Learn how versioned key-value (kv-v2) secrets engine work to protect your data from accidental deletion, or compare the current data to previously stored data.
14min
Cubbyhole response wrapping
Vault provides the capability to wrap the Vault response and store it in a
cubbyhole where the holder of the one-time use wrapping token can unwrap it to
uncover the secret.
17min
Active Directory service account check-out
Provide and rotate credentials for configured Active Directory (AD) accounts
as well as check-out and check-in shared credentials.
19min
Manage LDAP credentials with Vault
Vault's LDAP secrets engine manages existing LDAP entry passwords for UNIX and Linux applications to use.
21min
Azure credential management with Vault
Vault can dynamically generate Azure service principal for applications to use.
58min
Build your own certificate authority (CA)
Demonstrate the use of PKI secrets engine as an Intermediate-Only certificate
authority which potentially allows for higher levels of security.
17min
Build certificate authority (CA) in Vault with an offline root
Create a Certificate Authority (CA) with an offline root and intermediate CAs in Vault.
14min
Enable ACME with PKI secrets engine
Learn how to enable ACME functionality with the PKI secrets engine and configure a compatible application to use it.
16min
Use PKI with external policy services
Use the PKI secrets engine in a flexible way, with custom policies from an external policy service that operates outside of Vault.
25min
PKI Unified CRL and OCSP with cross cluster revocation
Learn how to use the PKI secrets engine unified CRL and OCSP feature with Performance Replication cross cluster certificate revocation.
11min
PKI secrets engine with managed keys
Demonstrate the use of managed keys allowing PKI secrets engine to delegate
the private key management to the trusted external KMS.
21min
SSH secrets engine: One-time SSH password
Configure the Vault SSH secrets engine to issue one-time passwords (OTP)
every time a client wants to SSH into a remote host.
14min
Username templating
Learn how to set the Vault-generated username schema to meet your
organization's username conventions using the username templating.
28min
Vault as a KMIP server
Vault 1.2 introduced a Key Management Interoperability Protocol (KMIP) secrets
engine which allows Vault to serve as a KMIP server.
10min
Manage credentials for HCP Terraform with Vault
Generate, manage, and revoke credentials dynamically for HCP Terraform
and Terraform Enterprise (TFE) with Vault's Terraform secrets engine.
8min
Build custom Vault plugins
Build, register, and mount a custom auth method and secrets engine written in Go language.
6min
Rotate Azure auth method root credentials with Vault CLI
Use Vault to rotate Azure root credentials.
17min
Dynamic credentials for Google Cloud Platform (GCP)
Generate temporary dynamic credentials for the Google Cloud Platform using HashiCorp Vault.