mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-29 09:42:25 +00:00
54685189eb
* Add initial ACME API documentation Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add note about required headers The required header `Cache-Control: no-store` is automatically set by Vault in wrapGenericHandler(...). Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog entry Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Documentation typo fixes Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Clarify that account binding is to Vault, directories unauthenticated Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> --------- Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
4 lines
524 B
Plaintext
4 lines
524 B
Plaintext
```release-note:feature
|
|
**Vault PKI ACME Server**: Support for the ACME certificate lifecycle management protocol has been added to the Vault PKI Plugin. This allows standard ACME clients, such as the EFF's certbot and the CNCF's k8s cert-manager, to request certificates from a Vault server with no knowledge of Vault APIs or authentication mechanisms. For public-facing Vault instances, we recommend requiring External Account Bindings (EAB) to limit the ability to request certificates to only authenticated clients.
|
|
```
|