How to use a comma in Vault PKI

tuaris · February 7, 2022, 5:37am

I am using the Vault provider to manage vault_pki_secret_backend_intermediate_cert_request. I would like to use a comma in the organization field:

resource "vault_pki_secret_backend_intermediate_cert_request" "example_v1_ica1_v1" {
    depends_on   = [vault_mount.example_v1_ica1_v1]
    backend      = vault_mount.example_v1_ica1_v1.path
    type         = "internal"
    common_name  = "Example Intermediate CA"
    key_type     = "rsa"
    key_bits     = "4096"
    organization = "Example, Inc."
    ou           = "Example OU"
    country      = "US"
    locality     = "Example Town"
    province     = "Example State"
}

Doing the above results in the following CSR subject:

subject=C = US, ST = Example State, L = Example Town, O = Inc. + O = Example, OU = Example OU, CN = Example Intermediate CA

I tried surrounding by escaped double quotes and it made an even bigger mess:

subject: C = US, ST = Example State, L = Example Town, O = Inc.\" + O = \"Example, OU = Example OU, CN = Example Intermediate CA

smaddock · April 25, 2022, 7:36pm

Just ran into the same thing, the organization field doesn’t seem to accept commas (works fine in OpenSSL).

smaddock · April 25, 2022, 7:38pm

Similar issue in GitHub: Storage consul: allow comma in service_tags · Issue #6832 · hashicorp/vault · GitHub