Interview › Security & DevSecOps
What is secrets management, and how does HashiCorp Vault work at a high level? [Intermediate]
Answer
Secrets management is the controlled storage, access, rotation, and audit of sensitive values such as passwords, API keys, certificates, and tokens. HashiCorp Vault works by authenticating clients, authorizing them through policies, and serving secrets from engines such as KV, database, PKI, transit, or cloud engines.
Technical explanation
Vault centralizes access control and audit logging for secrets.
Clients authenticate using methods such as Kubernetes auth, AppRole, OIDC, or cloud IAM.
Policies define which paths a client can read, write, or generate, and leases control secret lifetime.
Hands-on example
Hands-on: enable Kubernetes auth, bind service account payments-api to Vault role payments, allow it to read only secret/data/payments/config, and deliver the secret through Vault Agent Injector or the Vault Secrets Operator rather than storing it in Git.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Security & DevSecOps interview questions
- What is DevSecOps, and how does it differ from traditional security gating at the end? [Basic]
- What does shift-left security mean, and why does it matter? [Basic]
- What is the difference between SAST, DAST, IAST, and SCA? [Basic]
- When in the pipeline does each of SAST, DAST, and SCA run? [Basic]
- What is the difference between SAST and DAST, and what does each catch and miss? [Basic]
- What is software composition analysis (SCA), and why does it matter for dependencies? [Basic]
- What is SonarQube, and what does it analyse? [Basic]
- Is SonarQube primarily SAST, code quality, or both? [Basic]