HashiCorp Professional Security Automation Certification (Coming Soon)
We are currently developing the HashiCorp Certified: Vault Operations Professional exam. The exam objectives are listed below so you can get a head start with studying. Sign up to be notified about updates and exam releases.
Stay informed
Sign up to be notified with updates to the HashiCorp Product Certifications program and to receive news and information about HashiCorp products.
HashiCorp Certified: Vault Operations Professional
The Vault Operations Professional exam is for Cloud Engineers focused on deploying, configuring, managing, and monitoring a production Vault environment. The exam includes a mix of hands-on tasks performed in a lab, and multiple-choice questions. Certification holders have proven they have the skills, knowledge, and competency to perform the Vault operational tasks listed in the objectives.
Prerequisites
- HashiCorp Certified: Vault Associate Certification (recommended)
- Linux skills such as list and edit files via command terminal
- Understanding of IP networking
- Information security fundamentals such as network security, RBAC
- Understanding of containers
Product Version Tested
Vault 1.8.0 and higher
Exam Details
| Assessment Type | Lab-based and multiple choice |
|---|---|
| Format | Online proctored |
| Language | English |
Preparing for the Exam
While the exam is under development, we have prepared a basic review guide. The complete study guide will be available when the exam is ready for the public.
Beta Exam Objectives
| 1 | Create a working Vault server configuration given a scenario |
|---|---|
| 1a | Enable CLI autocomplete |
| 1b | Practice production hardening |
| 1c | Auto unseal Vault |
| 1d | Implement integrated storage |
| 1e | Enable and configure authentication methods |
| 1f | Practice secure Vault initialization |
| 1g | Regenerate a root token |
| 1h | Rekey Vault and rotate encryption keys |
| 1i | Enable and configure secret engines |
| 2 | Monitor a Vault environment |
|---|---|
| 2a | Monitor and understand Vault telemetry |
| 2b | Monitor and understand Vault audit logs |
| 2c | Monitor and understand Vault operational logs |
| 3 | Employ the Vault security model |
|---|---|
| 3a | Describe secure introduction of Vault clients |
| 3b | Describe the security implications of running Vault in Kubernetes |
| 4 | Build fault-tolerant Vault environments |
|---|---|
| 4a | Configure a highly available (HA) cluster |
| 4b | [Vault Enterprise] Enable and configure disaster recovery replication |
| 4b | [Vault Enterprise] Describe how to promote a secondary cluster |
| 5 | Understand the hardware security module (HSM) integration |
|---|---|
| 5a | [Vault Enterprise] Describe the benefits of auto unsealing with HSM |
| 5b | [Vault Enterprise] Describe the benefits and use cases of seal wrap (PKCS#11) |
| 6 | Scale Vault for performance |
|---|---|
| 6a | Use batch tokens |
| 6b | [Vault Enterprise] Describe the use cases of performance standby nodes |
| 6c | [Vault Enterprise] Enable and configure performance replication |
| 6d | [Vault Enterprise] Create a paths filter |
| 7 | Configure access control |
|---|---|
| 7a | Interpret Vault identity entities and groups |
| 7b | Write, deploy, and troubleshoot ACL policies |
| 7c | [Vault Enterprise] Understand Sentinel policies |
| 7d | [Vault Enterprise] Define control groups and describe their basic workflow |
| 7e | [Vault Enterprise] Describe multi-tenancy with namespaces |
| 8 | Configure Vault Agent |
|---|---|
| 8a | Securely configure auto-auth and token sink |
| 8b | Configure templating |
*Beta exam objectives are subject to change before general release.