Exam content list - Vault Associate (003)
Note
The material covered in this content list is for the Vault Associate 003 exam version, which is coming in early 2025. Switch to the Vault Associate 002 exam version if you need to take the exam in 2024.
This is a direct mapping of each exam objective to HashiCorp's documentation or tutorials. This provides experienced exam candidates a place to review only the objectives they need extra help with before taking the exam.
| Objective ID | Exam objective | Documentation | Tutorial |
|---|---|---|---|
| 1 | Authentication methods | ||
| 1a | Define the purpose of authentication methods | Auth methods | Human and machine authentication |
| 1b | Choose an authentication method based on use case | Auth methods | Human and machine authentication |
| 1c | Explain the difference between human & system authentication methods | Authentication | Human and machine authentication |
| 1d | Define the purpose of identities and groups | Identity | Identity: entities and groups |
| 1e | Authenticate to Vault using the API, CLI, and UI | Authenticating | |
| 1f | Configure authentication methods using the API, CLI, and UI | Auth methods | |
| 2 | Vault policies | ||
| 2a | Explain the value of Vault policies | Policies | Introduction to policies |
| 2b | Describe Vault policy: path | Policy syntax | Introduction to policies |
| 2c | Describe Vault policy: capabilities | Capabilities | Introduction to policies |
| 2d | Choose a Vault policy based on requirements | Policies | Introduction to policies |
| 2e | Configure Vault policies using the UI and CLI | Creating policies | |
| 3 | Vault tokens | ||
| 3a | Choose between service and batch tokens based on use case | Tokens | Types of tokens |
| 3b | Describe root token uses and lifecycle | Root tokens | Types of tokens |
| 3c | Explain the purpose of token accessors | Token accessors | Token metadata |
| 3d | Explain the impact of time-to-live | Token time-to-live | Token metadata |
| 3e | Explain orphaned tokens | Orphaned tokens | Orphan tokens |
| 3f | Describe how to create tokens based on need | Tokens | Introduction to tokens |
| 4 | Vault leases | ||
| 4a | Explain the purpose of a lease ID | Lease, renew, and revoke | Dynamic secrets |
| 4b | Describe how to renew leases | Lease, renew, and revoke | Dynamic secrets |
| 4c | Describe how to revoke leases | Lease, renew, and revoke | Dynamic secrets |
| 5 | Secrets engines | ||
| 5a | Choose a secrets engine based on use case | Secrets engines | Secrets engines for static and dynamic secrets |
| 5b | Compare and contrast dynamic secrets vs. static secrets, know their use cases | Database secrets engine | Understand static and dynamic secrets |
| 5c | Describe the uses of transit secrets engine | Transit secrets engine | Encryption as a service: transit secrets engine |
| 5d | Describe the purpose of secrets engines | Secrets engines | Secrets engines for static and dynamic secrets |
| 5e | Describe the use of response wrapping | Response wrapping | Cubbyhole response wrapping |
| 5f | Explain the value of short-lived, dynamic secrets | Database secrets engine | Understand static and dynamic secrets |
| 5g | Enable secrets engines using the CLI and UI | CLI - Vault secrets command | |
| 5h | Access Vault secrets using the CLI, API, and UI | KV secrets engine | |
| 6 | Encryption as a Service | ||
| 6a | Encrypt and decrypt secrets | Transit secrets engine | Encryption as a service: transit secrets engine |
| 6b | Rotate the encryption key | Rotate key | Encryption as a service: transit secrets engine |
| 7 | Vault architecture fundamentals | ||
| 7a | Describe how Vault encrypts data | Seal/unseal | Auto unseal |
| 7b | Explain how to seal and unseal Vault | Seal/unseal | Auto unseal |
| 7c | Configure environment variables | Environment variables | Set up Vault |
| 8 | Vault deployment architecture | ||
| 8a | Explain cluster strategy for self-managed and HashiCorp-managed clusters | What is HCP Vault Dedicated | Understand available editions of Vault |
| 8b | Explain the uses of storage backends | Storage | Raft storage |
| 8c | Explain the uses of Shamir secret sharing and unsealing | Shamir seals | Rekeying and rotating |
| 8d | Explain the uses of disaster recovery and performance replication | Replication | |
| 8e | Differentiate between self-managed and HashiCorp-managed Vault clusters | What is HCP Vault Dedicated | Understand available editions of Vault |
| 9 | Access management architecture | ||
| 9a | Describe the Vault Agent | Vault agent and proxy | Vault agent quick start |
| 9b | Describe the Vault Secrets Operator | Vault Secrets Operator | Vault Secrets Operator |
Next steps
Review the learning path to practice all of the exam objectives. Check out the sample questions to review the exam question format.