HashiCorp Vault

Track

HashiCorp Vault

Status

ACTIVE

Progress

Production Experience

Interest Link

IT > InfoSec

Curriculum

Core Modules

Module	Topics	Status
Secrets Engines	KV v2, PKI, SSH CA, Transit	Active
PKI Infrastructure	Root CA, Intermediate CA, cert issuance	Done
SSH Certificate Authority	Signed SSH keys, principals, TTL	Done
Authentication	Token, AppRole, LDAP, OIDC	Active
Policies	HCL policies, path-based ACLs	Done
HA Cluster	Raft storage, auto-unseal	Planning

Module

Topics

Status

Secrets Engines

KV v2, PKI, SSH CA, Transit

Active

PKI Infrastructure

Root CA, Intermediate CA, cert issuance

Done

SSH Certificate Authority

Signed SSH keys, principals, TTL

Done

Authentication

Token, AppRole, LDAP, OIDC

Active

Policies

HCL policies, path-based ACLs

Done

HA Cluster

Raft storage, auto-unseal

Planning

Active Infrastructure

vault-01 - Production Vault (Rocky Linux 9)
PKI: DOMUS-ROOT-CA → DOMUS-ISSUING-CA
SSH CA: 8h TTL certs for all infrastructure
AppRole: netapi service authentication

Key Patterns

# Issue EAP-TLS certificate
vault write pki_int/issue/domus-client \
  common_name="host.inside.domusdigitalis.dev" \
  ttl="8760h"

# Sign SSH key
vault write -field=signed_key ssh/sign/domus-client \
  public_key=@~/.ssh/id_ed25519_vault.pub \
  valid_principals="ansible,evanusmodestus,root"