luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/content/docs/enterprise/managed-keys.mdx
Steven Clark 12b0e2a56b
Add documentation for Managed Keys (#13856) 
* Add documentation for Managed Keys

 - Add concept, sys/api and pki updates related to managed keys

* Review feedback

 - Reworked quite a bit of the existing documentation based on feedback
   and a re-reading
 - Moved the managed keys out of the concepts section and into the
   enterprise section

* Address broken links and a few grammar tweaks
2022-02-08 14:01:19 -05:00

43 lines
1.5 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: Managed Keys
description: >-
Managed Keys is a system in Vault that defers all private key operations to a third party system.
---
# Managed Keys
Within certain environments, customers want to leverage key management systems
external to Vault, when handling, storing, and interacting with
private key material, or are required to do so by standards requirements.
To satisfy these requirements, Vault has a centralized configuration that
different secrets engines can plug into, allowing them to delegate these
operations to a trusted external KMS.
## Namespace support
Every configured Managed Key is bound to a given namespace, defaulting to the
root namespace. Any secrets engine's mount path must exist within the same namespace
as the Managed Key for which it intends to use.
## Backend Support
Managed Keys were developed to support different types of external backends.
At this time only a PKCS#11 backend is supported, with the possibility of
future integrations being added.
## Plugin Support
The [PKI Secrets Engine](/api/secret/pki#managed-keys) has been integrated
with Managed Keys to offer certificate generation, both root and intermediary
PKI paths, leveraging private keys from an external trusted KMS.
## API
Managed Keys can be managed over the HTTP API. Please see
[Managed Keys API](/api-docs/system/managed-keys) for more details.
To configure PKI secrets engine with Managed Keys please see
[PKI Secret API](/api/secret/pki#managed-keys)
Reference in a new issue View git blame Copy permalink