PKI infrastructure using Hashicorp Vault

So today we will quickly go through setting up vault as our PKI backend. Capabilities of vault are much more to what is shown here as we are just touching several out of many more options from Hashicorp Vault.

Idea here will be to create root CA and then intermediate CA to provide our users/servers with certificates based on our needs. Since I already have been playing a bit with vault I prepared myself quick script. But before we go there we have a list of pre requisites need for all of this to work:

Building quickly vault server when you have a docker engine is easy as running

which will bring up our container. From there we need to grab token ID which we will use later for calls to our servers.

 

Export the values

 

Once done you can grab my init script below

Be sure to modify URL for your vault server and off you go 🙂

 

To create certificate you need to create a role and then make a request for issuing one

 

This will get you started. And in one of next posts we will use this infra for our HAproxy

Leave a Reply

Your email address will not be published. Required fields are marked *