Research Help improve navigation and content organization by answering a short survey. Start Survey

Security Labs

This collection of labs and tutorials will guide practitioners who want to follow the principles of HashiCorp's Security pillar.

Start
12 tutorials
  • 33min
    Encryption as a Service: Transit Secrets Engine
    Vault's transit secrets engine handles cryptographic functions on data in-transit. It can also be understood as encryption as a service.
    • Vault
    • Interactive
    • Video
  • 35min
    Transform Secrets Engine
    Transform secrets engine allows generation of cryptographically secure tokens mapped to sensitive data such as credit card numbers.
    • Vault
  • 5min
    Dynamic Secrets
    Learn how to generate AWS access keys dynamically using Vault.
    • Vault
    • Video
  • 45min
    Versioned Key/Value Secrets Engine
    Learn how versioned key-value (kv-v2) secrets engine work to protect your data from accidental deletion, or compare the current data to previously stored data.
    • Vault
    • Interactive
  • 19min
    Static Secrets: Key/Value Secrets Engine
    Vault supports generating new unseal keys as well as rotating the underlying encryption keys. This tutorial covers rekeying and rotating Vault's encryption keys.
    • Vault
    • Interactive
  • 11min
    Encrypting data with Transform secrets engine
    Transform secrets engine allows generation of cryptographically secure tokens mapped to sensitive data such as credit card numbers.
    • Vault
    • Video
  • 29min
    Tokenize Data with Transform Secrets Engine
    Learn how the Transform secrets engine's data tokenization works to provide maximum resistance to data being compromised.
    • Vault
  • 25min
    Dynamic Secrets: Database Secrets Engine
    Dynamically generate, manage, and revoke database credentials that meet your organization's password policy requirements.
    • Vault
    • Interactive
  • 21min
    SSH Secrets Engine: One-Time SSH Password
    Configure the Vault SSH secrets engine to issue one-time passwords (OTP) every time a client wants to SSH into a remote host.
    • Vault
    • Video
  • 13min
    Protect Sensitive Input Variables
    Protect sensitive values from accidental exposure using Terraform sensitive input variables. Provision a web application with Terraform, and mark input variables as sensitive to restrict when Terraform prints them out to the console.
    • Terraform
  • 11min
    Inject Secrets into Terraform Using the Vault Provider
    Configure the AWS Secrets Engine to manage IAM credentials in Vault through Terraform. Then use the short-lived, Vault-generated, dynamic secrets to provision EC2 instances.
    • Terraform
    • Vault
  • 22min
    Vault as Secrets Management for Consul
    Secure Consul on Kubernetes using gossip encryption, TLS certificates, and service mesh certificates using Vault as secrets management.
    • Consul
    • Vault