Week 15: Secrets Management — HashiCorp Vault

Theme: Securely manage secrets with Vault: dynamic secrets, encryption, rotation.

Learning Objectives

  1. Install and initialize HashiCorp Vault (dev mode, then HA)
  2. Configure secret engines: KV v2, database dynamic secrets
  3. Authenticate applications via Kubernetes auth method
  4. Implement secret rotation and auditing

Reading Materials

Finger Exercises (choose 2)

  1. Install Vault dev mode. Enable KV v2 secrets engine. Write/read secrets using CLI and HTTP API.
  2. Enable database dynamic secrets for PostgreSQL. Configure a role that creates 1-hour credentials.
  3. Enable Kubernetes auth. Configure a role that maps a K8s ServiceAccount to a Vault policy.

Project

Time Budget

ActivityTime
Reading1.5 hrs
Finger exercises2 hrs
Project2.5 hrs
Total6 hrs