Vault and Consul
- HashiCorp Vault is a secrets management platform providing a secure enclave for static and dynamic secrets.
- HashiCorp Consul solves the challenges of service discovery, configuration management, and network segmentation in distributed applications.
- In this course, you will learn the basics of using Vault, including managing secrets, configuring policies, and reviewing audit logs. You will also learn how to connect dynamic applications using Consul service discovery and service mesh.
- 3 days
Lectures and hands-on labs. (50%, 50%)
- Comfortable with any programming language
- Comfortable in Linux environment (be able to navigate Linux command line, run commands)
- A reasonably modern laptop
- Unrestricted connection to the Internet. Laptops with overly restrictive VPNs or firewalls may not work properly
- A browser (Chrome recommended)
- SSH client for your platform (Putty or Terminal)
- Vault Overview
- Secret Engines: Static Secrets
- Secret Engines: Cubbyhole Secret Engine
- Secret Engines: Dynamic Secrets
- Encryption as a Service – Transit Secrets Engine
- Application Integration
- Vault Installation
- Vault Cluster Deployment
- Vault Operations
- Vault Policies
- Secure Introduction
- Vault Identities: Entities and Groups
- Granular Access Control
- Scaling for Performance
- Codify Management of Vault Clusters
- Production Topologies
- Monitoring Vault
Microservices and Consul
- An introduction to monolithic vs service-oriented architectures
- Service discovery in a monolith
- Service discovery challenges in a distributed system and Consul’s solution
- Configuration management in a monolith
- Configuration challenges in a distributed system and Consul’s solution
- Network segmentation in a monolith
- Network segmentation challenges in a distributed system and Consul’s solutions
- The definition of “service mesh”
- Learn about the problems that Consul solves.
- Explore Consul’s architecture and interfaces (HTTP API, DNS interface, and web UI).
- Implement service discovery and health checking.
- Connect services into a service mesh to encrypt and control network traffic.
- Manipulate values in Consul’s key-value store and watch them for updates.
- Render a configuration file from key-value data using Consul Template.
- Install a local Consul agent that you can use to continue experimenting with after the course.