* WIP - Seal Wrap guide * WIP: Seal Wrap guide * Added a brief description about the Seal Wrap guide * Incorporated feedbacks * Updated FIPS language Technically everything looks great. I've updated some of the language here as "compliance" could be interpreted to mean that golang's crypto and xcrypto libraries have been certified compliant with FIPS. Unfortunately they have not, and Leidos' cert is only about how Vault can operate in tandem with FIPS-certified modules. It's a very specific update, but it's an important one for some VE customers. Looks great - thanks! * Removed 'Compliance' from title * typo fix
2.9 KiB
layout | page_title | sidebar_current | description |
---|---|---|---|
guides | Vault Operations - Guides | guides-operations | Vault architecture guide covers Vault infrastructure discussions including installation. |
Vault Operations
Vault Operations guides address Vault infrastructure discussions. These guides are designed to help the operations team to plan and install a Vault cluster that meets your organization's needs.
-
Vault Reference Architecture guide provides guidance in the best practices of Vault Enterprise implementations through use of a reference architecture. This example is to convey a general architecture, which is likely to be adapted to accommodate the specific needs of each implementation.
-
Vault HA with Consul guide walks you through a simple Vault HA cluster implementation which is backed by HashiCorp Consul.
-
Production Hardening guide provides guidance on best practices for a production hardened deployment of Vault. The recommendations are based on the security model and focus on defense in depth.
-
[Enterprise Only] Replication Setup & Guidance walks you through the commands to activate the Vault servers in replication mode. Please note that Vault Replication is a Vault Enterprise feature.
-
[Enterprise Only] Mount Filter guide demonstrates how to selectively filter out secret engines from being replicated across clusters. This feature can help organizations to comply with General Data Protection Regulation (GDPR).
-
[Enterprise Only] Vault Auto-unseal using AWS Key Management Service (KMS) guide demonstrates an example of how to use Terraform to provision an instance that utilizes an encryption key from AWS Key Management Service (KMS).
-
[Enterprise Only] Seal Wrap / FIPS 140-2 guide demonstrates how Vault's seal wrap feature works to encrypt your secrets leveraging FIPS 140-2 certified HSM.
-
Root Token Generation guide demonstrates the workflow of regenerating root tokens. It is considered to be a best practice not to persist the initial root token. If a root token needs to be regenerated, this guide helps you walk through the task.
-
Rekeying & Rotating guide provides a high-level overview of Shamir's Secret Sharing Algorithm, and how to perform rekey and rotate operations in Vault.
-
Building Plugin Backends guide provides steps to build, register, and mount non-database external plugin backends.