Vault 1.2: Database Credential Rotation and Identity Tokens
In this webinar, HashiCorp demos two features from the recently released Vault 1.2: Static credential rotation with the upgraded database secrets engine and Vault-native HA storage.
Speakers
- Justin WeissigVault Technical Marketing, HashiCorp
Vault 1.2, which was released a few weeks after being previewed at HashiConf EU, introduces several useful new features including:
- The ability to mint OIDC-compliant JWT tokens tied to Vault identities
- An upgrade to the database secrets engine making it easier for applications with static user accounts to use Vault to auto-rotate those secrets with no code changes.
- A tech preview for Vault-native high availability storage (no more requirement for Consul or any backend store)
- A KMIP server secret engine in Vault Enterprise
These features further improve Vault’s ability to automate secrets management, encryption as a service, and privileged access management.
Join Vault technical marketer Justin Weissig as he demos two of Vault 1.2's new features: - Static credential rotation with the upgraded database secrets engine - Raft-based, Vault-native high availability storage [tech preview]
Outline
0:00 — Brief introduction to HashiCorp Vault
4:42 — Demo: Static credential rotation with the upgraded database secrets engine
16:56 — Demo: Raft-based, Vault-native high availability storage
22:18 — Overview of creating OIDC-compliant JWT tokens tied to Vault identities
26:30 — Q&A
Q&A
How do you migrate from a Consul backend to this new Vault integrated storage?
For the Raft integrated storage: Do you have auto-unseal on a node restart or does it need to be done separately?
With Raft, is there the concept of ACLs like there is in Consul. In production we lock down access to the Vault path using ACL tokens.
Does Vault offer a snapshot agent similar to Consul for its new integrated storage?
To learn more about these features, visit our HashiCorp Learn tracks on Vault 1.2.