HashiCorp Vault
SecTrail CM integrates with HashiCorp Vault to enable automatic requesting and management of enterprise SSL/TLS certificates.
Connection Requirementsβ
| Requirement | Detail | Description |
|---|---|---|
| Protocol | HTTPS | Vault API is used |
| Port | Used Port | Standard Vault API port |
| Authentication | Token Authentication | Authentication with Vault token |
| User Permission | PKI Secret Engine Read/Write | Certificate request and enrollment permission |
Automatic Operationsβ
SecTrail CM automatically performs the following operations on HashiCorp Vault:
- Certificate Request: CSR (Certificate Signing Request) submission
- Certificate Enrollment: Certificate issuance through Vault PKI Engine
- Role Management: Using different certificate roles
- Automatic Approval: Automatic approval for configured roles
Configuration Stepsβ
1. Add HashiCorp Vault Profileβ
Navigate to Integrations > Hashicorp and click the Create button:
Enter the following information:
- Name: Profile name
- URL: Vault server URL
- Token: Vault API token
- Proxy: Proxy usage (Enable/Disable)
Click Submit button to save the profile.
2. View HashiCorp Vault Profilesβ
After adding a profile, it will be displayed in the Integrations > Hashicorp list:
The list screen displays the following information:
- Name: Profile name
- URL: Vault server address
- Templates: Available certificate roles (PKI roles)
Profile Operationsβ
The following operations can be performed for each profile:
- Refresh: Refresh profile information and role list
- Edit: Edit profile settings
- Delete: Delete profile
Certificate Signing
With HashiCorp Vault integration, you can perform certificate signing with your desired role. Role selection determines the certificate's validity period, purpose, and security level.