HashiCorp and Entrust have expanded their partnership to enable joint customers to take a further step in taming secrets sprawl. First, Entrust and HashiCorp delivered highly secure centralized enterprise secrets management by integrating Entrust hardware security modules with HashiCorp Vault to wrap and protect master keys. Now joint customers can also use their PKI deployments from within their Vault Web UI.
This new, officially certified plugin allows Vault customers to use a familiar interface to manage their existing certificate infrastructure, improving the visibility and manageability of the certificate infrastructure lifecycle.
The Entrust CA Gateway Vault plugin is as easy to install as any Vault plugin. Once installed, the plugin allows you to access all your public and private certificates. Vault continues to act as a single distribution and access point, enabling you to utilize the wide array of DevOps automation supported by Vault. Behind the scenes, the Entrust plugin acts as a conduit and connection between Vault and your portfolio of Certificate Authorities. This gives you the best of both worlds. World-class DevOps and world-class certificate issuance and policy management.
Certificates created in HashiCorp Vault are also visible in the Entrust management console and automatically subject to your organization’s policies and controls, whether the CA is self-managed, hosted in your own cloud or managed & hosted by the Entrust Managed PKI Service. You gain the compliance and policies from your PKI deployment right within your Vault deployment.
This centralizes certificate management as part of Vault enabling you to secure, store and tightly control access to certificates, making them available through the same user interface, command line input, or HTTP APIs you are using for tokens, passwords and encryption keys for protecting secrets and other sensitive data.
By using your external PKI, you can also leverage the high-level security assurance you achieved with FIPS certified hardware support.
This release can be found on GitHub, taking advantage of the latest functionality from both Entrust Certificate Solutions and HashiCorp Vault:
- The Entrust CA Gateway Vault plugin can be found here: https://github.com/EntrustCorporation/cagw-vault-plugin/tree/master
- More technical information about Vault plugins can be found here: https://vaultproject.io/docs/internals/plugins.html
For more information, join us May 20th at the HashiCorp Zero-trust Security Roadshow. You’ll learn more about how modern organizations are taking advantage of Zero-trust security to deliver applications to the cloud securely. Register here.
Also, visit our Hardware Security Module (HSM) integration page to see how you can enable high-level security assurance using FIPS certified hardware support for your other secrets in HashiCorp Vault: https://www.hashicorp.com/integrations/entrust/vault https://www.entrust.com/partner-directory/hashicorp