Vault PKI in combination with Azure IoTEdge; using EST (Enrollment over Secure Transport)?

I’m wondering if anyone has experience with setting up Azure IoTEdge’s certificate design (w/ ‘Device CA certificates’ and ‘Workload CA certificates’).
One of my colleagues is asking for the possibility to integrate these with Vault’s PKI through the EST protocol (Enrollment over Secure Transport).

I can’t find anything that points me in the right direction, so I’m wondering if this is even supported, or if there’s alternative methods/protocols I can use.

Hey @djpbessems .

Currently investigating a very similar setup and I was wondering if you ever managed to provision IoTEdge certs using Vault?


Hey Craig,

Unfortunately, I have not been able to investigate any further. Our project scope was intentionally limited to not include this.

But my colleague is still interested in this, so if you have any further progress, please share!


1 Like