Import Certificates to Vault
2,358 views
Skip to first unread message
Jan Bernhardt
Jan 16, 2017, 11:30:42 AM1/16/17
to Vault
Hi, is it possible to just import a certificate to the PKI backend?
As far as I understand the documentation, you can only generate new certificates within the PKI backend, but I would like to generate my certificates outside of vault but make the certificates available via vault.
Best regards
Jan
Michael Fischer
Jan 16, 2017, 11:49:44 AM1/16/17
to vault...@googlegroups.com
Yes, you absolutely can. See the documentation for /pki/config/ca at https://www.vaultproject.io/docs/secrets/pki/index.html
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/14f16634-1194-40f1-b79b-d9c06c5f8a09%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Michael Fischer
Jan 16, 2017, 11:50:33 AM1/16/17
to vault...@googlegroups.com
Oh, dear. I misread that. You can't use the PKI backend for that, but you can use the generic secrets backend for that.
Jan Bernhardt
Jan 17, 2017, 2:29:44 AM1/17/17
to Vault
Too bad. I liked the /pki/ca(/pem) API, because it makes it easy to use in existing applications without the need to handle JSON.
Am Montag, 16. Januar 2017 17:50:33 UTC+1 schrieb Michael Fischer:
Oh, dear. I misread that. You can't use the PKI backend for that, but you can use the generic secrets backend for that.
On Mon, Jan 16, 2017 at 8:48 AM, Michael Fischer <mfis...@zendesk.com> wrote:
Yes, you absolutely can. See the documentation for /pki/config/ca at https://www.vaultproject.io/docs/secrets/pki/index.html
On Mon, Jan 16, 2017 at 8:30 AM, Jan Bernhardt <4.jan.b...@gmail.com> wrote:
Hi, is it possible to just import a certificate to the PKI backend?As far as I understand the documentation, you can only generate new certificates within the PKI backend, but I would like to generate my certificates outside of vault but make the certificates available via vault.Best regardsJan
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
Vishal Nayak
Jan 17, 2017, 9:47:00 AM1/17/17
to vault...@googlegroups.com
Hi Jan,
Vault manages the lifecycle of the secrets issued by its backends. In
PKIs case, it will revoke the certificates when the leases associated
with them expire. If the certificates are generated outside of Vault,
it is not possible for Vault to manage it.
Regards,
Vishal
On Tue, Jan 17, 2017 at 2:29 AM, Jan Bernhardt
> https://groups.google.com/d/msgid/vault-tool/c468d0f1-68de-48d1-9889-35b671210458%40googlegroups.com.
--
vn
Vault manages the lifecycle of the secrets issued by its backends. In
PKIs case, it will revoke the certificates when the leases associated
with them expire. If the certificates are generated outside of Vault,
it is not possible for Vault to manage it.
Regards,
Vishal
On Tue, Jan 17, 2017 at 2:29 AM, Jan Bernhardt
--
vn
Reply all
Reply to author
Forward
0 new messages