Vault
- Vault charmers
- Security
Channel | Revision | Published | Runs on |
---|---|---|---|
latest/edge | 383 | 23 Aug 2024 | |
latest/edge | 367 | 25 Jul 2024 | |
latest/edge | 364 | 23 Jul 2024 | |
latest/edge | 363 | 23 Jul 2024 | |
latest/edge | 336 | 20 Jun 2024 | |
latest/edge | 335 | 20 Jun 2024 | |
latest/edge | 334 | 20 Jun 2024 | |
latest/edge | 333 | 20 Jun 2024 | |
latest/edge | 332 | 20 Jun 2024 | |
latest/edge | 331 | 20 Jun 2024 | |
latest/edge | 330 | 20 Jun 2024 | |
latest/edge | 329 | 20 Jun 2024 | |
latest/edge | 220 | 20 Jan 2024 | |
latest/edge | 216 | 19 Jan 2024 | |
latest/edge | 214 | 19 Jan 2024 | |
latest/edge | 213 | 19 Jan 2024 | |
latest/edge | 109 | 18 Apr 2023 | |
latest/edge | 79 | 02 Aug 2022 | |
1.16/stable | 387 | 12 Sep 2024 | |
1.16/candidate | 387 | 12 Sep 2024 | |
1.16/beta | 387 | 12 Sep 2024 | |
1.16/edge | 393 | Yesterday | |
1.15/stable | 357 | 24 Jul 2024 | |
1.15/candidate | 357 | 24 Jul 2024 | |
1.15/beta | 357 | 24 Jul 2024 | |
1.15/edge | 376 | 31 Jul 2024 | |
1.8/stable | 372 | 26 Jul 2024 | |
1.8/edge | 164 | 09 Aug 2023 | |
1.8/edge | 162 | 09 Aug 2023 | |
1.8/edge | 161 | 09 Aug 2023 | |
1.8/edge | 159 | 09 Aug 2023 | |
1.8/edge | 157 | 09 Aug 2023 | |
1.8/edge | 156 | 09 Aug 2023 | |
1.8/edge | 155 | 09 Aug 2023 | |
1.8/edge | 154 | 09 Aug 2023 | |
1.8/edge | 140 | 07 Aug 2023 | |
1.8/edge | 138 | 04 Aug 2023 | |
1.8/edge | 135 | 04 Aug 2023 | |
1.8/edge | 131 | 04 Aug 2023 | |
1.7/stable | 371 | 26 Jul 2024 | |
1.6/stable | 369 | 26 Jul 2024 | |
1.5/stable | 370 | 26 Jul 2024 |
juju deploy vault --channel 1.15/beta
Deploy universal operators easily with Juju, the Universal Operator Lifecycle Manager.
Platform:
24.04
23.10
23.04
22.10
22.04
20.04
18.04
Use Vault as an intermediate CA
In this how-to guide, we will configure Vault to act as an intermediate Certificate Authority (CA) using Vault’s PKI secrets engine. Here self-signed-certificates will be the parent CA and tls-certificates-requirer will be the charm requesting a certificate to Vault.
The certificates issued by Vault will have a validity period that is half of its intermediate CA’s, which is determined by the root provider’s configuration, in this case, the self-signed certificates.
- Configure Vault’s common name
- Note: Vault PKI will only allow issuing certificates for the subdomains of the common_name configured here, it will reject any requests using differnt domains in their subject.
juju config vault common_name=mydomain.com
- Deploy the parent CA
juju deploy self-signed-certificates
- Integrate Vault with its parent CA
juju integrate vault:tls-certificates-pki self-signed-certificates
- Deploy
tls-certificates-requirer
juju deploy tls-certificates-requirer --config common_name=demo.mydomain.com
- Integrate TLS Certificates Requirer with Vault
juju integrate tls-certificates-requirer vault:vault-pki
- Retrieve the certificate
juju run tls-certificates-requirer/leader get-certificate