You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+45-13Lines changed: 45 additions & 13 deletions
Original file line number
Diff line number
Diff line change
@@ -1,3 +1,4 @@
1
+
1
2
# keyfactor-vault-secrets-engine
2
3
3
4
A Vault plugin that allows Vault to use Keyfactor Command as a CA and issue certificates.
@@ -10,18 +11,17 @@ This API client allows for programmatic management of Keyfactor resources.
10
11
11
12
## Support for keyfactor-vault-secrets-engine
12
13
13
-
keyfactor-vault-secrets-engine is open source and community supported, meaning that there is no support guaranteed from
14
-
Keyfactor Support for these tools.
14
+
keyfactor-vault-secrets-engine is open source and community supported, meaning that there is no support guaranteed from Keyfactor Support for these tools.
15
15
16
-
###### To report a problem or suggest a new feature, use the **[Issues](../../issues)
17
-
** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)
18
-
** tab.
16
+
###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.
19
17
20
18
---
21
19
22
20
23
21
---
24
22
23
+
24
+
25
25
# Hashicorp Vault Secrets Engine
26
26
27
27
Keyfactor enables DevOps teams to get seamless access to trusted internal and public certificates via native Vault API
@@ -154,11 +154,11 @@ document.
154
154
- An adequate number of unseal keys to meet the minimum criteria to unseal the Hashicorp Vault
155
155
- A Hashicorp Vault login token
156
156
157
-
## Installation - Keyfactor Command
157
+
## Installation - Keyfactor
158
158
159
-
### Create the Keyfactor Command service account or oAuth client
159
+
### Create the Active Directory service account or oAuth client
160
160
161
-
For the purposes of this document, we will not go into the details of how to create a service account user since this
161
+
For the purposes of this document, we will not go into the details of how to create an Active Directory user since this
162
162
process can vary widely, however, here are a couple of things to consider:
163
163
164
164
- Ensure that the user does not have an expiring password, or if it does, ensure that the password resets are managed
@@ -450,17 +450,48 @@ The values that will need to be set are the following:
450
450
451
451
- url
452
452
- The url pointing to the keyfactor platform with no trailing slashes **(example: "https://kftrain.keyfactor.lab")**
453
-
- username
454
-
- The username of the account used for authenticating to the platform including the domain **(example: "
455
-
KEYFACTOR\VaultUser")**
456
-
- password
457
-
- The password corresponding to the user account for authenticating to the platform.
458
453
- ca
459
454
- The certificate authority used when issuing certificates via the plugin **(example:
460
455
kftrain.keyfactor.lab\\\\keyfactor-KFTRAIN-CA)**
461
456
- template
462
457
- The certificate template name to use when issuing certificates. It should be issuable by the CA
463
458
459
+
#### Basic Authentication Configuration
460
+
461
+
If you are using basic authentication to Keyfactor Command, you will also need to set the following values:
462
+
463
+
- username
464
+
- The username of the account used for authenticating to the platform including the domain **(example: "
465
+
KEYFACTOR\VaultUser")**
466
+
- password
467
+
- The password corresponding to the user account for authenticating to the platform.
468
+
469
+
#### oAuth2 Configuration
470
+
471
+
##### Client Credentials Grant
472
+
473
+
If you are using the client credentials grant to authenticate to Keyfactor Command, you will also need to set the
474
+
following values:
475
+
476
+
- client_id
477
+
- The client ID of the oAuth2 client used for authenticating to the platform
478
+
- client_secret
479
+
- The client secret corresponding to the oAuth2 client for authenticating to the platform
480
+
- token_url
481
+
- The URL to the oAuth2 token endpoint for the platform
482
+
- scopes
483
+
- The scopes of the oAuth2 client
484
+
- audience
485
+
- The audience of the oAuth2 client
486
+
487
+
##### Access Token
488
+
489
+
If you are using a static access token to authenticate to Keyfactor Command, you will also need to set the following
490
+
value:
491
+
492
+
- access_token
493
+
- The access token used for authenticating to the platform
494
+
464
495
Once you've set the configuration properties, run the command:
465
496
`vault read <instance name>/config`
466
497
in order to view the configuration settings (see example below).
@@ -635,3 +666,4 @@ instance of the plugin is named "keyfactor".
0 commit comments