We have around 40 Kafka clusters and we use hashicorp for certificate management. We have all Kafka certificates in a vault-kv.
Structure:
readable/kafka-certs/my-cluster/
We have certs and key stored in this path.
As a requirement we need to push all the secrets for all Kafka clusters from this path readable/kafka-certs and I want to set this to a schedule of every 5days. How can I achieve this?
Hi @1930045,
Vault server itself does not have a mechanism to push things out. It could be as simple as script/cronjob to retrieve the certificates using the Vault API or Vault CLI but that could be difficult to manage across 40 clusters * N hosts in each cluster and likely error prone or at least have limited visibility into the status.
I would suggest looking into integrating with some other system you already have in place and can monitor - Terraform, some CI/CD system, etc. From these types of systems, you could put the necessary monitoring in place to be aware of any failures.