Hashicorp Vault PKI Secrets Engine Demo for Certificate Management

In this video, we demo #Hashicorp #Vault #PKI Secrets Engine for Certificate Management. Certificate Management is not an easy task. Most Sysadmins dread the day they have to work on renewing a certificate. This is because of a few reasons: It's a manual and complex process done every few years, so it's hard to remember everything. Most Sysadmins have a Method of Procedure stored somewhere for when they need to go through this process. It's risky because it incurs an outage during the process. HashiCorp Vault's Public Key Infrastructure (PKI) secrets engine can streamline distributing TLS certificates and allows users to create PKI certificates with a single command. Vault PKI reduces overhead around the usual manual process of generating a private key and CSR, submitting to a CA, and waiting for a verification and signing process to complete, while additionally providing an authentication and authorization mechanism to validate as well. It's quite simple to issue certificates with Vault and I'll show you how in this demo video. You can now create short-lived certificates. This is the best practice from a security point of view. Here we used the Vault Terraform provider to build everything. Bonus: I walk you through adding the root and intermediate CA certificates to the Windows 10 Certificate Store. There are also a couple of certutil commands to let you clear the CRL cache so you can see that the certificate is revoked. In this video demo we go through the following steps: ▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬ 00:00 Introduction 03:43 Terraform to create the Root and Intermediate CAs 07:13 Generate a leaf certificate for Grafana 10:13 Add the cert to Grafana 11:20 Chrome doesn't trust the cert 12:30 Add Root & Intermediate CAs to Windows Cert Store 16:30 Chrome now trusts the Grafana cert 20:30 Revoke the cert 22:20 Clear the CRL Cache in Windows 10 23:25 Chrome shows the cert is revoked 24:44 Walkthrough of the Terraform Code 36:00 Conclusion ▬▬▬▬▬▬▬▬▬ Courses 🎓 ▬▬▬▬▬▬▬▬ TeKanAid Academy ► https://tekanaid.com/courses ▬▬▬▬▬▬▬▬ Useful Links 🛠 ▬▬▬▬▬▬▬ Get the code ► https://tekanaid.com/posts/hashicorp-... Blog post that goes with this video ► https://tekanaid.com/posts/hashicorp-... A step-by-step guide walkthrough ► https://learn.hashicorp.com/tutorials... Consul-Template to Automate Certificate Management for Vault ►    • Consul-Template to Automate Certificate Ma...   ▬▬▬▬ 🎓 FREE 7-Day Platform Engineering Crash Course ▬▬▬▬ One email a day for 7 days. Real tools, real CLI commands, hands-on labs. Day 1: What is Platform Engineering (the role, the market, why every large org is building a PE team) Day 2: Infrastructure as Code with Terraform Day 3: Containers and Kubernetes Day 4: Policy as Code (OPA + Sentinel) Day 5: CI/CD and GitOps (GitHub Actions + ArgoCD) Day 6: Observability and Security Day 7: Building Your Internal Developer Platform with Backstage + your 6-month career roadmap 👉 Sign up free: https://tekanaid.com/platform-enginee... ▬▬▬▬▬▬▬▬ 🛠️ Recommended Tools ▬▬▬▬▬▬▬▬ Cloud hosting, infra, and tooling I recommend for AI Platform Engineering. Includes affiliate links that help fund TeKanAid Academy at no cost to you. 👉 https://tekanaid.com/recommended-tools ▬▬▬▬▬▬▬▬ Connect 👋 ▬▬▬▬▬▬▬▬▬ Website ► https://tekanaid.com Facebook Page ►   / tekanaid   Don't forget to subscribe ► https://bit.ly/TeKanAid_YouTube_Subsc... MEDIUM ►   / sam-gabrail   TWITTER TeKanAid ► https://x.com/tekanaid TWITTER Sam ► https://x.com/Sam_Gabrail LINKEDIN TeKanAid ►   / tekanaid   LINKEDIN Sam ►   / samgabrail   In this course you will get to: ⭐ Learn everything you need to know about Vault to ace the Vault Associate Exam ⭐ 8+ hours of video content ⭐ Instructor has his camera on making you feel that you're right in the classroom ⭐ Hand-drawn animated diagrams to help you grasp the topics better ⭐ Lots of hands-on labs to learn by doing ⭐ English closed captions that are searchable so you won't miss a word ⭐ Quizzes to help you grasp the material well ⭐ Join our Community