Hello,
I’m writing an integration between Puppet and Vault to manage SSL certificates on a host.
I’m attempting to query the Vault API to find certificates matching a CN (Common Name) and then determine if the cert in Vault matches the cert on my host, if not my code will perform some remediation action (generate a new cert).
Right now my code does the following (high level)
all_certs_response = HTTP('LIST', '/pki/certs')
all_common_names = []
for serial in all_certs_response['data']['keys']
cert_response = HTTP('GET', '/pki/cert/#{serial}')
cert = cert_reponse['data']['certificate']
# use OpenSSL to read the cert data and parse the Common Name
ossl_cert = OpenSSL.certificate(cert)
all_common_names += ossl_cert.common_name
end
# check if my host's common name is in all_common_names
# do some remediation
My question comes with the Vault API. Is there a way to filter the LIST /pki/certs by properties of the certificate (example CN/Common Name)?
As you can see with my code above, right now i have to read all certificates from Vault to find the one that matches my Common Name, then use OpenSSL to parse the cert for the details.
Is there a more efficient way of doing this with the Vault API?
Thanks,
Nick