Skip to main content
The HashiCorp online documentation (https://www.vaultproject.io/docs/what-is-vault) describes Vault as a tool for securely accessing secrets. Vault provides a unified interface to any secret, such as API keys, passwords, or certificates, while providing tight access control and a detailed audit log. Because modern systems require frequent access to secrets, you must understand who is accessing what secrets and manage key rotation, secure storage, and detailed audit logs. Vault provides the solution.

Integration overview

This integration enables you to store PKCS #12 passphrases in HashiCorp Vault automatically after you generate them on the KMES Series 3. Thus, DevOps and developers don’t need to manually create secrets and populate them into Vault in a secure manner when requesting X.509 certificates and key pairs. This guide covers the following topics:
  1. Prerequisites.
  2. Configure TLS certificates for mutual authentication between HashiCorp Vault and the KMES Series 3.
  3. Set up and configure Vault.
  4. Set up authentication between KMES Series 3 and Vault.
  5. Offload randomly generated PKCS#12 passphrases to Vault.
The following sections describe using the HashiCorp Vault with KMES Series 3.