HashiCorp Product Certifications (Coming Soon)

Attendees of HashiConf US in Seattle had the opportunity to take beta exams. The beta is now closed, and we are preparing for general release. Sign up to be notified about exam releases and for details on how to regsiter.

Product Certification Program Overview

With the HashiCorp product certification program DevOps, IT, Security, and Development professionals can add formal, industry accepted credentials to their repertoire. Passing a product certification exam validates your knowledge and experience with a HashiCorp product. Each product’s (Terraform, Vault, Consul, Nomad) certification program tests both conceptual knowledge and real-world experience. You can communicate your earned credentials easily and employers can quickly verify your results.

Exam Experience

Certification exams are taken online with a live proctor. This means that all locations and time zones are accommodated. Online proctoring provides the same benefits of a physical test center while being more accessible to exam-takers. The live proctor verifies the exam-taker’s identity, walks them through rules and procedures, and watches them take the exam. Be sure to follow the instructions on your exam appointment confirmation email about how to prepare your computer and physical environment to take the exam.

Your Credential

HashiCorp has partnered with Credly’s Acclaim platform to offer you a digital badge upon passing a certification exam. There is no fee for this service and acceptance is totally up to you. Digital badges can be used in email signatures or digital resumes, and on social media sites such as LinkedIn, Facebook, and Twitter. Badges link back to a real-time verification feature that describes your qualifications.

HashiCorp Certified: Terraform Associate

The Terraform Associate certification is for operations, IT, or devops professionals who know the basic concepts and skills associated with open source HashiCorp Terraform. Qualified candidates may not have used Terraform in production but have performed the tasks listed in the objectives in at least a personal demo environment. This person understands what enterprise features exist and what can and cannot be done using the open source offering.

Prerequisites

  • Basic terminal skills
  • Basic understanding of on premises and cloud architecture

Product Version Tested

Terraform 0.12 and higher.

Preparing for the Exam

You will be tested on the objectives listed below. If there any you need to review, visit the Review Guide.

Exam Details

Type Multiple choice
Duration 1 hour
Language English

Exam Objectives

1 Understand infrastructure as code (IaC) concepts
1a Explain what IaC is
1b Describe advantages of IaC patterns
2 Understand Terraform's purpose (vs other IaC)
2a Explain multi-cloud and provider-agnostic benefits
2b Explain the benefits of state
3 Understand Terraform basics
3a Handle Terraform and provider installation and versioning
3b Describe plugin based architecture
3c Demonstrate using multiple providers
3d Describe how Terraform finds and fetches providers
3e Explain when to use and not use provisioners and when to use local-exec or remote-exec
4 Use the Terraform CLI (outside of core workflow)
4a Understand the help command (terraform help)
4b Given a scenario: choose when to use terraform fmt to format code
4c Given a scenario: choose when to use terraform taint to taint Terraform resources
4d Given a scenario: choose when to use terraform import to import existing infrastructure into your Terraform state
4e Given a scenario: choose when to use terraform workspace to create workspaces
4f Given a scenario: choose when to use terraform state to view Terraform state
4g Given a scenario: choose when to enable verbose logging and what the outcome/value is
5 Interact with Terraform modules
5a Contrast module source options
5b Interact with module inputs and outputs
5c Describe variable scope within modules/child modules
5d Discover modules from the public Terraform Module Registry
5e Defining module version
6 Navigate Terraform workflow
6a Describe Terraform workflow ( Write -> Plan -> Create )
6b Initialize a Terraform working directory (terraform init)
6c Validate a Terraform configuration (terraform validate)
6d Generate and review an execution plan for Terraform (terraform plan)
6e Execute changes to infrastructure with Terraform (terraform apply)
6f Destroy Terraform managed infrastructure (terraform destroy)
7 Implement and maintain state
7a Describe default local backend
7b Outline state locking
7c Handle backend authentication methods
7d Describe remote state storage mechanisms and supported standard backends
7e Describe effect of Terraform refresh on state
7f Describe backend block in configuration and best practices for partial configurations
7g Understand secret management in state files
8 Read, generate, and modify configuration
8a Demonstrate use of variables and outputs
8b Describe secure secret injection best practice
8c Understand the use of collection and structural types
8d Create and differentiate resource and data configuration
8e Use resource addressing and resource parameters to connect resources together
8f Use Terraform built-in functions to write configuration
8g Configure resource using a dynamic block
8h Describe built-in dependency management (order of execution based)
9 Understand Terraform Enterprise capabilities
9a Describe the benefits of Sentinel, registry, and workspaces
9b Differentiate OSS and TFE workspaces
9c Summarize features of Terraform Cloud

HashiCorp Certified: Vault Associate

The Vault Associate certification is for security, IT, or devops professionals who know the basic concepts, skills, and use cases associated with open source HashiCorp Vault. Qualified candidates may not have used Vault in production but have performed the tasks listed in the objectives in at least a personal demo environment. This person understands what enterprise features exist and what can and cannot be done using the open source offering.

Prerequisites

  • Basic terminal skills
  • Basic understanding of on premise or cloud architecture
  • Basic level of security understanding

Product Version Tested

Vault 1.2.1 and higher

Preparing for the Exam

The Vault Associate exam has both a study guide and a review guide. While much of the information in these two guides are the same, they are presented differently for different uses. Use the study guide if you want to study all the exam objectives. Use the review guide if you already have Vault experience and/or training and want to pick and choose which objectives to review before taking the exam.

Exam Details

Type Multiple choice
Duration 1 hour
Language English

Exam Objectives

1 Compare authentication methods
1a Describe authentication methods
1b Choose an authentication method based on use case
1c Differentiate human vs. system auth methods
2 Create Vault policies
2a Illustrate the value of Vault policy
2b Describe Vault policy syntax: path
2c Describe Vault policy syntax: capabilities
2d Craft a Vault policy based on requirements
3 Assess Vault tokens
3a Describe Vault token
3b Differentiate between service and batch tokens. Choose one based on use-case
3c Describe root token uses and lifecycle
3d Define token accessors
3e Explain time-to-live
3f Explain orphaned tokens
3g Create tokens based on need
4 Manage Vault leases
4a Explain the purpose of a lease ID
4b Renew leases
4c Revoke leases
5 Compare and configure Vault secrets engines
5a Choose a secret method based on use case
5b Contrast dynamic secrets vs. static secrets and their use cases
5c Define transit engine
5d Define secrets engines
6 Utilize Vault CLI
6a Authenticate to Vault
6b Configure authentication methods
6c Configure Vault policies
6d Access Vault secrets
6e Enable Secret engines
6f Configure environment variables
7 Utilize Vault UI
7a Authenticate to Vault
7b Configure authentication methods
7c Configure Vault policies
7d Access Vault secrets
7e Enable Secret engines
8 Be aware of the Vault API
8a Authenticate to Vault via Curl
8b Access Vault secrets via Curl
9 Explain Vault architecture
9a Describe the encryption of data stored by Vault
9b Describe cluster strategy
9c Describe storage backends
9d Describe the Vault agent
9e Describe secrets caching
9f Be aware of identities and groups
9g Describe Shamir secret sharing and unsealing
9h Be aware of replication
9i Describe seal/unseal
9j Explain response wrapping
9k Explain the value of short-lived, dynamically generated secrets
10 Explain encryption as a service
10a Configure transit secret engine
10b Encrypt and decrypt secrets
10c Rotate the encryption key