Your organization has an initiative to reduce and ultimately remove the use of long lived X.509 certificates. Which secrets engine will best support this use case?
Your organization has an initiative to reduce and ultimately remove the use of long lived X.509 certificates. Which secrets engine will best support this use case?
The PKI (Public Key Infrastructure) secrets engine is designed specifically for issuing and managing X.509 certificates, including their lifecycles. This makes it the most suitable option for initiatives aimed at reducing and eventually removing the use of long-lived X.509 certificates. By configuring the PKI engine, an organization can automate the issuance of short-lived certificates, thereby supporting the initiative to move away from long-lived certificates.
https://developer.hashicorp.com/vault/docs/secrets/pki