/vault-maturity

Hashicorp Vault Maturity Assessment

GNU General Public License v3.0GPL-3.0

Vault Maturity Assessment

Vault Maturity Assessment

Secrets Management

  1. Describe the workflow for provisioning new secrets.

    Response:

  2. What types of secrets are stored in Vault, and how are they organized?

    Response:

  3. Detail how fine-grained access controls to secrets are defined and enforced.

    Response:

  4. Provide the procedure for automated secret rotation.

    Response:

  5. How are secrets management policies documented, approved, and enforced?

    Response:

  6. What is the incident response plan in the event of unauthorized access to a secret?

    Response:

Infrastructure as Code (IaC)

  1. Which IaC tools are used for managing Vault infrastructure, and why were they chosen?

    Response:

  2. Explain the process for making and approving changes to the IaC codebase.

    Response:

  3. How is the state of the Vault infrastructure managed and preserved?

    Response:

Disaster Recovery

  1. Outline the backup process for Vault.

    Response:

  2. When was the last disaster recovery drill performed, and what were the results?

    Response:

  3. What is your RTO for Vault, and how was it determined?

    Response:

High Availability and Scalability

  1. Describe the architecture of your high-availability Vault setup.

    Response:

  2. Detail any load testing performed to ensure Vault can handle peak loads.

    Response:

  3. What are the failover procedures for Vault, and how are they tested?

    Response:

Performance Monitoring

  1. What specific tools are used for Vault monitoring, and what metrics are collected?

    Response:

  2. Detail the alerting strategy for Vault. Who receives alerts and what is the response plan?

    Response:

  3. How were performance baselines established, and how often are they reviewed?

    Response:

Production Observation

Installation and Configuration

  1. How do you manage version control of Vault configuration files?

    Response:

  2. How are secrets within the configuration files managed and rotated?

    Response:

Security Configuration

  1. Provide details on the ciphers, protocols, and certificates used for TLS.

    Response:

  2. How are ACLs structured and reviewed?

    Response:

System Integration

  1. How is Vault integrated with existing identity management solutions?

    Response:

  2. Describe the mechanism services use to authenticate with Vault.

    Response:

Logging and Auditing

  1. Where are audit logs stored, and how is their integrity protected?

    Response:

  2. Can you provide a summary of the incident response plan that includes Vault logs?

    Response:

Operational Readiness

  1. Are there comprehensive runbooks for operational tasks related to Vault?

    Response:

  2. What training do operations personnel undergo for managing Vault?

    Response:

Hardening Assessment

Vault Initialization and Unseal

  1. Describe the process for generating and distributing unseal keys.

    Response:

  2. How do you ensure the security of the unseal process?

    Response:

Policy as Code

  1. Explain how policies are defined as code, including the tools and languages used.

    Response:

  2. Detail the change management process for Vault policy-as-code.

    Response:

Secrets Engines and Authentication Methods

  1. Justify the use of each enabled secrets engine.

    Response:

  2. Describe the security measures in place for each enabled authentication method.

    Response:

Network Hardening

  1. Detail all network controls in place and their configuration.

    Response:

  2. Explain the network segregation practices and their effectiveness.

    Response:

Data Protection

  1. Provide a detailed description of the encryption standards used for data at rest.

    Response:

  2. Describe the measures in place to detect and prevent data exfiltration.

    Response: