diff --git a/builtin/logical/pki/cert_util.go b/builtin/logical/pki/cert_util.go
index 03547fb96..97241acd1 100644
--- a/builtin/logical/pki/cert_util.go
+++ b/builtin/logical/pki/cert_util.go
@@ -1183,6 +1183,12 @@ func convertRespToPKCS8(resp *logical.Response) error {
 		signer, err = x509.ParsePKCS1PrivateKey(keyData)
 	case certutil.ECPrivateKey:
 		signer, err = x509.ParseECPrivateKey(keyData)
+	case certutil.Ed25519PrivateKey:
+		k, err := x509.ParsePKCS8PrivateKey(keyData)
+		if err != nil {
+			return fmt.Errorf("error converting response to pkcs8: error parsing previous key: %w", err)
+		}
+		signer = k.(crypto.Signer)
 	default:
 		return fmt.Errorf("unknown private key type %q", privKeyType)
 	}
diff --git a/changelog/13257.txt b/changelog/13257.txt
new file mode 100644
index 000000000..10a4902f2
--- /dev/null
+++ b/changelog/13257.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+secrets/pki: Recognize ed25519 when requesting a response in PKCS8 format
+```