Question 1mediummultiple choice
Read the full Compare and configure secrets engines explanation →VA-003 Compare and configure secrets engines • Complete Question Bank
Complete VA-003 Compare and configure secrets engines question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. ``` $ vault secrets enable -path=kv-v2 kv-v2 $ vault kv put kv-v2/secret username=admin password=s3cret $ vault kv get kv-v2/secret ====== Metadata ====== Key Value --- ----- created_time 2023-01-01T00:00:00Z deletion_time n/a destroyed false version 1 ====== Data ====== Key Value --- ----- password s3cret username admin $ vault kv metadata get kv-v2/secret Key Value --- ----- cas_required false created_time 2023-01-01T00:00:00Z current_version 1 custom_metadata map[] delete_version_after 0s max_versions 0 oldest_version 0 updated_time 2023-01-01T00:00:00Z ```
Refer to the exhibit.
```
$ vault secrets enable -path=postgres database
Success! Enabled the database secrets engine at: postgres/
$ vault write postgres/config/my-postgres-database \
plugin_name=postgresql-database-plugin \
allowed_roles="my-role" \
connection_url="postgresql://{{username}}:{{password}}@localhost:5432/mydb" \
username="admin" \
password="password"
Success! Data written to: postgres/config/my-postgres-database
$ vault write postgres/roles/my-role \
db_name=my-postgres-database \
creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; GRANT SELECT ON ALL TABLES IN SCHEMA public TO \"{{name}}\";" \
default_ttl="1h" \
max_ttl="24h"
Success! Data written to: postgres/roles/my-role
```Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Highly available, key-value store
Integrated storage with consensus
Local filesystem storage
AWS object storage
AWS NoSQL database
$ vault secrets enable -path=internal/aws aws $ vault write aws/config/root access_key=AKIA... secret_key=wJal... $ vault write aws/roles/my-role credential_type=iam_user policy_arn=arn:aws:iam::aws:policy/AdministratorAccess
$ vault secrets enable -path=transit transit $ vault write -f transit/keys/my-key type=aes256-gcm96 $ vault write transit/encrypt/my-key plaintext=$(base64 <<< "secretdata") $ vault write transit/decrypt/my-key ciphertext=$CIPHER
path "database/creds/my-role" {
capabilities = ["read"]
}
path "database/roles/*" {
capabilities = ["list"]
}
path "sys/mounts" {
capabilities = ["read"]
}path "secret/data/*" {
capabilities = ["list"]
}$ vault read pki/issuer/intermediate-2020 Key Value --- ----- issuer_id 1234 issuer_name intermediate-2020 key_bits 2048 key_type rsa signature_bits 0
$ vault read secret/metadata/myapp Key Value --- ----- cas_required true created_time 2023-01-01T00:00:00Z current_version 1 delete_version_after 0s max_versions 0 oldest_version 0 updated_time 2023-01-01T00:00:00Z
$ vault secrets list -detailed Path Type Accessor Options Description ---- ---- -------- ------- ----------- cubbyhole/ cubbyhole cubbyhole_xxx map[] per-token private secret storage database/ database database_xxx map[] dynamic database credentials secret/ kv kv_xxx map[] key-value (unversioned)