Research Help improve navigation and content organization by answering a short survey. Start Survey

Security
Automation Certification

HashiCorp’s Security Automation certification program has two levels: Work up to the advanced Vault Professional Certification by starting with the foundational Vault Associate certification. The Associate certification validates your knowledge of open source Vault. Then, continue your certification journey with the Professional hands-on, lab-based exam to validate your years of production experience with both Vault and Vault Enterprise.

HashiCorp Certified:

Vault Associate (002)

Product version tested:Vault 1.6.0 and higher

The Vault Associate certification is for Cloud Engineers specializing in security, development, or operations who know the basic concepts, skills, and use cases associated with open source Vault. This includes understanding what enterprise features exist and what can and cannot be done using the open source offering. You should have professional experience using Vault in production, but performing the exam objectives in a personal demo environment may be sufficient.

  • Basic terminal skills
  • Basic understanding of on premise or cloud architecture
  • Basic level of security understanding
Assessment TypeMultiple choice
FormatOnline proctored
Duration1 hour
Price$70.50 USD, plus locally applicable taxes and fees. Free retake not included.
LanguageEnglish
Expiration2 years
1Compare authentication methods
1aDescribe authentication methods
1bChoose an authentication method based on use case
1cDifferentiate human vs. system auth methods
2Create Vault policies
2aIllustrate the value of Vault policy
2bDescribe Vault policy syntax: path
2cDescribe Vault policy syntax: capabilities
2dCraft a Vault policy based on requirements
3Assess Vault tokens
3aDescribe Vault token
3bDifferentiate between service and batch tokens. Choose one based on use-case
3cDescribe root token uses and lifecycle
3dDefine token accessors
3eExplain time-to-live
3fExplain orphaned tokens
3gCreate tokens based on need
4Manage Vault leases
4aExplain the purpose of a lease ID
4bRenew leases
4cRevoke leases
5Compare and configure Vault secrets engines
5aChoose a secret method based on use case
5bContrast dynamic secrets vs. static secrets and their use cases
5cDefine transit engine
5dDefine secrets engines
6Utilize Vault CLI
6aAuthenticate to Vault
6bConfigure authentication methods
6cConfigure Vault policies
6dAccess Vault secrets
6eEnable Secret engines
6fConfigure environment variables
7Utilize Vault UI
7aAuthenticate to Vault
7bConfigure authentication methods
7cConfigure Vault policies
7dAccess Vault secrets
7eEnable Secret engines
8Be aware of the Vault API
8aAuthenticate to Vault via Curl
8bAccess Vault secrets via Curl
9Explain Vault architecture
9aDescribe the encryption of data stored by Vault
9bDescribe cluster strategy
9cDescribe storage backends
9dDescribe the Vault agent
9eDescribe secrets caching
9fBe aware of identities and groups
9gDescribe Shamir secret sharing and unsealing
9hBe aware of replication
9iDescribe seal/unseal
9jExplain response wrapping
9kExplain the value of short-lived, dynamically generated secrets
10Explain encryption as a service
10aConfigure transit secret engine
10bEncrypt and decrypt secrets
10cRotate the encryption key

Visit the Exam-taker Handbook to learn about the requirements and policies for taking exams.

HashiCorp Certified:

Vault Operations Professional

Product version tested:Vault 1.8.0 and higher

The Vault Operations Professional exam is a lab-based exam for Cloud Engineers focused on deploying, configuring, managing, and monitoring HashiCorp Vault. You are well-qualified to take this exam if you hold the Vault Associate Certification (or equivalent knowledge), have experience operating Vault in production, and can evaluate Vault Enterprise functionality and use cases.

We strongly recommend passing the associate-level Vault exam before taking the professional-level exam. Practitioners who are already experienced with Vault operations in a production environment—and understand the concepts covered in the associate exam— may be able to successfully pass the professional-level exam.

  • HashiCorp Certified: Vault Associate Certification (recommended)
  • Linux skills such as list and edit files via command terminal
  • Understanding of IP networking
  • Experience with Public Key Infrastructure (PKI), including PGP and TLS
  • Information security fundamentals such as network security and RBAC
  • Understand the concepts and functionality of infrastructure running in containers including starting and stopping services, and reading logs
Assessment TypeLab-based and multiple choice
FormatOnline proctored
Duration4 hours
Price$295 USD, plus locally applicable taxes and fees. Includes free retake.
LanguageEnglish
Expiration2 years
1Create a working Vault server configuration given a scenario
1aEnable and configure secret engines
1bPractice production hardening
1cAuto unseal Vault
1dImplement integrated storage for open source and Enterprise Vault
1eEnable and configure authentication methods
1fPractice secure Vault initialization
1gRegenerate a root token
1hRekey Vault and rotate encryption keys
2Monitor a Vault environment
2aMonitor and understand Vault telemetry
2bMonitor and understand Vault audit logs
2cMonitor and understand Vault operational logs
3Employ the Vault security model
3aDescribe secure introduction of Vault clients
3bDescribe the security implications of running Vault in Kubernetes
4Build fault-tolerant Vault environments
4aConfigure a highly available (HA) cluster
4b[Vault Enterprise] Enable and configure disaster recovery (DR) replication
4c[Vault Enterprise] Promote a secondary cluster
5Understand the hardware security module (HSM) integration
5a[Vault Enterprise] Describe the benefits of auto unsealing with HSM
5b[Vault Enterprise] Describe the benefits and use cases of seal wrap (PKCS#11)
6Scale Vault for performance
6aUse batch tokens
6b[Vault Enterprise] Describe the use cases of performance standby nodes
6c[Vault Enterprise] Enable and configure performance replication
6d[Vault Enterprise] Create a paths filter
7Configure access control
7aInterpret Vault identity entities and groups
7bWrite, deploy, and troubleshoot ACL policies
7c[Vault Enterprise] Understand Sentinel policies
7d[Vault Enterprise] Define control groups and describe their basic workflow
7e[Vault Enterprise] Describe and interpret multi-tenancy with namespaces
8Configure Vault Agent
8aSecurely configure auto-auth and token sink
8bConfigure templating

This performance-based exam contains labs that must be completed in a virtual environment, and a shorter multiple-choice section. During the lab scenarios, exam-takers will be tested on performing real-world Vault operational tasks on the command line. The Vault UI and API can also be used where applicable, and exam-takers will have access to the Vault and Vault API documentation.

Visit the Exam-taker Handbook to learn about the requirements and policies for taking exams.