Back to resources

December 9, 2020

Tech updateDevOpsEJBCA CloudEJBCA EnterpriseEJBCA Hardware ApplianceEJBCA Software Appliance

EJBCA plugin available for Hashicorp Vault

Android signing schemes, compliance and crypto agility

Hashicorp Vault is a popular tool for encryption services and secrets management. The Vault is available both as open source and Enterprise versions. It can be deployed as a container in any cloud environment. The Vault allows applications to generate certificates on demand using the Vault REST API and EJBCA can be configured to be the PKI that issues those certificates. If you are using Vault for secrets management this integration enables you to streamline your certificate services for all your needs met by Vault, including TLS certificates for secure communication between your applications in your cloud environment.

Setting up a new PKI infrastructure for every application need is not recommended.

  • Managing several PKI software will make your security infrastructure complex and involve manual processes.
  • Implementing a consistent security policy across your certificate use cases will be impossible.
  • Potentially sprawling PKI infrastructures make monitoring for security, compliance and expiration hard.
  • Accelerating administration costs and potential security problems because of limited or lack of control will be the end result.

With EJBCA you can implement centralized control and harmonized security policies for all your PKI services including the Hashicorp Vault. EJBCA is multi-tenant and allows multiple stakeholders and use cases to securely co-exist and create and manage one or several CA hierarchies in one single installation of the software. In addition, EJBCA Enterprise provides the capability of serving both small-scale and larger implementations with millions of users or devices in high availability environments without compromising on security.

The EJBCA integration with Hashicorp Vault can be used to:

  • Fully replace all existing PKIs including the built-in Vault CA. This enables a central, compliant and monitored PKI, for issuance to all applications including those with secrets managed using Vault.
  • Issue a Subordinate CA in the Vault, from a Root CA in EJBCA. This enables control of the Subordinate CA from the central corporate PKI. In addition, the EJBCA integration can be configured to monitor certificates issued from the Subordinate Vault CA.

Read more about the EJBCA plugin to Hashicorp Vault and other resources on PrimeKey Doc. Including such as sample Ansible playbooks and best practices, available to ease your implementation of certificate services for your applications that are already levering the Vault features.

Related blog and news

Tech-Update-Prepare-PKI-for-Quantum-Computing
2022-04-28
Tech update
Cryptography Solution

How to prepare your PKI for quantum computing

Tech-Update-Bouncy-Castle-Kotlin-API
2022-04-12
Tech update
Cryptography Solution

Keeping it simple – private key encryption with the Bouncy Castle Kotlin API

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At PrimeKey AB, corp. ID no. 556628-3064, we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Cookies for ad-tracking

To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.
Confirm choices Accept all