HashiCorp Professional Security Automation Certification (Coming Soon)

We are currently developing the HashiCorp Certified: Vault Operations Professional exam. The exam objectives are listed below so you can get a head start with studying. Sign up to be notified about updates and exam releases.

HashiCorp Certified: Vault Operations Professional

The Vault Operations Professional exam is for Cloud Engineers focused on deploying, configuring, managing, and monitoring a production Vault environment. The exam includes a mix of hands-on tasks performed in a lab, and multiple-choice questions. Certification holders have proven they have the skills, knowledge, and competency to perform the Vault operational tasks listed in the objectives.

Badge for HashiCorp Certified: Vault Operations Professional


  • HashiCorp Certified: Vault Associate Certification (recommended)
  • Linux skills such as list and edit files via command terminal
  • Understanding of IP networking
  • Experience with Public Key Infrastructure (PKI)
  • Information security fundamentals such as network security, RBAC
  • Understanding of containers

Product Version Tested

Vault 1.8.0 and higher

Exam Details

Assessment Type Lab-based and multiple choice
Format Online proctored
Language English

Preparing for the Exam

While the exam is under development, we have prepared a basic review guide. The complete study guide will be available when the exam is ready for the public.

Beta Exam Objectives

1 Create a working Vault server configuration given a scenario
1a Enable CLI autocomplete
1b Practice production hardening
1c Auto unseal Vault
1d Implement integrated storage
1e Enable and configure authentication methods
1f Practice secure Vault initialization
1g Regenerate a root token
1h Rekey Vault and rotate encryption keys
1i Enable and configure secret engines
2 Monitor a Vault environment
2a Monitor and understand Vault telemetry
2b Monitor and understand Vault audit logs
2c Monitor and understand Vault operational logs
3 Employ the Vault security model
3a Describe secure introduction of Vault clients
3b Describe the security implications of running Vault in Kubernetes
4 Build fault-tolerant Vault environments
4a Configure a highly available (HA) cluster
4b [Vault Enterprise] Enable and configure disaster recovery replication
4b [Vault Enterprise] Describe how to promote a secondary cluster
5 Understand the hardware security module (HSM) integration
5a [Vault Enterprise] Describe the benefits of auto unsealing with HSM
5b [Vault Enterprise] Describe the benefits and use cases of seal wrap (PKCS#11)
6 Scale Vault for performance
6a Use batch tokens
6b [Vault Enterprise] Describe the use cases of performance standby nodes
6c [Vault Enterprise] Enable and configure performance replication
6d [Vault Enterprise] Create a paths filter
7 Configure access control
7a Interpret Vault identity entities and groups
7b Write, deploy, and troubleshoot ACL policies
7c [Vault Enterprise] Understand Sentinel policies
7d [Vault Enterprise] Define control groups and describe their basic workflow
7e [Vault Enterprise] Describe multi-tenancy with namespaces
8 Configure Vault Agent
8a Securely configure auto-auth and token sink
8b Configure templating

*Beta exam objectives are subject to change before general release.