Dan Dragon

Vault Certification Exam Passed!

26 Feb 2025 - Dan Dragon

I am happy to announce that I passed the Vault Certification exam! Now I just wait until they send me the certificate. I’m happy to add this to my list of certifications, but I wanted to do some reflection on the certification itself and how I feel about it as a Software Engineer, and not DevOps or Security.

The Exam Material

A lot of the exam was about configuring the Vault server, setting up policies, and memorizing CLI commands. In hindsight I will probably be doing more integrating with Vault than configuring it, but it’s good to know how to do it.

For those thinking about taking it, I recommend it. This exam wasn’t terribly difficult, and any certification is a good one in my opnion, but it wasn’t as useful for my day-to-day work as I thought it would be.

Alternative Exam Idea

I really think Hashicorp should consider a different exam & certification for just integrating with Vault. There would still be some administration duties, but it would focus more on:

  1. Integrating Vault with legacy applications. I’m thinking something along the lines of using Vault Agent to inject secrets into an application, then modifying the application to fetch its own secrets, then eventually the application can be refactored to auth with Vault directly removing the need for the agent.
  2. Using Vault for local development. There was very little about setting up a docker-compose and using Vault in a local development environment. I think this is a very common use case for Vault, and it would be good to have training for it. I’m sure there’s going to be some pitfalls for when I do need to do this.
  3. Using Vault API (since this is how you would integrate a production application with Vault). The exam had some API related questions, but it really focused on the CLI.

To speak a little more on the intrating with legacy applications. I think there are some common questions people have when first using vault they could answer in this general topic. For example, do you cache secrets? How would you cache secrets if your application is running in a cluster? Or should each application fetch its own credentials each time?

Conclusion

I’m happy I passed the exam, but in the end I came to the conclusion the exam wasn’t exactly FOR ME. I still do anticipate on getting my vault out of the education.