Select the two paths below that would be permitted for read access based on the following Vault policy:
path "secret/+/training/*" {
capabilities = ["create", "read"]
}
You have logged into the Vault UI and see this screen. What Vault component is being enabled in the screenshot below?
You are using the Vault API to test authentication before modifying your CI/CD pipeline to properly authenticate to Vault. You manually authenticate to Vault and receive the response below. Based on the provided options, which of the following are true? (Select four)
$ curl \
--request POST \
--data @payload.json \
https://vault.krausen.com:8200/v1/auth/userpass/login/bryan.krausen | jq
*******************************************************************************
******* RESPONSE BELOW ********************************************************
*******************************************************************************
{
"request_id": "f758e8da-11b6-8341-d404-56f0c370a7fa",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": null,
"wrap_info": null,
"warnings": null,
"auth": {
"client_token": "hvs.CbzCNJCVWt63jyzyaJakgDwz",
"accessor": "rffwXzKFcxvaQi6Vgo8tY4Lt",
"policies": [
"training",
"default"
],
"token_policies": [
"training",
"default"
],
"metadata": {
"username": "bryan.krausen"
},
"lease_duration": 84600,
"renewable": true,
"entity_id": "f1795f6a-c576-d619-b2d5-74c0aee08edb",
"token_type": "service",
"orphan": true
}
}
Your organization has an initiative to reduce and ultimately remove the use of long lived X.509 certificates. Which secrets engine will best support this use case?
True or False? When encrypting data with the Transit secrets engine, Vault always stores the ciphertext in a dedicated KV store along with the associated encryption key.