HashiCorp Certified: Vault Operations Professional
Validates professional-level skills in deploying, configuring, managing, and monitoring HashiCorp Vault in production environments. Covers server configuration with secrets engines and auth methods, production hardening, auto-unseal and integrated storage, monitoring via telemetry and audit logs, the Vault security model including secure introduction and Kubernetes considerations, fault-tolerant environments with HA clusters and Enterprise DR replication, HSM integration with seal wrap, performance scaling with batch tokens and performance replication, access control with identity entities, ACL policies, Sentinel, control groups, and namespaces, and Vault Agent configuration. Lab-based exam running Vault Enterprise binary.
Exam domains
- Configure Vault Agent13%
Run Vault Agent with auto-auth (AppRole, Kubernetes, AWS IAM), token sinks, response wrapping, caching, and consul-template-style templating to inject dynamic secrets into application processes.
- Configure Access Control13%
Author and troubleshoot ACL policies, identity entities/groups/aliases, Sentinel EGP/RGP policies, control groups, and namespace-scoped multi-tenancy for fine-grained Enterprise authorization.
- Monitor a Vault Environment13%
Interpret telemetry, operational logs, and audit device output (file, syslog, socket) to track request latency, token TTLs, seal status, replication lag, and storage metrics for operational health.
- Scale Vault for Performance13%
Use batch tokens, performance standby nodes, performance replication, and paths filtering to scale read throughput and isolate workloads across primary and secondary clusters.
Sources
Questions are grounded in 50 references from official and authoritative materials.