Vault Learning Resources: Vault 1.5 features and more
Vault 1.5 was announced on July 21st and many of us are itching to try and experiment with those new features! Come visit the Vault Learn site where you will find the Vault 1.5 Release Highlights with the list of tutorials that are now available.
» Vault Installation to RedHat OpenShift via Helm
RedHat's OpenShift is a distribution of the Kubernetes platform that provides a number of usability and security enhancements.
The Vault Installation to RedHat OpenShift via Helm tutorial walks you through the installation of Vault via the Helm chart on an OpenShift cluster. You will deploy two web applications: one that authenticates and requests secrets directly from the Vault server, and another that employs deployment annotations that enable it to remain Vault-unaware.
» Performance Tuning
Performance Tuning provides guidelines and best practices for tuning the Vault environment for optimal performance. Learn some of the most common resource limitations and maximum values that you can encounter when tuning Vault for performance, and access best practice recommendations that should be applied when possible and practical, based on your specific environment and requirements.
» Monitor Telemetry & Audit Device Log Data with Splunk
Many people have asked for an updated Vault monitoring guide, so here it is! Monitor Telemetry & Audit Device Log Data with Splunk walks you through monitoring Vault telemetry metrics and audit device logs with Splunk, including configuration, key metrics for monitoring and alerting, and information about the new Vault Enterprise Splunk App. You will learn about important metrics to monitor, and action steps for responding to anomalies with specific metrics.
» Use Integrated Storage for HA Coordination
When Vault 1.4 announced integrated storage, it lacked the support for ha_storage
. The ha_storage
stanza is used along with the storage
stanza in the Vault server
configuration to handle the high availability (HA) coordination if the chosen storage
is a non-HA supporting storage backend.
As of Vault 1.5, integrated storage can be used as an ha_storage
to store information necessary to coordinate high availability.
Use Integrated Storage for HA Coordination walks you though the server configuration to leverage integrated storage as an HA storage.
» Protecting Vault with Resource Quotas
Vault 1.5 introduced resource quotas to protect your Vault environment's stability and network, as well as storage resource consumption from runaway application behavior and distributed denial of service (DDoS) attacks.
Protecting Vault with Resource Quotas explains the usage of rate limit quotas and lease count quotas. You will explore and examine the error message that the quota violation throws and learn how to implement these protections against misbehaving applications and clients.
» User Configurable Password Generation for Secret Engines
Often, an organization must adhere to specific password requirements and the Vault generated passwords may not comply with the rules.
Vault 1.5 introduced support for configurable password generation defined by a password policy. User Configurable Password Generation for Secret Engines walks you through the steps to create a password policy and configure a secrets engine to levearge it.
» Codify Management of Vault
One of the pillars behind the Tao of Hashicorp is automation through codification.
The Codify Management of Vault and Codify Management of Vault Enterprise tutorials demonstrate the codification of Vault server configuration using the Terraform Vault provider.
Terraform Vault provider v2.12.0 introduced support for the Transform secrets engine, which came out in Vault 1.4. This tutorial showcases the ability of the Transform secrets engine to encode credit card numbers.
» SSH Secrets Engine: One-Time SSH Password
Vault SSH Help v0.1.6 announced a support for Vault Enterprise namespaces.
The SSH Secrets Engine: One-Time SSH Password tutorial was updated to demonstrate the use of namespaces with vault-ssh-helper.
» Vault Enterprise Replications UI Enhancements
Extensive work has been done to the Vault UI in Vault 1.5 to improve the operational tasks for managing enterprise replications. The following tutorials were updated with new workflow and screenshots.
- Monitoring Vault Replication
- Disaster Recovery Replication Setup
- Setting Up Performance Replication
- Performance Replication with Paths Filter
Check out these new resources and more on HashiCorp Learn.
Sign up for the latest HashiCorp news
More blog posts like this one
Vault integrations with MongoDB, Private Machines, and walt.id strengthen customer security
Three new HashiCorp Vault ecosystem integrations extend security use cases for customers.
HashiCorp at re:Invent 2024: Security Lifecycle Management with AWS
A recap of HashiCorp security news and developments on AWS from the past year, for your security management playbook.
HCP Vault Dedicated adds secrets sync, cross-region DR, EST PKI, and more
The newest HCP Vault Dedicated 1.18 upgrade includes a range of new features that include expanding DR region coverage, syncing secrets across providers, and adding PKI EST among other key features.