Building Lab on your local environment for Vault Associate Certification

Sometimes ago in Sept 22 I just finished my vault associate certification that has been delayed many times ( maybe already 3 or 4 times rescheduled haha ). This lab helped me as everything that I need to test are in the lab including testing AWS Dynamic Secret Engine in Vault so I can test it quickly.

Introduction

Sometimes it’s not enough to just read an example and documentation when we want to learn some tools. To make our learning experiences more rich and it can help us turn the wordy documentation to something that are more easier for our brain to digest.

This article has a purpose to quickly deploy what we need to testing some example by ourselves for Vault Associate Certification.

Scope

We will learn 3 things in this article, covering:

1. What we need to prepare for running the lab.
2. How to run the lab.
3. How to access the lab.

Preparing the environment

Configuring VirtualBox

Before configuring VirtualBox we need to make sure that our host has already have it installed. After that we need to configure the private-network in VirtualBox so that we can access it using static IP and doesn’t need to do port forwarding.

localstack.vm.network "private_network", ip: "192.168.241.10",
name: "VirtualBox Host-Only Ethernet Adapter #4"

Above are the network configuration that we use in our lab. So you need to add a new network by going to tools and choose Network :

After that you just need create a new network by clicking create network button :

Change the configuration based on what you get from VirtualBox, in this case we got Name: VirtualBox Host-Only Ethernet Adapter #4 with associated subnet 192.168.241.1/24 and you need to set it in the configuration with the desired static IP in this case we choose 192.168.241.10

Other Dependencies

For other dependencies we just need Vagrant that you can easily install following tutorial from Hashicorp docs:

Install Vagrant | Vagrant | HashiCorp Developer

When you are using windows you can use chocolatey to install it quickly.

Before we start the lab you need to pull repository first from below repository and you will found there is multiple file in that repo consist of:

1. Vagrantfile is a file that define deployment file for vagrant box.
2. Taskfile.yaml is a file that we will use to automate script for installing dependencies and running the apps.

GitHub - EsTelite/vault-local-lab: Vault local deployment using vagrant

Running the lab

After you finished install and prepare in step before we can continue start the lab by following below step:

1. Open CMD/PowerShell terminal and change directory to pulled repository.
2. Start vagrant by using command vagrant up after that it will start to bring up the virtual machine and install all packages. It will take some times, please wait patiently. If you are having a problem and got an error “Timed out while waiting for the machine to boot.” you can run vagrant halt and start again vagrant up

So we successfully create the box and install dependencies, after that we can do:

1. SSH to our box using vagrant ssh and move to vagrant shared directory by run command cd /vagrant/ as you already on vagrant shared directory and it has Taskfile we can start service/apps that we need.
2. Install all dependencies using task install-all and it will start the installation.
3. Start vault by starting task start-vault using command task start-vault and the vault will be started in dev mode, if you want to customize something just go to Taskfile and edit here.
4. Open a new terminal and do vagrant ssh again, and start localstack using localstack start , this will pull docker image so you need to wait a bit for the localstack to be started.

task start-vault

localstack log

Interacting With the Lab

For interacting with the cli we can access it using vagrant ssh as usual. As for accessing other services that you need in VM on Host you can access it via IP Static that we already set before.

Below are the example when we want to access Vault UI, we can directly access it on 192.168.241.10:8299 as vault listen on localhost:8200 so we need to create socat for this, as for other service that listen on all interface you doesn’t need to setup forwarding.

Vault Web UI

For accessing localstack we can access it using awslocal , for example we want to list s3 bucket we can do it using awslocal s3 ls

awslocal cli

Conclusion

Using local lab as one of means to assist learning help me to learn how the tools works and quickly testing things as when we are using real environment it takes time to prepare the environment.

Hope this automated deployment can help you prepare certification or learn how the tools work quickly.

If you have any question don’t hesitate to ask me on linkedin at https://www.linkedin.com/in/riski-cahyadi-381977130/ or just ask at the medium comment.