Is it possible to retrieve previously uploaded intermediate certificate at ca_name/intermediate/set-signed from hashicorp Vault using cli
Want to know cli command
Related
is there any possibility to use certificate stored in azure key vault directly?
We have environment based certificate and they are stored in different key-vault on azure.
Inside spring-kafka configuration, is there any possibility to direct point to an azure certificate? for example,
ssl:
trust-store-type: AzureKeyVault
trust-store-alias: <
I have explored all related documentation provided by Microsoft and other related blogs to Azure key vault but have been unable to find how to get a Secret from Azure Key Vault using Perl scripting.
Does Microsoft support reading Secret value from Azure Key Vault using Perl?
You can use a REST client such as REST::Client and call the Get Secret endpoint.
For Azure AD authentication you will need to use an Oauth2 library such as Net::OAuth2::AuthorizationServer.
For more information take a look to Authentication in Azure Key Vault.
I am using jboss/keycloak docker image (uses wildfly as app server) and we are leveraging keycloak as an identity broker and user federation. I want to store the keycloak specific secrets in hashicorp vault, and basically access these secrets at runtime.
The identity service is written in java where I have created a customized vault (hashicorp) provider using the vault spi. I have used this extension to add the vault provider.The provider is integrated now, and I am able to see it in the provider list. Wanted to check how can I store and retrieve keycloak secrets (like realm ids, ldap credentials, external tokens etc) from this vault.
I set up vault backed by a consul cluster. I secured it with https and am trying to use the cli on a separate machine to get and set secrets in the kv engine. I am using version 1.0.2 of both the CLI and Vault server.
I have logged in with the root token so I should have access to everything. I have also set my VAULT_ADDR appropriately.
Here is my request:
vault kv put secret/my-secret my-value=yea
Here is the response:
Error making API request.
URL: GET https://{my-vault-address}/v1/sys/internal/ui/mounts/secret/my-secret
Code: 403. Errors:
* preflight capability check returned 403, please ensure client's policies grant access to path "secret/my-secret/"
I don't understand what is happening here. I am able to set and read secrets in the kv engine no problem from the vault ui. What am I missing?
This was a result of me not reading documentation.
The request was failing because there was no secret engine mounted at that path.
You can check your secret engine paths by running vault secrets list -detailed
This showed that my kv secret engine was mapped to path kv not secret as I was trying.
Therefore running vault kv put kv/my-secret my-value=yea worked as expected.
You can enable secret engine for specific path
vault secrets enable -path=kv kv
https://www.vaultproject.io/intro/getting-started/secrets-engines
You need to update secret/my-secret to whichever path you mounted when you enable the kv secret engine.
For example, if you enable the secret engine like this:
vault secrets enable -version=2 kv-v2
You should mount to kv-v2 instead of secret
vault kv put kv-v2/my-secret my-value=yea
We have a lot of user P12 files (certificates) for each clients/tenant and we would like to store it securely. We don't use cloud solution like Amazon, Azure Keyvault or other datacenter solution but a hosting company.
Do you have any solution ? Vault from Hashicorp
You can use Vault to manage your own PKI and issue certificates instead. In fact, it is more than that,
From using Hashicorp Vault to manage PKI and issue certificates
Vault allows you to manage an entire Public Key Infrastructure (PKI)
to ensure secure communication among different services. This allows
companies to easily setup their own certificate authority (CA), revoke
or issue new certificates using simple API calls, thus dumping the
painful process of constantly generating self-signed certificates.
You can checkout this guide for the process of using Vault to generate and issue certificates.