openbao icon indicating copy to clipboard operation
openbao copied to clipboard
verified publisher icon openbao

Openbao as ACME Client or Proxy

Open smehrens opened this issue 2 months ago • 1 comments

Many CA Providers implement acme protocol.

It would be great if openbao implement acme client features to request, renew and store TLS Certs from a acme Server.

  • Internal servers would be able to get a valid certificate.
  • User could get a x509 / smime Cert..
  • Zertificates are stored secure in openbao.
  • Permission Policies could control Certificate requests.
  • DNS and HTTP Challenge could be done on a single system.

I am currently written certbot scripts to manage acme Certs outside and write them to openbao for storage and access control, but the certs are not protected by certbot in any way.

Thanks

smehrens avatar Oct 21 '25 12:10 smehrens

Hey @smehrens -- have you seen https://github.com/remilapeyre/vault-acme ? It is not very active, but I think it solves this need.

cipherboy avatar Nov 14 '25 20:11 cipherboy