Vault Learning Resources: Vault 1.5 features and more

Vault 1.5 was announced on July 21st and many of us are itching to try and experiment with those new features! Come visit the Vault Learn site where you will find the Vault 1.5 Release Highlights with the list of tutorials that are now available.

»Vault Installation to RedHat OpenShift via Helm

RedHat's OpenShift is a distribution of the Kubernetes platform that provides a number of usability and security enhancements.

The Vault Installation to RedHat OpenShift via Helm tutorial walks you through the installation of Vault via the Helm chart on an OpenShift cluster. You will deploy two web applications: one that authenticates and requests secrets directly from the Vault server, and another that employs deployment annotations that enable it to remain Vault-unaware.

»Performance Tuning

Performance Tuning provides guidelines and best practices for tuning the Vault environment for optimal performance. Learn some of the most common resource limitations and maximum values that you can encounter when tuning Vault for performance, and access best practice recommendations that should be applied when possible and practical, based on your specific environment and requirements.

»Monitor Telemetry & Audit Device Log Data with Splunk

Many people have asked for an updated Vault monitoring guide, so here it is! Monitor Telemetry & Audit Device Log Data with Splunk walks you through monitoring Vault telemetry metrics and audit device logs with Splunk, including configuration, key metrics for monitoring and alerting, and information about the new Vault Enterprise Splunk App. You will learn about important metrics to monitor, and action steps for responding to anomalies with specific metrics.

»Use Integrated Storage for HA Coordination

When Vault 1.4 announced integrated storage, it lacked the support for ha_storage. The ha_storage stanza is used along with the storage stanza in the Vault server configuration to handle the high availability (HA) coordination if the chosen storage is a non-HA supporting storage backend.

As of Vault 1.5, integrated storage can be used as an ha_storage to store information necessary to coordinate high availability.

Use Integrated Storage for HA Coordination walks you though the server configuration to leverage integrated storage as an HA storage.

»Protecting Vault with Resource Quotas

Vault 1.5 introduced resource quotas to protect your Vault environment's stability and network, as well as storage resource consumption from runaway application behavior and distributed denial of service (DDoS) attacks.

Protecting Vault with Resource Quotas explains the usage of rate limit quotas and lease count quotas. You will explore and examine the error message that the quota violation throws and learn how to implement these protections against misbehaving applications and clients.

»User Configurable Password Generation for Secret Engines

Often, an organization must adhere to specific password requirements and the Vault generated passwords may not comply with the rules.

Vault 1.5 introduced support for configurable password generation defined by a password policy. User Configurable Password Generation for Secret Engines walks you through the steps to create a password policy and configure a secrets engine to levearge it.

»Codify Management of Vault

One of the pillars behind the Tao of Hashicorp is automation through codification.

The Codify Management of Vault and Codify Management of Vault Enterprise tutorials demonstrate the codification of Vault server configuration using the Terraform Vault provider.

Terraform Vault provider v2.12.0 introduced support for the Transform secrets engine, which came out in Vault 1.4. This tutorial showcases the ability of the Transform secrets engine to encode credit card numbers.

»SSH Secrets Engine: One-Time SSH Password

Vault SSH Help v0.1.6 announced a support for Vault Enterprise namespaces.

The SSH Secrets Engine: One-Time SSH Password tutorial was updated to demonstrate the use of namespaces with vault-ssh-helper.

»Vault Enterprise Replications UI Enhancements

Extensive work has been done to the Vault UI in Vault 1.5 to improve the operational tasks for managing enterprise replications. The following tutorials were updated with new workflow and screenshots.

• Monitoring Vault Replication
• Disaster Recovery Replication Setup
• Setting Up Performance Replication
• Performance Replication with Paths Filter

Check out these new resources and more on HashiCorp Learn.