What it does

This skill provides a comprehensive, practical guide for deploying HashiCorp Vault to manage secrets centrally across cloud and Kubernetes environments. It explains HA deployment patterns (Raft), TLS and auto-unseal, authentication backends (AppRole, OIDC, Kubernetes), dynamic database credentials, AWS IAM credential generation, Transit encryption for application-level crypto, and PKI for certificate issuance. The documentation includes config snippets, CLI examples, and operational checks for secure production use.

When to use it

Use this skill when migrating from static, long-lived credentials to dynamic short-lived secrets; when Kubernetes workloads need secure secret injection; when compliance requires auditable credential management; or when you need centralized PKI and encryption-as-a-service. Not targeted at pure AWS-only shops where Secrets Manager suffices.

What's included

Scripts: repository contains scripts and examples for deployment and automation.
References: architecture notes, policy examples, Kubernetes annotations, and sample audit/report output.
Instructions: stepwise actions covering deployment, auth methods, dynamic secret engines, Kubernetes integrations, PKI setup, policy design, and common pitfalls.