You are using Vault CLI and enable the database secrets engine on the default path of database/. However, the DevOps team wants to enable another database secrets engine for testing but receives an error stating the path is already in use. How can you enable a second database secrets engine using the CLI?
Comprehensive and Detailed In-Depth
Vault mounts secrets engines at unique paths, and only one engine can occupy a given path (e.g., database/). To enable a second database secrets engine, you must specify a different path using the -path flag: vault secrets enable -path=database2 database mounts a new instance at database2/. The type (database) defines the engine, and -path customizes its location, avoiding conflicts.
A: Incorrect syntax; lacks -path and misplaces database2/.
B: -force doesn't create a new path; it overwrites an existing engine, which isn't the goal.
D: Omits -path and engine type, making it invalid.
The secrets engine tutorial confirms -path is required for multiple instances of the same engine type.
Secrets Engines Tutorial
Secrets Enable Command
Using the Vault CLI, there are several ways to create a new policy. Select the valid commands (Select three)
Comprehensive and Detailed in Depth
Vault provides multiple valid ways to create a policy via the CLI using the vault policy write command. The HashiCorp Vault documentation states: 'To write a policy, use the vault policy write command.' The valid methods are:
A: 'vault policy write my-policy - << EOF ... EOF uses heredoc syntax to inline policy content, which Vault accepts directly.'
C: 'vault policy write my-policy /tmp/policy.hcl writes a policy from a file, a standard method per the docs: 'The policy can be read from a file or piped from stdin.''
D: 'cat user.hcl | vault policy write my-policy - pipes policy content from a file via stdin, another documented approach: 'You can pipe the policy content to the command using -.''
Option B, vault policy create, is invalid as no such command exists---only vault policy write is used. Thus, A, C, and D are correct.
HashiCorp Vault Documentation - Policies: Write a Policy
After encrypting data using the Transit secrets engine, you've received the following output. Which of the following is true based on the output displayed below?
Key: ciphertext Value: vault:v2:45f9zW6cglbrzCjI0yCyC6DBYtSBSxnMgUn9B5aHcGEit71xefPEmmjMbrk3
Comprehensive and Detailed in Depth
A: v2 shows the key was rotated once. Correct.
B: Transit doesn't store data. Incorrect.
C: v2 is the key version, not data version. Incorrect.
D: No transit v2 option exists. Incorrect.
Overall Explanation from Vault Docs:
''Ciphertext is prepended with the key version (e.g., v2)... Indicates rotation.''
After decrypting data using the Transit secrets engine, the plaintext output does not match the plaintext credit card number that you encrypted. Which of the following answers provides a solution?
$ vault write transit/decrypt/creditcard ciphertext="vault:v1:cZNHVx+sxdMEr......."
Key: plaintext Value: Y3JlZGl0LWNhcmQtbnVtYmVyCg==
Comprehensive and Detailed in Depth
A: Sealing would prevent decryption, not return encoded data. Incorrect.
B: Permission issues don't return encoded data. Incorrect.
C: Transit returns base64-encoded plaintext; decoding Y3JlZGl0LWNhcmQtbnVtYmVyCg== yields ''credit-card-number''. Correct.
D: No evidence of corruption; it's a format issue. Incorrect.
Overall Explanation from Vault Docs:
''All plaintext data must be base64-encoded... Decode it to reveal the original value.''
A user issues the following cURL command to encrypt data using the transit engine and the Vault AP:

Which payload.json file has the correct contents?
A.

B.

C.

D.

The payload.json file that has the correct contents is C. This file contains a JSON object with a single key, ''plaintext'', and a value that is the base64-encoded string of the data to be encrypted.This is the format that the Vault API expects for the transit encrypt endpoint1. The other files are not correct because they either have the wrong key name, the wrong value format, or the wrong JSON syntax.
Encrypt Data - Transit Secrets Engine | Vault | HashiCorp Developer
Edward White
12 days agoKevin Allen
22 days agoBrian Torres
1 month agoDeborah Cook
2 months agoDaniel Hernandez
2 months agoJoseph Wilson
2 months agoAmanda Perez
2 months agoCharles Allen
2 months agoChristopher Rogers
2 months agoAmanda Green
2 months agoCecilia
3 months agoSelma
3 months agoMary
3 months agoBilly
4 months agoTimothy
4 months agoDesmond
4 months agoHorace
4 months agoBrinda
5 months agoViola
5 months agoFiliberto
5 months agoJustine
5 months agoYoko
6 months agoNoemi
6 months agoCory
6 months agoJovita
6 months agoErinn
7 months agoFlorinda
7 months agoKathrine
7 months agoBok
7 months agoGlory
8 months agoLynna
8 months agoLawrence
8 months agoDesmond
8 months agoDewitt
9 months agoAileen
9 months agoMarlon
9 months agoShonda
9 months agoFletcher
9 months agoEloisa
9 months agoEdna
10 months agoAmos
10 months agoDominga
10 months agoEliz
12 months agoCorinne
1 year agoAlaine
1 year agoMalcolm
1 year agoAnnice
1 year agoHubert
1 year agoLizbeth
1 year agoAmie
1 year agoRolland
1 year agoKristeen
1 year agoDella
1 year ago