Free course: Deploying HashiCorp Vault with AWS Secrets Engine
- Troy Dieter
- Aws
- October 8, 2020
Table Of Contents
Deploying HashiCorp Vault with AWS Secrets Engine
I am providing my course, Deploying HashiCorp Vault with AWS Secrets Engine for no charge - available on YouTube. I’ll keep this page updated with additional material and update the videos on YouTube as needed.
Introduction
In this lecture, we will cover the course content and the benefits of using HashiCorp Vault with the AWS secrets engine integration.
Resources
Terminology and scope of deployment
In this lecture we’ll cover the terminology used in the remainder of the course. Also, we will cover what the actual deployment will look like once completed.
Resources
Set up the AWS environment
In this lecture, you will be provisioning the AWS resources needed to support the Vault environment. All steps are provided including the downloadable materials which need to be used. Please view Lecture 9 for a walk-through of deploying the 2 Availability Zone VPC using CloudFormation if needed.
Resources
Deploying a 2 availability zone VPC with CloudFormation
A brief walk-through of deploying the 2AZ in VPC using CloudFormation in the AWS console.
Resources
Set up HashiCorp Vault on AWS
In this lecture, we will create the needed Route53 record set to point to the alias Elastic Load Balancer. We will also initialize and unseal the Vault. An example of the payload.json mentioned in the video is in the Downloadable Materials section.
Resources
AWS Secrets Engine Configuration
In this lecture, you will enable the AWS secrets engine and create a new role for a Data Scientist. You will also generate token based, temporary access key & secret access keys using this new role!
Resources
AppRole and additional methods
Various authentication methods (including user\pass, LDAP (including AD), token-based, key-value) are available to extend the abilities of Vault. Browse to the below external resource to view Vault’s official documentation on extending Vault’s capabilities to include additional authentication methods.
Resources
Vault Credential Rotator Tool
This lecture will cover a walk-through of using vault-credential-rotator (https://github.com/troydieter/vault-credential-rotator) which allows for:
Easy vault key rotation stored in your AWS credential store
Supported in Windows, Linux & MacOS
Supports LDAP authentication method
Resources
Generating AppRole authentication credentials to be used with AWS secrets engine
This lecture will cover the use of the AppRole authentication method, and how to generate the required credentials to distribute. The script referenced in the lecture is provided here as well (approle.py). Ensure the values are changed accordingly, which are demonstrated in the lecture video.
Resources
Bonus: Set up HashiCorp Vault using a Helm chart in Kubernetes
In this lecture, we’ll briefly cover the deployment of HashiCorp Vault using a Helm Chart to a Kubernetes cluster. Feel free to follow Lecture 5 & 6 to configure the AWS secrets engine after deploying via Helm.
