Can we use PKI with community edition of Vault?

bknowles · May 29, 2025, 7:35pm

Folks – we’ve been using the community edition of Vault for a while to store secrets, etc… However, now we would like to have our own internal Root CA with certs issued via ACME, which I believe can be done with the PKI secrets engine (see PKI secrets engine | Vault | HashiCorp Developer).

However, I’ve done some searching, and it is not clear to me whether or not this is something that can be done with the community edition of Vault, or if it requires the Enterprise edition. Can someone point me at the documentation that I have missed on this subject?

Thanks!

jonathanfrappier · May 29, 2025, 9:04pm

Hi @bknowles

You can use PKI with community. For reference, any features that are enterprise only should have a callout on the page, as well as in the left nav (look below the link you sent at CIEPS - has the ENT label)

bknowles · May 29, 2025, 9:18pm

Much appreciated! I did just find the earlier article at HC Vault Community Edition utilities - #2 by jonathanfrappier which implies the same thing, but I appreciate the confirmation!

Topic		Replies	Views
HC Vault Community Edition utilities Vault	1	442	February 1, 2024
Query about Access to Vault CA Vault	8	591	June 15, 2022
Vault 1.19.0, 1.18.6, 1.17.13, 1.16.17 released! Release Notifications vault-release-ce-ent	0	88	March 6, 2025
Certificates Signed by a Public CA Vault	2	436	December 2, 2021
Vault 1.17.0-rc1, 1.16.3, 1.15.9, and 1.14.13 released! Release Notifications vault-release-ce-ent	0	217	May 30, 2024

Can we use PKI with community edition of Vault?

Related topics