Vault PKI Cluster
3-node Raft, Root CA + Issuing CA
Category |
INFRASTRUCTURE |
Status |
Complete |
Premise
Zero-trust PKI infrastructure for all certificate needs
Goals
-
Root CA offline, Issuing CA for daily operations
-
Automated cert renewal for 802.1X endpoints
-
Short-lived certificates (8h-30d based on use case)
Current State
Production - 802.1X, SSH, TLS certs all issued from Vault
Next Steps
-
Add ACME protocol support
-
Implement certificate transparency logging
Architecture Notes
|
3-node Raft: vault-01 (leader) ↔ vault-02 ↔ vault-03 |