Importing pre-existing rsa-4096 key as a transit key

Hi, I’ve got an existing homebrew process that I think can be replaced by the Vault Transit secrets engine. One of my constraints is that I have some deployed rsa public keys and no ability to change them, so I need to be able to supply my private key into the Transit engine. Presently, that does not seem to be directly possible (if it is, I would love to know how to do it.) I think there may be an indirect way by creating an exportable key, exporting it, replacing it with my known private key and then restoring it. The format of the json in the export is not very straightforward. Is there any documentation I could follow to help me replace the contents of the export with my known private key?

1 Like