Free HashiCorp VA-002-P Practice Exam with Questions & Answers

Everything in the Vault is path-based, and policies are no exception. Policies provide a declarative way to grant or forbid access to certain paths and operations in Vault.

The policy template makes it very flexible to customize the environment. By using parameters within your template, you can have Vault "insert" a value into the path based upon things like identity values, group membership, and metadata associated with either the user's identity or group they are a member of.

Using the parameter, the path user-kv/data/{{identity.entity.name}}/* converts to user-kv/data/student01/*

When a parent token is revoked, all of its child tokens and leases are revoked as well. This ensures that a user cannot skip revocation by simply making a timeless tree of child tokens.

A dynamic block acts much like a for expression but produces nested blocks instead of a complex typed value. It iterates over a given complex value and generates a nested block for each element of that complex value.

If you are already using Terraform to manage infrastructure, you probably want to transfer to another backend, such as Terraform Cloud, so you can continue managing it. By migrating your Terraform state, you can hand off infrastructure without de-provisioning anything.

The local-exec provisioner invokes a local executable after a resource is created. This invokes a process on the machine running Terraform, not on the resource.

Note that even though the resource will be fully created when the provisioner is run, there is no guarantee that it will be in an operable state - for example, system services such as sshd may not be started yet on compute resources.

The -prefix flag treats the ID as a prefix instead of an exact lease ID. This can revoke multiple leases simultaneously.

After authenticating, a client is issued a security token which is associated with a policy. That token is used to make a subsequent request to Vault, such as read, write, etc.

If you are new to infrastructure as code as a concept, it is the process of managing infrastructure in a file or files rather than manually configuring resources in a user interface. A resource in this instance is any piece of infrastructure in a given environment, such as a virtual machine, security group, network interface, etc.

At a high level, Terraform allows operators to use HCL to author files containing definitions of their desired resources on almost any provider (AWS, GCP, GitHub, Docker, etc) and automates the creation of those resources at the time of application.

Non-root tokens are associated with a TTL, which determines how long a token is valid. Root tokens are not associated with a TTL, and therefore, do not expire.

Root tokens are tokens that have the root policy attached to them. They are the only type of token within Vault that are not associated with a TTL, and therefore, do not expire.

When reading a dynamic secret, such as via vault read, Vault always returns a lease_id. This is the ID used with commands such as vault lease renew and vault lease revoke to manage the lease of the secret.

vault lease lookup

Usage: vault lease [options] [args]

This command groups subcommands for interacting with leases. Users can revoke or renew leases.

Renew a lease:

$ vault lease renew database/creds/readonly/2f6a614c...

Revoke a lease:

$ vault lease revoke database/creds/readonly/2f6a614c...

Subcommands:

renew Renews the lease of a secret

revoke Revokes leases and secrets

Reference link:- https://www.vaultproject.io/docs/concepts/lease