There are multiple non-production environments, such as DEV, TEST, QA, SIT, PKG, and if we want to manage a separate CA for each environment to sign certs, should we set up a separate vault cluster for each environment?
Is there any way that we can manage all these CA in the same vault cluster?
Hi @deveshmehta
This is a really good question. You won’t need separate clusters, you just need to mount the PKI secrets engine at a different paths for each CA.
So for example you could run the following to manage a CA for dev:
vault secrets enable -path=dev-pki pki
Then the test environment CA would be:
vault secrets enable -path=test-pki pki
and the same for the rest of your environments.
I hope this helps