» Vault Operations

Vault Operations guides address Vault infrastructure discussions. These guides are designed to help the operations team to plan and install a Vault cluster that meets your organization's needs.

  • Vault Reference Architecture guide provides guidance in the best practices of Vault Enterprise implementations through use of a reference architecture. This example is to convey a general architecture, which is likely to be adapted to accommodate the specific needs of each implementation.

  • Vault HA with Consul guide walks you through a simple Vault HA cluster implementation which is backed by HashiCorp Consul.

  • Production Hardening guide provides guidance on best practices for a production hardened deployment of Vault. The recommendations are based on the security model and focus on defense in depth.

  • Root Token Generation guide demonstrates the workflow of regenerating root tokens. It is considered to be a best practice not to persist the initial root token. If a root token needs to be regenerated, this guide helps you walk through the task.

  • Rekeying & Rotating guide provides a high-level overview of Shamir's Secret Sharing Algorithm, and how to perform rekey and rotate operations in Vault.

  • Building Plugin Backends guide provides steps to build, register, and mount non-database external plugin backends.

» Vault Enterprise

  • Replication Setup & Guidance walks you through the commands to activate the Vault servers in replication mode. Please note that Vault Replication is a Vault Enterprise feature.

  • Disaster Recovery Replication Setup guide provides step-by-step instruction of setting up a disaster recovery (DR) cluster.

  • Mount Filter guide demonstrates how to selectively filter out secret engines from being replicated across clusters. This feature can help organizations to comply with General Data Protection Regulation (GDPR).

  • Vault Auto-unseal using AWS Key Management Service (KMS) guide demonstrates an example of how to use Terraform to provision an instance that utilizes an encryption key from AWS Key Management Service (KMS).

  • Seal Wrap / FIPS 140-2 guide demonstrates how Vault's seal wrap feature works to encrypt your secrets leveraging FIPS 140-2 certified HSM.