The Sectigo HashiCorp Vault integration provides a seamless solution for the enrollment, collection, revocation, renewal, and replacement of SSL/TLS and client (S/MIME) certificates issued by the Sectigo Certificate Manager (SCM). This integration is distributed as a custom HashiCorp Vault (Vault) PKI plugin. It provides the following features:

  • RSA 2048, 3072, and 4096-bit private key generation

  • Certificate Signing Request (CSR) creation

  • Storage and state tracking of certificates issued by SCM in Vault

  • Certificate field verification with the profile provided from SCM

The Sectigo Vault integration supports both the management and storage of SSL and client certificates in Vault. The Sectigo Vault PKI plugin supports verifying the validity of certificates that are being read from Vault; certificates that fall within a user-specified certificate expiry window may optionally get automatically renewed.

The types of SSL/TLS and client certificates available to you are based on your account setup.
Integration Diagram

Package contents

The Sectigo HashiCorp Vault integration package contains the following:

  • sectigo-vault-pki:

    • sectigo-vault-pki_<version>: The Sectigo Vault PKI plugin (binary file) that allows users to store and manage certificates that get generated from SCM on Vault.

    • sample_json_data: Sample JSON files that can be used by the user to interact with the Sectigo Vault PKI plugin.

HashiCorp Vault Folder Path