scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 09:42:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2ef3f7c5bf0c7b5283a2ec6f929f033d67d631ce
vault/ui/lib/pki/README.md
claire bontempo 2ef3f7c5bf UI: Add PKI readme and changelog for UI improvements (#20706) 
* update pki readme

* add readme

* make it fancier

* add more info

* add config improvements to entry

* move changelog info to release notes

* reword action summary

* stop yelling in bullet points

* update action
2023-05-22 21:20:13 +00:00

4.5 KiB
Raw Blame History

Vault PKI

Welcome to the Vault PKI (Ember) Engine! Below is an overview of PKI and resources for how to get started working within this engine.

About PKI

Public Key Infrastructure (PKI) is a system of processes, technologies, and policies that allows you to encrypt and sign data. (source: digicert.com)

The Vault PKI Secrets Engine allows security engineers to create a chain of PKI certificates much easier than they would with traditional workflows.

About the UI engine

If you couldn't tell from the documentation above, PKI is complex. As such, the data doesn't map cleanly to a CRUD model and so the first thing you might notice is that the models and adapters for PKI (which live in the main app, not the engine) have some custom logic that differentiate it from most other secret engines. Below are the models used throughout PKI and how they are used to interact with the mount. Aside from pki/action, each model has a corresponding tab in the UI that takes you to its LIST view.

  • pki/action

    This model is used to perform different POST requests that receive similar parameters but don't create a single item (which would be a record in Ember data). These various actions may create multiple items that contain different attributes than those submitted in the POST request. For example:

    • POST pki/generate/root/:type creates a new self-signed CA certificate (an issuer) and private key, which is only returned if type = exported
    • POST pki/issuer/:issuer_ref/sign-intermediate creates a certificate, and returns issuing CA and CA chain data that is only available once

    The pki/actionadapter is used to map the desired action to the corresponding endpoint, and the pki/action serializer includes logic to send the relevant attributes. The following PKI workflows use this model:

  • pki/certificate/base

    This model is for specific interactions with certificate data. The base model contains attributes that make up a certificate's content. The other models that extend this model certificate/generate and certificate/sign include additional attributes to perform their relevant requests.

    The parsedCertificate attribute is an object that houses all of the parsed certificate data returned by the parse-pki-cert.js util.

The following models more closely follow a CRUD pattern: