Glad it helped!

Wow, thanks a lot, David!

Thanks, Jesse, that made my day!

This is wonderful to hear! I'm so glad this helped you!

You're welcome, glad it helped

Thank you!

Thank you so much

I think you're talking about two different things. HashiCorp Vault can integrate with external storage providers through its storage backends. These backends are used to persist the data that Vault manages, such as secrets and policies. Here are a few examples of external storage backends that Vault supports:Amazon S3: Vault can use Amazon S3 as a storage backend. You need to configure the S3 bucket and provide necessary credentials.Google Cloud Storage: Similar to S3, Google Cloud Storage can also be used as a storage backend for Vault.Azure Blob Storage: Vault supports Azure Blob Storage as well.Consul: While not strictly an "external" storage provider, Consul is commonly used with Vault for storage and high availability.DynamoDB: Vault can use AWS DynamoDB for storage, which helps in achieving high availability and reliability. In comparison to External Secrets Operator (ESO), which allows you to dynamically fetch secrets from various external secret management services into Kubernetes, Vault's external storage backends are primarily for persisting Vault's own data securely. However, Vault can also serve as a secret management service itself, and its secrets can be accessed by Kubernetes using integrations like the Vault Kubernetes Auth method and the Vault Agent Injector. Vault has a Vault Secrets Operator VSO similar to ESO. developer.hashicorp.com/vault/tutorials/kubernetes/vault-secrets-operator

@@TeKanAid Many thanks for the explanation. 🙏

​@@premierdeYou are welcome!

Thank you for the kind words!

Glad to hear

You're welcome!

I have seen the use of Vault with TDE on MSSQL and Oracle, but have not seen it with DB2. I can ask the HashiCorp folks.

@@TeKanAid Thanks for the response. Yes I'm researching on it but couldn't able to find any proper documents/solutions

You're welcome thanks for your note.

These are great questions and I cover them all in my Vault 101 and Vault 202 courses, but quickly, the root token should only be used to configure auth methods. One of which should give admin access then you should revoke the root token. You can always recreate a root token from the unseal keys.

You're very welcome!

You have to use a utility that rotates the logs such as logrotate. You need to be careful because if you run out of disk space, Vault will stop working by design. I talk about all that in depth and give you the config in my Vault 202 course if you’re interested.

Glad it was helpful!

Yes you can use Vault for key management dev.mysql.com/doc/mysql-secure-deployment-guide/8.0/en/secure-deployment-data-encryption.html

@@TeKanAid Thank you.

@@TeKanAid Do you a course that teaches MySQL DB TDE with HashiCorp vault?

@@thiruardura please send me a note via my contact form I would like to learn more about what you're looking to do. tekanaid.com/contact

Glad to hear, thanks!

Yeah, it acts as a broker for secrets. Dynamic Database secrets are on demand secrets that get created on read from the client.

Thanks for sharing, Trevor!

Glad to hear, thanks

Thank you. I hadn't looked into it before. I don't think you can tune it. I came across this learn guide if it's helpful. learn.hashicorp.com/tutorials/vault/performance-tuning?in=vault/operations#storage-backend-tuning

@@TeKanAid thanks for taking the time to reply and advise on this. Came across this documentation too. Tried to add in some config values, but it also seemed to me that you can't control the value. Strange that it takes up so much space. Anyway, thanks again!

@@vincentverweij1053 I actually took a look and don't see that large of a file. Not sure why you're getting that. (⎈ |docker-desktop:default) Gabrail-Windows:sam:~/Deployment_Linux/Vault/Training/vault-101/Section06-Starting_a_Production_Vault_Server/vault/data$ll total 196K drwxr-xr-x 3 sam sam 4.0K Feb 18 16:53 . drwxr-xr-x 3 sam sam 4.0K Feb 18 16:52 .. drwxr-xr-x 3 sam sam 4.0K Feb 18 16:53 raft -rw------- 1 sam sam 180K Mar 2 17:34 vault.db (⎈ |docker-desktop:default) Gabrail-Windows:sam:~/Deployment_Linux/Vault/Training/vault-101/Section06-Starting_a_Production_Vault_Server/vault/data$du -h ./vault.db 184K ./vault.db

Thank you!

Sorry for the late reply. I haven't seen this. There is an old discussion here, but seems to not be resolved discuss.hashicorp.com/t/vault-integration-with-aws-sso-saml-2-0/5461

You're welcome!

Glad it was helpful!

Hi Maitheen, we use groups to group entities. I go into much more details with examples in my course: courses.tekanaid.com/p/hashicorp-vault-101-certified-vault-associate You can also read this tutorial from HashiCorp: learn.hashicorp.com/tutorials/vault/identity

Thank you!

best way is to either use the Terraform provider for Vault or use the Vault API

Glad it was helpful!

Thank you!

Glad you enjoyed it!

This error message is indicating that the Vault server is unable to write to the specified log file path "./logs/vault_audit.log" due to a permission denied error. This could be caused by a few things: The directory "./logs" does not exist and needs to be created. The user running the command does not have permission to write to the specified directory. The permissions on the directory are not set correctly and need to be changed. You can check the directory is present or not using ls -ld ./logs and check the permissions of the directory using ls -ld /path/to/logs . You may need to adjust the permissions on the directory to allow the user running the command to write to it or you can run the command with root or sudo.