Using PKI with Vault

Public Key Infrastructure (PKI) provides a way to verify authenticity and guarantee secure communication between applications. Setting up your own PKI infrastructure can be a complex and very manual process. Vault PKI allows users to dynamically generate X.509 certificates quickly and on demand. Vault PKI can streamline distributing TLS certificates and allows users to create PKI certificates with a single command. Vault PKI reduces overhead around the usual manual process of generating a private key and CSR, submitting to a CA, and waiting for a verification and signing process to complete, while additionally providing an authentication and authorization mechanism to validate as well. See below for getting started guides and documentation.

Explore HashiCorp Learn

Explore Documentation

Learn how to integrate PKI in Vault

Build Your Own Certificate Authority (CA)

In this Learn Guide we will walk through building our own certificate authority using Vault PKI Secrets Engine.

Link to Guide

X.509 Certificate Management with Vault

In this blog post, we will look at practical public key certificate management in Vault, which uses a dynamic secrets approach.

Link to Guide

Secure Introduction With Vault and Kubernetes

In this session, we look at Vaults capabilities when interacting with Kubernetes. We’ll review Injecting secrets, account tokens, and much more.

Link to Guide

Documentation

PKI Secrets Engine

The Vault PKI Secrets Engine provides a secure way to streamline management of X.509 certificates. The secrets engine allows services to get certificates without going through the usual manual processes.

Link to Guide

PKI Secrets Engine (API)

This is the API documentation for the Vault PKI secrets engine and covers all aspects of interacting and automating workflows with Vault’s PKI infrastructure.

Link to Guide

Adopting HashiCorp Vault

This article provides a background on common steps around and stages of HashiCorp Vault deployment and adoption, based both on software best practice and experience in deploying Vault at scale in large organizations.

Link to Guide

When to consider Vault Enterprise?

Open Source

Technical Complexity

Vault Open Source addresses the technical complexity of managing secrets by leveraging trusted identities across distributed infrastructure and clouds.

View Open Source Features

Enterprise

Organizational Complexity

Vault Enterprise addresses the organizational complexity of large user bases and compliance requirements with collaboration and governance features.

View Enterprise Features

Ready to get started?

Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.

Explore HashiCorp Learn

Explore Documentation

Using PKI with Vault

Learn how to integrate PKI in Vault

Build Your Own Certificate Authority (CA)

X.509 Certificate Management with Vault

Secure Introduction With Vault and Kubernetes

Documentation

PKI Secrets Engine

PKI Secrets Engine (API)

Adopting HashiCorp Vault

When to consider Vault Enterprise?

Technical Complexity

Organizational Complexity

Ready to get started?

Related Resources

TGI Vault: Securing Kafka with Vault PKI

Streamline Certificate Management

Integrating Security with Speed in the HashiCorp DevOps Lifecycle