» HashiCorp Certifications (Beta)

Our initial certifications cover the open source releases of Terraform and Vault at a beginner level. The exams are multiple choice.

Attendees of HashiConf US in Seattle had the opportunity to take a beta exam for free. The beta is now closed, and we are preparing for general release. Once the exams are released, they will be given online with a proctor. That means you can take them from anywhere and all time-zones will be accommodated.

Email certifications@hashicorp.com with any questions.

HashiCorp Certified: Terraform Associate

The Terraform Associate certification is for operations, IT, or devops professionals who know the basic concepts and skills associated with open source HashiCorp Terraform. Qualified candidates may not have used Terraform in production but have performed the tasks listed in the objectives in at least a personal demo environment. This person understands what enterprise features exist and what can and cannot be done using the open source offering.

» Prerequisites

  • Basic terminal skills
  • Basic understanding of on premises and cloud architecture

» Product Version Tested

Terraform 0.12 and higher.

» Exam Objectives

1 Understand infrastructure as code (IaC) concepts
1a Explain what IaC is
1b Describe advantages of IaC patterns

2 Understand Terraform's purpose (vs other IaC)
2a Explain multi-cloud and provider-agnostic benefits
2b Explain the benefits of state

3 Understand Terraform basics
3a Handle Terraform and provider installation and versioning
3b Describe plugin based architecture
3c Demonstrate using multiple providers
3d Describe how Terraform finds and fetches providers
3e Explain when to use and not use provisioners and when to use local-exec or remote-exec

4 Use the Terraform CLI (outside of core workflow)
4a Understand the help command (terraform help)
4b Given a scenario: choose when to use terraform fmt to format code
4c Given a scenario: choose when to use terraform taint to taint Terraform resources
4d Given a scenario: choose when to use terraform import to import existing infrastructure into your Terraform state
4e Given a scenario: choose when to use terraform workspace to create workspaces
4f Given a scenario: choose when to use terraform state to view Terraform state
4g Given a scenario: choose when to enable verbose logging and what the outcome/value is

5 Interact with Terraform modules
5a Contrast module source options
5b Interact with module inputs and outputs
5c Describe variable scope within modules/child modules
5d Discover modules from the public Terraform Module Registry
5e Defining module version

6 Navigate Terraform workflow
6a Describe Terraform workflow ( Write -> Plan -> Create )
6b Initialize a Terraform working directory (terraform init)
6c Validate a Terraform configuration (terraform validate)
6d Generate and review an execution plan for Terraform (terraform plan)
6e Execute changes to infrastructure with Terraform (terraform apply)
6f Destroy Terraform managed infrastructure (terraform destroy)

7 Implement and maintain state
7a Describe default local backend
7b Outline state locking
7c Handle backend authentication methods
7d Describe remote state storage mechanisms and supported standard backends
7e Describe effect of Terraform refresh on state
7f Describe backend block in configuration and best practices for partial configurations
7g Understand secret management in state files

8 Read, generate, and modify configuration
8a Demonstrate use of variables and outputs
8b Describe secure secret injection best practice
8c Understand the use of collection and structural types
8d Create and differentiate resource and data configuration
8e Use resource addressing and resource parameters to connect resources together
8f Use Terraform built-in functions to write configuration
8g Configure resource using a dynamic block
8h Describe built-in dependency management (order of execution based)

9 Understand Terraform Enterprise capabilities
9a Describe the benefits of Sentinel, registry, and workspaces
9b Differentiate OSS and TFE workspaces
9c Summarize features of Terraform Cloud

HashiCorp Certified: Vault Associate

The Vault Associate certification is for security, IT, or devops professionals who know the basic concepts, skills, and use cases associated with open source HashiCorp Vault. Qualified candidates may not have used Vault in production but have performed the tasks listed in the objectives in at least a personal demo environment. This person understands what enterprise features exist and what can and cannot be done using the open source offering.

» Prerequisites

  • Basic terminal skills
  • Basic understanding of on premise or cloud architecture
  • Basic level of security understanding

» Product Version Tested

Vault 1.2.1 and higher

» Exam Objectives

1 Compare authentication methods
1a Describe authentication methods
1b Choose an authentication method based on use case
1c Differentiate human vs. system auth methods

2 Create Vault policies
2a Illustrate the value of Vault policy
2b Describe Vault policy syntax: path
2c Describe Vault policy syntax: capabilities
2d Craft a Vault policy based on requirements

3 Assess Vault tokens
3a Describe Vault token
3b Differentiate between service and batch tokens. Choose one based on use-case
3c Describe root token uses and lifecycle
3d Define token accessors
3e Explain time-to-live
3f Explain orphaned tokens
3g Create tokens based on need

4 Manage Vault leases
4a Explain the purpose of a lease ID
4b Renew leases
4c Revoke leases

5 Compare and configure Vault secrets engines
5a Choose a secret method based on use case
5b Contrast dynamic secrets vs. static secrets and their use cases
5c Define transit engine
5d Define secrets engines

6 Utilize Vault CLI
6a Authenticate to Vault
6b Configure authentication methods
6c Configure Vault policies
6d Access Vault secrets
6e Enable Secret engines
6f Configure environment variables

7 Utilize Vault UI
7a Authenticate to Vault
7b Configure authentication methods
7c Configure Vault policies
7d Access Vault secrets
7e Enable Secret engines

8 Be aware of the Vault API
8a Authenticate to Vault via Curl
8b Access Vault secrets via Curl

9 Explain Vault architecture
9a Describe the encryption of data stored by Vault
9b Describe cluster strategy
9c Describe storage backends
9d Describe the Vault agent
9e Describe secrets caching
9f Be aware of identities and groups
9g Describe Shamir secret sharing and unsealing
9h Be aware of replication
9i Describe seal/unseal
9j Explain response wrapping
9k Explain the value of short-lived, dynamically generated secrets

10 Explain encryption as a service
10a Configure transit secret engine
10b Encrypt and decrypt secrets
10c Rotate the encryption key
Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×