Deploy a three-node Vault cluster and configure the ejbca-vault-pki-engine plugin to issue certificates from EJBCA through Vault.
HashiCorp Vault is a tool for managing sensitive information such as API keys, passwords, and certificates. It offers a unified interface for accessing any secret and includes access control and audit log functionality.
Engineers who are looking for a unified solution can benefit from the integration of EJBCA and HashiCorp Vault. The solution simplifies certificate issuance by providing a single CA/PKI platform for multiple needs and ensuring consistent security policies to comply with regulatory standards.
In this tutorial, you will learn how to deploy the EJBCA Vault plugin in a highly available (HA) HashiCorp Vault deployment. You will learn how to create a role in EJBCA for the EJBCA Vault plugin and understand how easy it is to issue certificates from EJBCA.
Here are the steps:
Before you begin, you need Kubernetes running in the background. To download and install, refer to the YouTube Tutorials to Install MicroK8s and deploy the EJBCA container.
You also need a running EJBCA instance with an active Certificate Authority (CA) in EJBCA, certificate and end-entity profiles, and roles configured. To learn how to configure a certificate profile template and CA-defined default values, see the tutorial Create a PKI Hierarchy in EJBCA.
Additionally, you should have a basic understanding of how to use the Kubernetes command line tool kubectl.
Check out the supplementary documentation that goes hand-in-hand with our tutorial video.
Get your hands on the EJBCA Docker container by downloading it now.
Take a peek at our tutorial video on YouTube, and browse through some of our other videos as well.
You find the EJBCA PKI Secrets Engine for HashiCorp Vault on GitHub together with some additional documentation
You can ask your questions and learn from PKI specialists in the EJBCA forum on GitHub Discussions.