HashiCorp Vault Tutorial for Beginners | FULL COURSE in 1 Hour | HashiCorp Vault Fundamentals
HTML-код
- Опубликовано: 10 июл 2024
- This video is a HashiCorp Vault Tutorial for Beginners. It's a 1-hour full course.
#HashiCorp #Vault is the prominent secrets management solution today it is currently used by the top financial institutions and enterprises in the world. Hi, my name is Sam Gabrail and I've created this vault fundamentals course for you this is a one hour course which is a subset of a much larger course that is eight hours long that course is called HashiCorp Vault 101 certified vault associate it will help you dig deeper and be ready for the vault associate exam you can find this course by going to the courses.tekanaid.com site and scrolling to the bottom of the page
- HashiCorp Vault 101 - Certified Vault Associate ► bit.ly/hc-vault-101
🎟️ Get 15% off of my Vault 101 Course with this coupon ► RUclips15VAULT101
Back to our Vault Fundamentals course right now in this course, you'll learn the following topics:
▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬
00:00 - Introduction
01:40 - What is HashiCorp Vault?
05:38 - Vault Use Cases
11:03 - Basic Vault CLI Commands
15:24 - Vault Server Modes
26:18 - Vault Architecture Internals
28:38 - Vault Seal and Unseal
36:28 - The Configuration File
37:56 - Run a Production Vault Server Lab
48:30 - Authentication Overview
50:38 - Types of Auth Methods
53:06 - Policies Overview
56:39 - Tokens Overview
58:22 - Secrets Engines Overview
1:01:46 - Replication Design with DR and PR
1:08:18 - Vault Agent Overview
1:10:36 - Closing Remarks
▬▬▬▬▬▬▬▬▬ Courses 🎓 ▬▬▬▬▬▬▬▬
- TeKanAid Academy Subscription ► bit.ly/subscription-premium
- HashiCorp Vault 101 - Certified Vault Associate ► bit.ly/hc-vault-101
🎟️ Get 15% off of my Vault 101 Course with this coupon ► RUclips15VAULT101
- HashiCorp Vault 201 - Vault for Apps in Kubernetes ► bit.ly/hc-vault-201
▬▬▬▬▬▬▬▬ Useful Links 🛠 ▬▬▬▬▬▬▬
Get the code ► tekanaid.com/posts/hashiCorp-...
▬▬▬▬▬▬▬▬ Community 🌎 ▬▬▬▬▬▬▬▬▬
- TeKanAid Community Forum ► tekanaid.com/community
▬▬▬▬▬▬▬▬ Connect 👋 ▬▬▬▬▬▬▬▬▬
TeKanAid University ► tekanaid.com/courses
Website ► bit.ly/TeKanAid_Website
Facebook Page ► bit.ly/TeKanAid_Facebook
Don't forget to subscribe ► bit.ly/TeKanAid_RUclips_Subsc...
MEDIUM ► bit.ly/Sam_Medium
TWITTER TeKanAid ► bit.ly/TeKanAid_Twitter
TWITTER Sam ► bit.ly/Sam_Twitter
LINKEDIN TeKanAid ► bit.ly/TeKanAid_LinkedIn
LINKEDIN Sam ► bit.ly/Sam_linkedin 
Наука
▬▬▬▬▬▬ Announcements📢 ▬▬▬▬▬▬▬
🔥 If you're interested in a step-by-step course to learn the basics of HashiCorp Vault, check this course out:
HashiCorp Vault 101 - Certified Vault Associate ► bit.ly/hc-vault101
In this course you will get to:
⭐ Learn everything you need to know about Vault to ace the Vault Associate Exam
⭐ 8+ hours of video content
⭐ Instructor has his camera on making you feel that you're right in the classroom
⭐ Hand-drawn animated diagrams to help you grasp the topics better
⭐ Lots of hands-on labs to learn by doing
⭐ English closed captions that are searchable so you won't miss a word
⭐ Quizzes to help you grasp the material well
⭐ Join our Community
Uh, man! This is something I've looking for! Explained precisely , no BS, pure knowledge! BIG thanks!
Glad it helped!
Dude holy shit I swear you really explain things so well so clear someone that is a beginner in IT could fully understand this. You rock my guy!!!!!!! Keep making these lessons you are making everyones lives so much easier and not make me feel dumb :)
Thanks, Jesse, that made my day!
Outstanding! As an IT educator myself, I am impressed with your planning, organization, and delivery. Very well done.
Wow, thanks a lot, David!
Thank you so much for making this tutorial. Now I have a better understanding of the Vault. I am a Junior and it was a struggle for me to actually realise why we use this technology at my job and how it works. Thanks a lot!
This is wonderful to hear! I'm so glad this helped you!
Thanks a lot for this jumpstart course. It gives a lot of clear and concise information
You're welcome, glad it helped
Great tutorial. loved it. Thx man
You're welcome thanks for your note.
Extremely helpful. Thank you.
Glad to hear
A very very useful video. Thank you very much for this 😃
You're very welcome!
So good! TYVM!
You're welcome!
thanks this is the best channel for devops
Thank you so much
Thanks for detailed explanation!
Glad it was helpful!
This is good stuff. Thank you
Glad it was helpful!
amazing helpfully video !
Glad it was helpful!
Easy to understand . Thanks
Glad to hear, thanks!
i like the visuals!
