HashiCorp has just announced 2 certifications, one for Terraform and another for Vault.
For the Vault exam, there are 10 objectives. I will do my best to find the relevant documentation for each objective and their sub-components to help everyone study and prepare for the exam.
Note: I have not taken this exam yet, as it is currently only released to those attending the attendees of HashiConf US in Seattle at first.
If you find a better reference for the objective (you’ll notice that I couldn’t find reference material for some items), send me a note and I’ll update the link (so that everyone can benefit from the best material).
Vault Associate Exam Objectives
1 Compare Authentication Methods
1A Describe authentication methods
https://www.vaultproject.io/docs/auth/index.html
https://www.vaultproject.io/docs/concepts/auth.html
1B Choose an authentication method based on use case
https://www.vaultproject.io/docs/concepts/auth.html
1C Differentiate human vs. system auth methods
https://www.vaultproject.io/docs/concepts/auth.html
2 Create Vault Policies
2A Illustrate the value of Vault policy
https://www.vaultproject.io/docs/concepts/policies.html
2B Describe Vault policy syntax: path
https://www.vaultproject.io/docs/concepts/policies.html#policy-syntax
2C Describe Vault policy syntax: capabilities
https://www.vaultproject.io/docs/concepts/policies.html#capabilities
2D Craft a Vault policy based on requirements
https://learn.hashicorp.com/vault/getting-started/policies#writing-the-policy
3 Assess Vault Tokens
3A Describe Vault token
https://www.vaultproject.io/docs/concepts/tokens.html
3B Differentiate between service and batch tokens. Choose one based on use-case
https://www.vaultproject.io/docs/concepts/tokens.html#service-tokens
https://www.vaultproject.io/docs/concepts/tokens.html#batch-tokens
https://www.vaultproject.io/docs/concepts/tokens.html#token-type-comparison
3C Describe root token uses and lifecycle
https://www.vaultproject.io/docs/concepts/tokens.html#root-tokens
3D Define token accessors
https://www.vaultproject.io/docs/concepts/tokens.html#token-accessors
3E Explain time-to-live
https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls
3F Explain orphaned tokens
https://www.vaultproject.io/docs/concepts/tokens.html#token-hierarchies-and-orphan-tokens
3G Create tokens based on need
https://learn.hashicorp.com/vault/identity-access-management/tokens#step-1-create-service-tokens-with-use-limit
4 Manage Vault Leases
4A Explain the purpose of a lease ID
https://www.vaultproject.io/docs/concepts/lease.html#lease-ids
4B Renew leases
https://www.vaultproject.io/docs/commands/lease/renew.html
4C Revoke leases
https://www.vaultproject.io/docs/commands/lease/revoke.html
5 Compare and Configure Vault Secrets Engines
5A Choose a secret method based on use case
5B Contrast dynamic secrets vs. static secrets and their use cases
5C Define transit engine
https://www.vaultproject.io/docs/secrets/transit/index.html
5D Define secrets engines
https://www.vaultproject.io/docs/secrets/index.html#secrets-engines
6 Utilize Vault CLI
6A Authenticate to Vault
https://www.vaultproject.io/docs/commands/auth/index.html
6B Configure authentication methods
https://www.vaultproject.io/docs/commands/auth/enable.html
https://www.vaultproject.io/docs/commands/auth/disable.html
6C Configure Vault policies
https://www.vaultproject.io/docs/commands/policy/index.html
6D Access Vault secrets
https://www.vaultproject.io/docs/commands/secrets/index.html
6E Enable Secret engines
https://www.vaultproject.io/docs/commands/secrets/enable.html
6F Configure environment variables
https://www.vaultproject.io/docs/commands/index.html#environment-variables
7 Utilize Vault UI
https://www.hashicorp.com/resources/vault-oss-ui-introduction
https://vault-ui.io/
7A Authenticate to Vault
7B Configure authentication methods
7C Configure Vault policies
7D Access Vault secrets
7E Enable Secret engines
8 Be Aware of the Vault API
8A Authenticate to Vault via Curl
https://learn.hashicorp.com/vault/getting-started/apis
8B Access Vault secrets via Curl
https://www.vaultproject.io/api/overview.html#api-operations
9 Explain Vault Architecture
9A Describe the encryption of data stored by Vault
https://www.vaultproject.io/docs/internals/security.html#external-threat-overview
9B Describe cluster strategy
https://www.vaultproject.io/docs/internals/high-availability.html
9C Describe storage backends
https://www.vaultproject.io/docs/configuration/storage/index.html
9D Describe the Vault agent
https://www.vaultproject.io/docs/agent/index.html
9E Describe secrets caching
https://www.vaultproject.io/docs/agent/caching/index.html
9F Be aware of identities and groups
https://www.vaultproject.io/docs/secrets/identity/index.html#identity-groups
https://www.vaultproject.io/docs/secrets/identity/index.html#group-hierarchical-permissions
https://www.vaultproject.io/docs/secrets/identity/index.html#external-vs-internal-groups
9G Describe Shamir secret sharing and unsealing
https://en.wikipedia.org/wiki/Shamir’s_Secret_Sharing
9H Be aware of replication
https://www.vaultproject.io/docs/internals/replication.html
9I Describe seal/unseal
https://www.vaultproject.io/docs/concepts/seal.html
9J Explain response wrapping
https://www.vaultproject.io/docs/concepts/response-wrapping.html
9K Explain the value of short-lived, dynamically generated secrets
10 Explain Encryption as a Service
10A Configure transit secret engine
https://www.vaultproject.io/docs/secrets/transit/index.html#setup
10B Encrypt and decrypt secrets
https://www.vaultproject.io/api/secret/transit/index.html#encrypt-data
https://www.vaultproject.io/api/secret/transit/index.html#decrypt-data
10C Rotate the encryption key
https://www.vaultproject.io/api/secret/transit/index.html#rotate-key