This lab walks end users through the process of installing and configuring HashiCorp Vault and two open-source Vault plugins created by Venafi, as well as demonstrates a couple of example use cases.

Issuing a machine identity today, in many organizations, can take DAYS and is often a very manual process. Naturally, that can create bottlenecks for security or PKI teams that are typically dealing with multiple product and/or application developer teams. Manual processes are also prone to human error that could otherwise be avoided by introducing some form of automation. These problems are exacerbated when organizations are using DevOps practices.

DevOps teams are used to speed AND automation, and for good reason. Therefore, they adopt tools like HashiCorp Vault to help them get the machine identities they need to secure their applications as quickly as possible. This is great for the DevOps teams, but can leave Security in the dark. Security teams need the visibility to see ALL the machine identities throughout the organization, and the capability to enforce standard policy over the machine identities that DevOps teams are issuing.

This is a Venafi PKI Secrets Engine plugin for HashiCorp Vault that enables certificate enrollment using Venafi machine identity services.

This allows HashiCorp Vault to use Venafi to fulfill certificate requests from any supported CA, while providing the same policy tools that Venafi users expect.

This is a Venafi PKI Monitoring Secrets Engine for HashiCorp Vault that enforces security policy and provides certificate visibility to the enterprise.

This allows HashiCorp Vault to issue certificates using Vault at the almost instantaneous speed that DevOps teams expect, while still providing the security teams the control and visibility they require.

Proceed to the Lab to get started.