Endpoint ignored these unrecognized parameters: [key_bits]


I generate certificates with commands like

vault write -format=json some/path/issue/san common_name=“server.mynet.internal” alt_names=“server.mynet.internal” ip_sans=“” key_bits=“4096” ttl=“34387200”

That works fine, but I get 2048 bit keys. And I see this warning:
“warnings”: [
“Endpoint ignored these unrecognized parameters: [key_bits]”

I tested the versions 1.15.4, 1.6 and 1.3.2.

What is the propper way to define the key length?



When using the issue endpoint the key size that Vault will generate comes from the value in the specified role. key_bits is not a parameter for that endpoint, but solely when generating CA certificates.

From your example above, you would need to modify the key_bits field of the san role to 4096.