vault Agent Caching tutorial was updated with interactive tutorial.
»Auto-Unseal with Transit Secrets Engine
In addition to AliCloud KMS, Amazon KMS, Azure Key Vault, and Google Cloud KMS, Vault 1.1 added support for the Transit Secrets Engine to auto-unseal your Vault.
This guide walks you through the steps necessary to configure Transit Auto-Unseal.
If you don't have a Vault environment to experiment with Transit Auto-Unseal, click the Show Terminal button to launch an interactive tutorial in your web browser.
»OpenID Connect (OIDC) Auth Method
Vault clients must first authenticate with Vault to acquire a valid token. Vault 1.1 introduced support for OpenID Connect (OIDC) as an auth method which is provided by many authentication services such as Auth0.
This guide walks through the configuration of the OIDC auth method using Auth0 as its OIDC provider.
NOTE: Refer to the Vault OpenID Demo for an example using Google OAuth.
»Update: Vault Agent Caching
Vault Agent was first introduced in Vault 0.11 as a client daemon to automate the authentication and token lifecycle management. Vault 1.1 introduced its caching mechanism to further improve the efficiency of token and lease management.
The Vault Agent Caching tutorial now has a Katacoda scenario to demonstrate both Auto-Auth and Caching of Vault Agent using the approle
auth method. If you don't have a Vault environment, try the Katacoda interactive tutorial today!
You can find many other educational resources, demo code, and interactive experiences at HashiCorp Learn or attend a training event with one of our training partners.
Sign up for the latest HashiCorp news
More blog posts like this one
![Why use Vault-backed dynamic credentials to secure HCP Terraform infrastructure?](/_next/image?url=https%3A%2F%2Fwww.datocms-assets.com%2F2885%2F1572286031-vault-terraform-background.png&w=1920&q=75)
Why use Vault-backed dynamic credentials to secure HCP Terraform infrastructure?
Learn how HCP Terraform and Terraform Enterprise users can use Vault-backed dynamic credentials to secure their infrastructure during provisioning better than the base-level dynamic provider credentials.
![Solving the data security challenge for AI builders](/_next/image?url=https%3A%2F%2Fwww.datocms-assets.com%2F2885%2F1714171278-blog-library-product-vault-black.jpg&w=3840&q=75)
Solving the data security challenge for AI builders
This demo highlights the potential risks of using contextual data with LLMs and demonstrates how HashiCorp Vault can integrate with Pinecone to tackle AI data security challenges.
![PKI certificate metadata in Vault](/_next/image?url=https%3A%2F%2Fwww.datocms-assets.com%2F2885%2F1695238878-vault-keys-pki-imagery.png&w=3840&q=75)
PKI certificate metadata in Vault
Creating and using custom metadata helps you better manage and scale your PKI certificates with HashiCorp Vault.