status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Clarify docs around using either Consul or Vault managed PKI paths (#13295) 

* Clarify docs around using either Consul or Vault managed PKI paths

The current docs can be misread to indicate that you need both the
Consul and Vault managed PKI Paths policies. The [Learning Tutorial](https://learn.hashicorp.com/tutorials/consul/vault-pki-consul-connect-ca?in=consul/vault-secure#create-vault-policies)
is clearer. This tries to make the original docs as clear as the
learning tutorial

* Clarify that PKI secret engines are used to store certs

Co-authored-by: Blake Covarrubias <blake.covarrubias@gmail.com>
This commit is contained in:
twunderlich-grapl 2022-08-23 20:06:00 -04:00 committed by GitHub
parent 8d6b73aed0
commit bb35a8303d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
website/content/docs/connect/ca/vault.mdx
View File

@ -201,6 +201,8 @@ If the paths already exist, Consul will use them as configured.
## Vault ACL Policies
Vault PKI can be managed by either Consul or by Vault. If you want to manually create and tune the PKI secret engines used to store the root and intermediate certificates, use Vault Managed PKI Paths. If you want to have the PKI automatically managed for you, use Consul Managed PKI Paths.
### Vault Managed PKI Paths
The following Vault policy allows Consul to use pre-existing PKI paths in Vault.