- Describe the workflow for provisioning new secrets.
Response:
- What types of secrets are stored in Vault, and how are they organized?
Response:
- Detail how fine-grained access controls to secrets are defined and enforced.
Response:
- Provide the procedure for automated secret rotation.
Response:
- How are secrets management policies documented, approved, and enforced?
Response:
- What is the incident response plan in the event of unauthorized access to a secret?
Response:
- Which IaC tools are used for managing Vault infrastructure, and why were they chosen?
Response:
- Explain the process for making and approving changes to the IaC codebase.
Response:
- How is the state of the Vault infrastructure managed and preserved?
Response:
- Outline the backup process for Vault.
Response:
- When was the last disaster recovery drill performed, and what were the results?
Response:
- What is your RTO for Vault, and how was it determined?
Response:
- Describe the architecture of your high-availability Vault setup.
Response:
- Detail any load testing performed to ensure Vault can handle peak loads.
Response:
- What are the failover procedures for Vault, and how are they tested?
Response:
- What specific tools are used for Vault monitoring, and what metrics are collected?
Response:
- Detail the alerting strategy for Vault. Who receives alerts and what is the response plan?
Response:
- How were performance baselines established, and how often are they reviewed?
Response:
- How do you manage version control of Vault configuration files?
Response:
- How are secrets within the configuration files managed and rotated?
Response:
- Provide details on the ciphers, protocols, and certificates used for TLS.
Response:
- How are ACLs structured and reviewed?
Response:
- How is Vault integrated with existing identity management solutions?
Response:
- Describe the mechanism services use to authenticate with Vault.
Response:
- Where are audit logs stored, and how is their integrity protected?
Response:
- Can you provide a summary of the incident response plan that includes Vault logs?
Response:
- Are there comprehensive runbooks for operational tasks related to Vault?
Response:
- What training do operations personnel undergo for managing Vault?
Response:
- Describe the process for generating and distributing unseal keys.
Response:
- How do you ensure the security of the unseal process?
Response:
- Explain how policies are defined as code, including the tools and languages used.
Response:
- Detail the change management process for Vault policy-as-code.
Response:
- Justify the use of each enabled secrets engine.
Response:
- Describe the security measures in place for each enabled authentication method.
Response:
- Detail all network controls in place and their configuration.
Response:
- Explain the network segregation practices and their effectiveness.
Response:
- Provide a detailed description of the encryption standards used for data at rest.
Response:
- Describe the measures in place to detect and prevent data exfiltration.
Response: