Time
4 hours 53 minutes
Difficulty
Beginner
CEU/CPE
5

Video Transcription

00:00
Welcome back. I hope you had some success. And I hope you didn't have to dig into the lab sub folder because that's where we have the solution for this. I'm gonna walk through this lab solution in this second part of the lesson. First step. Let's look at the actual until upload policy file itself.
00:18
It's pretty straightforward. Set up. We wanted to go secret data and then any mission name. That's the structure we're using here at M I. Six. Right? We're going to create a sub folder for the particular mission and then another sub path for Agent Intel. And we want to allow these
00:35
different secret agents to have the rights of creating
00:38
and updating, and that's about it.
00:50
I'm gonna shoot over to my terminal now and go ahead and create that policy. Clear the screening and upload the policy. First
01:02
involved policy. Right. We're gonna call the policy Intel lab dash intel upload dot hcea
01:12
success.
01:15
Now we're gonna create a few keys. Just Teoh set this stage and pre populate with some data that will want for later testing on the 1st 1 of the for doctor. No, doctor, No mission.
01:27
Animal to say
01:30
the value don't need to make it 22 exciting. Here. We're gonna create another secret.
01:38
And the doctor? No. Will say Agent Intel.
01:44
Even though we're not James Bond right now on the route. User, I'm gonna go ahead and create a secret there.
01:49
Let's, uh, create a secret for the good old GoldenEye mission,
01:57
and we'll create some pre populated agent in detail there.
02:01
And then finally, we're gonna go straight and just create some agent intel here for some false positive testing.
02:08
Let's go ahead and enable the user paths. Maybe user pass
02:17
looks. Looks like I was thinking audit when I should have been is thinking off.
02:23
Okay, user passes. No, no, no.
02:27
I think we are in good shape. Let's just do a little bit of a check here. Say, vault off list. So we have the authentication set up.
02:37
Okay, I'm just checking here. We have policies. There's our policy called the Intel policy. Let's go forward and create the James Bond account off user pass users. James password will be
02:57
shaken
02:58
and policies will be until
03:02
beautiful.
03:06
So, for final testing way, we would like to log in
03:12
using the user past method user name James Bond in the password Shaken.
03:24
And there we go so we can see automatically. We have our token and were associated with a few policies, namely default in Intel. So that's shaping up to be what we want. Let's go ahead and run the different commands to interact with keys. What's even get the secret for Dr No. Sure enough, we can't
03:44
as similarly, the Agent Intel sub Secret Directory
03:47
should be denied. Get no permissions to perform those activities about GoldenEye mission. That's another secret that we created.
03:59
No permission is denied. Um, Gold, just street agent Intel Secret that we created directly off the route.
04:08
We cannot perform that activity. Let's try creating a secrets in Dr No, and we will do it in such a way nooky equals value. And, um, way should not
04:26
have success here either.
04:29
Sure enough, we don't and let's try and write one more secret directly into, let's say the Agent Intel
04:39
directory and Secret Stash cannot do that either.
04:45
Now, on to performing some operations that were, we should have success. So let's put a secrets doctor. No mission. We want to upload some agent intel because we are logged in as James Bond. We want to send it back to base. We say new key equals new value
05:04
success.
05:08
We should be able to do something very similar for the GoldenEye. Mission. Success.
05:16
Let's test this out. Just one more area by specifying a mission that doesn't even exist yet wasn't even created. Call the Spectrum mission also have success there, so we can upload and create secrets to any Agent Intel
05:34
for closing this out. What did we learn? Well, we talked about vault policies and theory. We looked at the actual policy files and understood the basics of the syntax. We applied that knowledge in an actual lab activity, and we ended up creating a custom policy file
05:49
that provided right only access to certain secrets following that particular agent Intel
05:55
pattern.

Up Next

Vault Fundamentals

Learn how HashiCorp Vault can improve your security posture when it comes to storing sensitive passwords, maintaining confidential keys, implementing encryption, and establishing robust access management.

Instructed By

Instructor Profile Image
James Leone
Cloud, IoT & DevSecOps at Abbott
Instructor