Public Key Infrastructure (PKI) provides a way to verify authenticity and guarantee secure communication between applications. Setting up your own PKI infrastructure can be a complex and very manual process. Vault PKI allows users to dynamically generate X.509 certificates quickly and on demand. Vault PKI can streamline distributing TLS certificates and allows users to create PKI certificates with a single command. Vault PKI reduces overhead around the usual manual process of generating a private key and CSR, submitting to a CA, and waiting for a verification and signing process to complete, while additionally providing an authentication and authorization mechanism to validate as well. See below for getting started guides and documentation.
The Vault PKI Secrets Engine provides a secure way to streamline management of X.509 certificates. The secrets engine allows services to get certificates without going through the usual manual processes.
This article provides a background on common steps around and stages of HashiCorp Vault deployment and adoption, based both on software best practice and experience in deploying Vault at scale in large organizations.