PKI secrets engine
The PKI secrets engine generates dynamic X.509 certificates.
Use case
Quickly create X.509 certificates on demand and reduce the manual overhead.
Challenge
Organizations should protect their infrastructure. However, traditional PKI process workflow takes a long time, which motivates organizations to create certificates which do not expire for a year or more.
Solution
Vault's PKI secrets engine can dynamically generate X.509 certificates on demand. This allows services to acquire certificates without going through the usual manual process of generating a private key and Certificate Signing Request (CSR), submitting to a Certificate Authority (CA), and then waiting for the verification and signing process to complete.
The PKI secrets engine generates dynamic X.509 certificates.
API documentation for the Vault PKI secrets engine.
The cert auth method allows authentication using SSL/TLS client certificates which are either signed by a CA or self-signed.
Use Vault to create X.509 certificates for usage in Mutual Transport Layer Security (MTLS) or other arbitrary PKI encryption.
Create the CA chain hierarchy with an offline root and online intermediate CAs in Vault.
Cert-manager enables Vault's PKI secrets engine to dynamically generate X.509 certificates within Kubernetes.
Certificates are at the nexus of modern secure communication. This will show you how to leverage Vault to quickly and securely generate PKI (x509) and SSH certificates. A demo showing how to leverage this information will help give you ideas how to integrate this into your environments.