How to store apache web server's SSL certificates and keys in vault

I have apache web server and it’s ssl certificates currently resides on running machine. Is it possible to store them in vault ?

Yes. Two main ways depending on your use case.

1). https://www.vaultproject.io/docs/auth/cert

2). https://www.vaultproject.io/api-docs/secret/kv/kv-v2

Hope that helps!

1 Like

Thank you. But can you bit elaborate more on high level how to achieve this. For Apache web server we need to give certificates from file location. We can store that certificate on vault then use script to download it to apache server then use it. But in that case why we need vault because we download it to apache server and that would be same risk as previously ( any one access to apache server can get the certificate)

The PKI Secrets engine enables vault service to generate dynamic X.509 certificates for internal workloads with minimal effort. Through the PKI secrets engine, applications can programmatically
obtain a TLS cert at runtime without all the pain points… Benefits include short TTL, revocations are not really needed, and automation.

`Vault secrets enable -path=pki_int_1 pki`

Follow steps for PKI Secrets Engine from there… Does this help with your use case?

1 Like