I’ve read through a few guides, I am trying to supply the Vault CA cert and private key to create a secret in Kubernetes as per this:
This shows how to generate said CA certificate:
However there is no mention of how to get the private key while generating the root ca cert nor the intermediate.
Commands such as this:
vault write -format=json pki/root/generate/internal \ common_name="pki-ca-root" ttl=87600h | tee \ >(jq -r .data.certificate > ca.pem) \ >(jq -r .data.issuing_ca > issuing_ca.pem) \ >(jq -r .data.private_key > ca-key.pem)
Do not produce a key, only null.
The only time I can get private keys is when producing subdomain signed certs.
Does anyone know if it’s possible to get the root or intermediate key from a Vault CA?