HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
Vault
Vault Home

Manage certificates with Vault

Create, renew, and manage certificates with Vault.

6 tutorials
  • Interactive
    59min
    Build your own certificate authority (CA)
    Generate certificates using the PKI secrets engine as an Intermediate-Only certificate authority which potentially allows for higher levels of security.
    • Vault
    • Video
  • 18min
    Build a certificate authority (CA) in Vault with an offline root
    Create a Certificate Authority (CA) with an offline root and intermediate CAs in Vault.
    • Vault
    • Terraform
  • Interactive
    16min
    Manage certificates with ACME clients and the PKI secrets engine
    Enable ACME in Vault's PKI secrets engine and configure Caddy to automate TLS certificate lifecycle management.
    • Vault
    • Video
  • 26min
    PKI Unified CRL and OCSP with cross cluster revocation
    Use Vault's PKI secrets engine unified CRL and OCSP feature with Performance Replication cross cluster certificate revocation.
    • Vault
  • 15min
    Generate certificates with HSM or KMS managed keys
    Demonstrate the use of managed keys allowing PKI secrets engine to delegate the private key management to the trusted external KMS.
    • Vault
  • 17min
    Use PKI with external policy services
    Manage PKI with custom policies from an external policy service that operates outside of Vault.
    • Vault