Hashicorp Vault- General Usage related queries

Hi ,

Im new to hashicrop vault usage. I need some general information’s.

  1. Can I have LDAP authentication for vault sever and at path level enabling AppRole Login, so that my spring cloud vault can connect to vault using the appRole login and if there are any config change i can do at vault server using LDAP login ??
  2. I have an use case of singing JWT using certificates. Is there are any possibility to read certificates from vault??
    I have generated signed certificate from Vault server but i need to dynamically read those in my spring application as similar to what im doing for secrets. - Is there any possibility of doing it and need reference for the same.

Thanks for any help.

1 - Yes. You can have multiple auth methods on Vault. You can even tie a single Vault entity to multiple auth methods/logins, see here for that https://learn.hashicorp.com/vault/identity-access-management/iam-identity
2 - Vault can generate certs and act as your CA or intermediate CA. I’m not familiar w/ this use case to answer authoritatively, though… I think your Spring app would just ask Vault’s PKI engine for a certificate, Vault will generate and return the cert, and Spring would use it. If you need to store existing certs, or have an app come back multiple times to get the cert, that’s another issue.

Do you want to reuse the same certificate generated?

As far as I know, you can only read a private key once, upon certificate creation.
If you want to create and read it dynamically, then I believe you would have to:

  1. Call Vault’s api and request a certificate
  2. Get the response back with your cert and the private key
  3. Save the set back to Vault in the secrets backend
  4. And then start reusing them along with the private key

I hope I understood the requirements right.