HashiCorp Exam HCVA0-003 Topic 7 Question 2 Discussion

Actual exam question for HashiCorp's HCVA0-003 exam

Question #: 2
Topic #: 7

[All HCVA0-003 Questions]

As a best practice, the root token should be stored in which of the following ways?

AShould be revoked and never stored after initial setup

BShould be stored in configuration automation tooling

CShould be stored in another password safe

DShould be stored in Vault

Show Suggested Answer

Suggested Answer: A

The root token is the initial token created when initializing Vault. It has unlimited privileges and can perform any operation in Vault. As a best practice, the root token should be revoked and never stored after initial setup. This is because the root token is a single point of failure and a potential security risk if it is compromised or leaked. Instead of using the root token, Vault operators should create other tokens with appropriate policies and roles that allow them to perform their tasks. If a new root token is needed in an emergency, the vault operator generate-root command can be used to create one on-the-fly with the consent of a quorum of unseal key holders. Reference: Tokens | Vault | HashiCorp Developer, Generate root tokens using unseal keys | Vault | HashiCorp Developer

by Cherilyn at Apr 03, 2025, 07:13 AM

Limited Time Offer

25%

25 days ago

Definitely D. Vault is the way to go for secure storage of sensitive tokens.

upvoted 0 times

Dorinda

6 days ago

It's important to keep sensitive tokens like the root token in a secure location.

upvoted 0 times

...

Brittni

12 days ago

I agree, storing the root token in Vault is the most secure option.

upvoted 0 times

...