Vault Associate: HashiCorp Certified Vault Associate

The Vault Associate certification is for Cloud Engineers specializing in security, development, or operations who know the basic concepts, skills, and use cases associated with open source HashiCorp Vault. Candidates will be best prepared for this exam if they have professional experience using Vault in production, but performing the exam objectives in a personal demo environment may also be sufficient. This person understands what enterprise features exist and what can and cannot be done using the open source offering.

Try Online Exam


  • Basic terminal skills
  • Basic understanding of on premise or cloud architecture
  • Basic level of security understanding

HashiCorp Vault Associate Exam Summary:

Exam Name HashiCorp Certified Vault Associate (Security Automation)
Exam Code   Vault Associate 
Exam Price   $70 USD 
Duration  60 minutes
Number of Questions   57 
Passing Score   Pass / Fail (Approx 70%) 
Recommended Training / Books   Prepare for the exam 
Schedule Exam   Cloud Engineer Certification Exam Portal 
Sample Questions   HashiCorp Vault Associate Sample Questions 
Recommended Practice   HashiCorp Certified – Vault Associate Practice Test 

HashiCorp Security Automation Syllabus:

Section Objectives
Compare authentication methods – Describe authentication methods
– Choose an authentication method based on use case
– Differentiate human vs. system auth methods
Create Vault policies – Illustrate the value of Vault policy
– Describe Vault policy syntax: path
– Describe Vault policy syntax: capabilities
– Craft a Vault policy based on requirements
Assess Vault tokens – Describe Vault token
– Differentiate between service and batch tokens. Choose one based on use-case
– Describe root token uses and lifecycle
– Define token accessors
– Explain time-to-live
– Explain orphaned tokens
– Create tokens based on need
Manage Vault leases – Explain the purpose of a lease ID
– Renew leases
– Revoke leases
Compare and configure Vault secrets engines – Choose a secret method based on use case
– Contrast dynamic secrets vs. static secrets and their use cases
– Define transit engine
– Define secrets engines
Utilize Vault CLI – Authenticate to Vault
– Configure authentication methods
– Configure Vault policies
– Access Vault secrets
– Enable Secret engines
– Configure environment variables
Utilize Vault UI – Authenticate to Vault
– Configure authentication methods
– Configure Vault policies
– Access Vault secrets
– Enable Secret engines
Be aware of the Vault API – Authenticate to Vault via Curl
– Access Vault secrets via Curl
Explain Vault architecture – Describe the encryption of data stored by Vault
– Describe cluster strategy
– Describe storage backends
– Describe the Vault agent
– Describe secrets caching
– Be aware of identities and groups
– Describe Shamir secret sharing and unsealing
– Be aware of replication
– Describe seal/unseal
– Explain response wrapping
– Explain the value of short-lived, dynamically generated secrets
Explain encryption as a service – Configure transit secret engine
– Encrypt and decrypt secrets
– Rotate the encryption key