hashicorp
Import existing pem/pfx files in Vault
Is it possible to import an existing .pem or .pfx cert file in vault as a certificate object (and not as a generic key/value secret)? One of the use cases is to mount this certificate directly in kubernetes using the vault injector. Another handy feature would be to include the expiration date of this cert and get an alert when it is about to expire etc. I know you can do this with Azure Key Vault for example.
Hi @virtrixke , Vault's KV store currently doesn't support this. However, you can still mount a certificate directly in Kubernetes with Vault. Thanks!
Edit: I'm going to keep this open as a feature request for now, in case we are able to support structured data storage in the future.
hi @HridoyRoy , can you elaborate on the direct mount capability? This feature would definitely be appreciated by a lot of people and would put you on par with a competitor, any idea if/when this can be put on the roadmap?
To elaborate a bit, you should be able to add those cert files as key/value secrets and have the vault injector and vault Agent render them to a file on the container's filesystem. We don't have any automated expiration warnings at this time.
There seems to be a character limit which is not allowing us to store the cert. Is there a way to secure the certificate via KV engine? How can we get past the value limit in KV engine? Is there a way pem files are to be upload to vault specifically KV engine?
Yeah, was planning to do the exact same thing but might be that I will have to look for something else ?
Our use case is also for website certificates. These are classic , manually generated certs that we want to deploy in our systems. I figured we can store them in Vault and be done with it.
Update: We are using internal storage and it seems to have worked. A file upload + download from UI for the key would be great since copy pasting files is error prone. We where lucky because the certs arein text format.
