Venafi secret engine plugin installed and configured in Vault. Vault-pki-backend-venafi plugin allows certificate requests to be fulfilled directly by Venafi on behalf of a given certificate authorities. The certificates generated are end-user certificates.
As per documentation Venafi secrets engine | Vault | HashiCorp Developer , the usage of this plugin is to enroll certificates: generate a new certificate writing to /issue endpoint or sign a CSR to generate a new certificate writing to /sing endpoint.
Does this plugin usage include also certificate expiry validation, revoking, renewal or distribution among clients?
Is there any idea for managing end-user certificates signed by an external CA through vault, any help would be appreciated.
Thank you,
xxxx