Hashicorp Vault PKI Secrets Engine Demo for Certificate Management

In this video, we demo #Hashicorp #Vault #PKI Secrets Engine for Certificate Management.

Certificate Management is not an easy task. Most Sysadmins dread the day they have to work on renewing a certificate. This is because of a few reasons:

It's a manual and complex process done every few years, so it's hard to remember everything. Most Sysadmins have a Method of Procedure stored somewhere for when they need to go through this process.
It's risky because it incurs an outage during the process.

HashiCorp Vault's Public Key Infrastructure (PKI) secrets engine can streamline distributing TLS certificates and allows users to create PKI certificates with a single command. Vault PKI reduces overhead around the usual manual process of generating a private key and CSR, submitting to a CA, and waiting for a verification and signing process to complete, while additionally providing an authentication and authorization mechanism to validate as well.

It's quite simple to issue certificates with Vault and I'll show you how in this demo video. You can now create short-lived certificates. This is the best practice from a security point of view.

Here we used the Vault Terraform provider to build everything.

Bonus:
I walk you through adding the root and intermediate CA certificates to the Windows 10 Certificate Store. There are also a couple of certutil commands to let you clear the CRL cache so you can see that the certificate is revoked.

In this video demo we go through the following steps:


▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬
00:00 Introduction
03:43 Terraform to create the Root and Intermediate CAs
07:13 Generate a leaf certificate for Grafana
10:13 Add the cert to Grafana
11:20 Chrome doesn't trust the cert
12:30 Add Root & Intermediate CAs to Windows Cert Store
16:30 Chrome now trusts the Grafana cert
20:30 Revoke the cert
22:20 Clear the CRL Cache in Windows 10
23:25 Chrome shows the cert is revoked
24:44 Walkthrough of the Terraform Code
36:00 Conclusion

▬▬▬▬▬▬▬▬▬ Courses 🎓 ▬▬▬▬▬▬▬▬
TeKanAid Academy Subscription ► https://bit.ly/subscription-premium
Terraform 101 - Certified Terraform Associate ► https://bit.ly/hc-terraform-101
🎟️ Get 15% off of my Terraform 101 Course with this coupon ► YOUTUBE15TF101
HashiCorp Sentinel 101 ► https://bit.ly/hc-sentinel-101
HashiCorp Vault 101 - Certified Vault Associate ► https://bit.ly/hc-vault101
🎟️ Get 15% off of my Vault 101 Course with this coupon ► YOUTUBE15VAULT101
HashiCorp Vault 201 - Vault for Apps in Kubernetes ► https://bit.ly/hc-vault-201

▬▬▬▬▬▬▬▬ Useful Links 🛠 ▬▬▬▬▬▬▬
Get the code ► https://tekanaid.com/posts/hashicorp-...
Blog post that goes with this video ► https://tekanaid.com/posts/hashicorp-...
A step-by-step guide walkthrough ► https://learn.hashicorp.com/tutorials...
Consul-Template to Automate Certificate Management for Vault ►    • Consul-Template to Automate Certificate Ma...  


▬▬▬▬▬▬▬▬ Community 🌎 ▬▬▬▬▬▬▬▬▬
TeKanAid Community Forum ► https://tekanaid.com/community

▬▬▬▬▬▬▬▬ Connect 👋 ▬▬▬▬▬▬▬▬▬
Website ► https://bit.ly/TeKanAid_Website
Facebook Page ► https://bit.ly/TeKanAid_Facebook
Don't forget to subscribe ► https://bit.ly/TeKanAid_YouTube_Subsc...
MEDIUM ► https://bit.ly/Sam_Medium
TWITTER TeKanAid ► https://bit.ly/TeKanAid_Twitter
TWITTER Sam ► https://bit.ly/Sam_Twitter
LINKEDIN TeKanAid ► https://bit.ly/TeKanAid_LinkedIn
LINKEDIN Sam ► https://bit.ly/Sam_linkedin



In this course you will get to:

⭐ Learn everything you need to know about Vault to ace the Vault Associate Exam
⭐ 8+ hours of video content
⭐ Instructor has his camera on making you feel that you're right in the classroom
⭐ Hand-drawn animated diagrams to help you grasp the topics better
⭐ Lots of hands-on labs to learn by doing
⭐ English closed captions that are searchable so you won't miss a word
⭐ Quizzes to help you grasp the material well
⭐ Join our Community