Hi team,
We are currently using the PKI secrets engine in HashiCorp Vault to issue certificates, and we have ensured that certificate storage is enabled (no_store = false), which allows us to retrieve certificate details via the API/CLI.
However, we are facing a visibility challenge:
-
There is no way in the Vault UI to view a list of issued certificates
-
We cannot see certificate expiry dates
-
There is no built-in dashboard or alerting mechanism for expiring certificates
From an operational standpoint, this makes it difficult to:
-
Track certificate lifecycle
-
Identify certificates that are nearing expiry
-
Avoid potential outages due to expired certificates
We would like to understand:
-
Is there any supported way (current or planned) to view issued certificates and their expiry directly in the Vault UI?
-
Are there any recommended in-product approaches (without external tools) to achieve this visibility?
-
Is this a known limitation, and are there any roadmap items addressing this?
We are specifically looking for a solution that stays within Vault itself, without relying on external dashboards or custom scripts.
Appreciate any guidance or best practices from the community.
Thanks!