Free Preparation Discussions
MENU
HashiCorp Exam VA-002-P Topic 9 Question 4 Discussion
Topic #: 9
Which of the following unseal options can automatically unseal Vault upon the start of the Vault service? (select four)
When a Vault server is started, it starts in a sealed state and it does not know how to decrypt data. Before any operation can be performed on the Vault, it must be unsealed. Unsealing is the process of constructing the master key necessary to decrypt the data encryption key.
Below are links covering details of each option:- https://www.vaultproject.io/docs/concepts/seal
AWS KMS
https://learn.hashicorp.com/vault/operations/ops-autounseal-aws-kms
Auto-unseal using Transit Secrets Engine
https://learn.hashicorp.com/vault/operations/autounseal-transit
Auto-unseal using Azure Key Vault
https://learn.hashicorp.com/vault/day-one/autounseal-azure-keyvault
Auto-unseal using HSM
https://learn.hashicorp.com/vault/operations/ops-seal-wrap
Key shards don't support auto unseal instead key shards require the user to provide unseal keys to reconstruct the master key
https://www.vaultproject.io/docs/concepts/seal
Currently there are no comments in this discussion, be the first to comment!