Open xeroc opened 1 year ago
We use vault for our fabio certificate stores. We have a homegrown set of scripts that handle renewals for now, but I have not yet looked into acme-vault. I will take a peek and learn a bit about this project and see what it might take to integrate the two.
Hi @xeroc, as you already noticed vault-acme
does not reproduce the API of the PKI engine. I first chose this because creating certificates with an ACME provider is quite different from using a builtin signer.
It turns out that this also makes vault-acme
incompatible with all existing Vault integration which makes it less useful. I'm currently working to implement the full PKI api but this will take some time. I will try to implement what's needed for Fabio first so that you can test it.
As per https://github.com/remilapeyre/vault-acme/issues/34, I would like to use fabio and acme-vault together to deal with letsencrypt certificates for loadbalancing and have vault deal with the certs through pki (e.g. acme-vault plugin).
However, the keys are different for when issuing certs. While this one is probably easy to get compatibility with, I wonder what is required to get these two wonderful projects talk more nicely with each other.
After all, I wonder how many people's needs this would satisfy.
Cheers, -- Fabian