A deep-dive into running Vault's PKI secrets engine in production: two-tier CA hierarchy, auto-rotating certificates, cert-manager integration, SPIFFE SVIDs, the revocation story, and operational hardening.
Pki
-
Vault PKI Secrets Engine in Production: Intermediate CAs, cert-manager, and Short-Lived Certificates as a Security Primitive -
Vault Beyond Secrets: PKI, SSH CA, and Dynamic DB Credentials The parts of HashiCorp Vault that beat a key-value store — dynamic database credentials generated on demand, a PKI engine for short-lived certificates, an SSH CA, and transit encryption — and how to put them into production.
-
Secrets Management with HashiCorp Vault A practical guide to HashiCorp Vault — deploying it in production, using dynamic secrets, issuing certificates with the PKI engine, authenticating workloads with AppRole and Kubernetes auth, and integrating with CI/CD pipelines.