HashiCorp Vault - Managed Keys

this document provides information about using {{futurex}} pkcs #11 libraries to configure the {{k3}} with the hashicorp vault managed keys feature for other questions about your {{k3}} , see the relevant user guide application description from the hashicorp vault documentation website https //www vaultproject io/docs/enterprise/managed keys within certain environments, you might want or need to leverage key management systems external to vault when handling, storing, and interacting with private key material to satisfy these requirements, vault has a centralized abstraction called managed keys different secrets engines can plug into this feature to delegate these operations to a trusted external kms at a minimum, a managed key consists of a named managed key entry handled by the sys/managed key api ( www vaultproject io/api docs/system/managed keys http //www vaultproject io/api docs/system/managed keys ) besides a name, a managed keys has backend specific configurations to access the key in question for pkcs #11 (hsm) backed managed keys, the managed key configuration must reference a kms library stanza ( www vaultproject io/docs/configuration/kms library http //www vaultproject io/docs/configuration/kms library ) that points to a pkcs #11 access library on the host machine note that a configured, named managed key corresponds to a single key within a backend you can configure more than one managed key to target a single backend by creating multiple managed keys with the api integration overview to use the hashicorp managed keys feature with the {{k3}} , you must perform the following tasks install {{futurex}} pkcs #11 configure the {{k3}} edit the {{futurex}} pkcs #11 configuration file configure the {{futurex}} pkcs #11 library with hashicorp vault test pki operations the following sections describe how to perform these tasks