Glad to hear, thanks
Thanks Good effort
Thank you!
Hi there, first of all thank you for making and uploading this video. I did learn a lot from Vault's features and setup.
I do have a question however, is there a reason why it instantiates (at 40:48) a vault.db file that has a whopping 100GB in size? And if not, is there a way to control this size?
Again, thanks for the video!
Thank you. I hadn't looked into it before. I don't think you can tune it. I came across this learn guide if it's helpful. learn.hashicorp.com/tutorials/vault/performance-tuning?in=vault/operations#storage-backend-tuning
@@TeKanAid thanks for taking the time to reply and advise on this. Came across this documentation too. Tried to add in some config values, but it also seemed to me that you can't control the value. Strange that it takes up so much space. Anyway, thanks again!
@@vincentverweij1053 I actually took a look and don't see that large of a file. Not sure why you're getting that.
(⎈ |docker-desktop:default)
Gabrail-Windows:sam:~/Deployment_Linux/Vault/Training/vault-101/Section06-Starting_a_Production_Vault_Server/vault/data$ll
total 196K
drwxr-xr-x 3 sam sam 4.0K Feb 18 16:53 .
drwxr-xr-x 3 sam sam 4.0K Feb 18 16:52 ..
drwxr-xr-x 3 sam sam 4.0K Feb 18 16:53 raft
-rw------- 1 sam sam 180K Mar 2 17:34 vault.db
(⎈ |docker-desktop:default)
Gabrail-Windows:sam:~/Deployment_Linux/Vault/Training/vault-101/Section06-Starting_a_Production_Vault_Server/vault/data$du -h ./vault.db
184K ./vault.db
excellent teacher
Thank you!
In my project, we use vault to login to different aws and on prem servers.
We run the script vault login and it asks prompt we are willing to login like aws/azure/gcp and then it asks prod or np or dev , we shd pass on our creds linked to ldap, otp later which we get while we setup vault for individual thru generated secret.
Just info for others
Thanks for sharing, Trevor!
Thanks, does it mean Vault is used as a kind of proxy between client and servers? For example DB server credentials are staying the same, but vault can dynamically create different sets of creds rather than distributing DB credentials to applications. So in that case does it does it somehow works as reverse proxy for the credentials? :)
Yeah, it acts as a broker for secrets. Dynamic Database secrets are on demand secrets that get created on read from the client.
Thanks for the nice video on vault, can you tell me how we can authenticate with value with an AWS Sso user ? With normal user when I pass access key and secrets it works but with SSO it is not
Have to tried authenticating with vault using aws sso ?
Sorry for the late reply. I haven't seen this. There is an old discussion here, but seems to not be resolved discuss.hashicorp.com/t/vault-integration-with-aws-sso-saml-2-0/5461
Hi, My requirement is to implement TDE on DB2, is it possible through Hashicorp vault? Could you please let me know.
Thank you!!
I have seen the use of Vault with TDE on MSSQL and Oracle, but have not seen it with DB2. I can ask the HashiCorp folks.
@@TeKanAid Thanks for the response. Yes I'm researching on it but couldn't able to find any proper documents/solutions
What is the right way to manage the tokens in the secert.txt file? Moreover, what is the right way to manage the token we get from vault after authenticating?
These are great questions and I cover them all in my Vault 101 and Vault 202 courses, but quickly, the root token should only be used to configure auth methods. One of which should give admin access then you should revoke the root token. You can always recreate a root token from the unseal keys.
I have a doubt, could you please tell me why we need to create a group in the Hashicorp vault in three lines...
Hi Maitheen, we use groups to group entities. I go into much more details with examples in my course: courses.tekanaid.com/p/hashicorp-vault-101-certified-vault-associate
You can also read this tutorial from HashiCorp: learn.hashicorp.com/tutorials/vault/identity
Hi, my requirement is to implement MySQL DB with TDE. Can Hashicorp vault used for MySQL DB with TDE? Thanks
Yes you can use Vault for key management dev.mysql.com/doc/mysql-secure-deployment-guide/8.0/en/secure-deployment-data-encryption.html
@@TeKanAid Thank you.
@@TeKanAid Do you a course that teaches MySQL DB TDE with HashiCorp vault?
@@thiruardura please send me a note via my contact form I would like to learn more about what you're looking to do. tekanaid.com/contact
Suggest me how to import 100s of user name's and password's
best way is to either use the Terraform provider for Vault or use the Vault API
this man meme (live action version)
I'm getting the below error, when I tried to enable log path
~$ vault audit enable file file_path=./logs/vault_audit.log
Error enabling audit device: Error making API request.
URL: PUT localhost:8200/v1/sys/audit/file
Code: 400. Errors:
* sanity check failed; unable to open "./logs/vault_audit.log" for writing: open ./logs/vault_audit.log: permission denied
This error message is indicating that the Vault server is unable to write to the specified log file path "./logs/vault_audit.log" due to a permission denied error.
This could be caused by a few things:
The directory "./logs" does not exist and needs to be created.
The user running the command does not have permission to write to the specified directory.
The permissions on the directory are not set correctly and need to be changed.
You can check the directory is present or not using ls -ld ./logs and check the permissions of the directory using ls -ld /path/to/logs . You may need to adjust the permissions on the directory to allow the user running the command to write to it or you can run the command with root or sudo.