HashiCorp Vault

Overview

QCecuring integrates with HashiCorp Vault’s PKI secrets engine to bring enterprise-grade certificate governance to Vault-issued certificates. Organizations can leverage Vault’s dynamic secrets capabilities while maintaining centralized visibility and compliance across their entire certificate estate.

Key capabilities

• Synchronization of certificates issued by Vault’s PKI secrets engine into QCecuring’s inventory.
• Policy enforcement for Vault PKI roles, including allowed domains, key types, and TTLs.
• QCecuring as an upstream CA for Vault intermediate CAs, maintaining chain-of-trust governance.
• Centralized revocation management spanning Vault-issued and externally issued certificates.
• Unified compliance reporting across Vault, cloud CAs, and traditional PKI infrastructure.

Typical use cases

• DevOps teams using Vault for dynamic certificate issuance in microservices architectures.
• Security teams needing governance over Vault PKI without disrupting developer workflows.
• Organizations using Vault as an intermediate CA subordinate to an enterprise root managed by QCecuring.

High-level integration flow

1. Configure QCecuring to connect to Vault’s PKI secrets engine via API token or AppRole authentication.
2. The platform discovers PKI roles, issued certificates, and CA chain configurations.
3. Policies are applied to Vault PKI roles, enforcing organizational standards on issuance parameters.
4. Certificates issued by Vault are automatically synchronized into QCecuring’s centralized inventory.
5. Lifecycle events including revocation, renewal, and expiration are managed from a single pane of glass.

CBOM Discovery

QCecuring inventories PKI secrets engines, transit encryption keys, and stored certificates in Vault, feeding algorithm and key details into your cryptographic bill of materials.