Skip to main content

HashiCorp Vault Associate 002

What is Vault ?

Vault manage Secrets and Protect Sensitive Data like :

  • Username and passwords
  • Certificates
  • API Keys
  • Encryption Keys

Vault has 3 Interfaces :

  • CLI (Machines and Humans)
  • UI (Humans)
  • API (Machines)

Everithing in Vault could be do with API.

Token Generation : A user authenticated to Vault with Username & Password or TLS Certificate or else. Vault Generate a Token who is valid for 4 Hours (TTL)

Token Usage : Someone try to retrieve Data from a Path: Vault verify :

  • Token is Valid
  • Token is not Expired
  • Token has Permission

If each verification is OK => Vault return the requested data. We present our token, We don't authenticate again.

Vault HA Cluster

To join Vault Cluster :

vault operator raft join VAULT_URL

After joining, we need to unseal the Vault with :

vault operator unseal

We can list each node in the HA with :

vault operator raft list-peers

We can step-down a vault to tranfer the leadership to another HA member with :

vault operator step-down

Protection

Master Key encrypt the Encryption Key who encrypt Data