Permalink
Browse files

Deploy to Hashicorp Vault docs

  • Loading branch information...
pashinin committed Dec 10, 2018
1 parent c84466b commit 9f067d7f56eba9c1b301686d2a89419d9e993ea1
Showing with 37 additions and 1 deletion.
  1. +37 −1 deploy/README.md
@@ -295,4 +295,40 @@ You can then deploy the certificate as follows

```sh
acme.sh --deploy -d www.mydomain.com --deploy-hook gitlab
```
```

## 12. Deploy your cert to Hashicorp Vault

```sh
export VAULT_PREFIX="acme"
```

You can then deploy the certificate as follows

```sh
acme.sh --deploy -d www.mydomain.com --deploy-hook vault_cli
```

Your certs will be saved in Vault using this structure:

```sh
vault write "${VAULT_PREFIX}/${domain}/cert.pem" value=@"..."
vault write "${VAULT_PREFIX}/${domain}/cert.key" value=@"..."
vault write "${VAULT_PREFIX}/${domain}/chain.pem" value=@"..."
vault write "${VAULT_PREFIX}/${domain}/fullchain.pem" value=@"..."
```

You might be using Fabio load balancer (which can get certs from
Vault). It needs a bit different structure of your certs in Vault. It
gets certs only from keys that were saved in `prefix/domain`, like this:

```bash
vault write <PREFIX>/www.domain.com cert=@cert.pem key=@key.pem
```

If you want to save certs in Vault this way just set "FABIO" env
variable to anything (ex: "1") before running `acme.sh`:

```sh
export FABIO="1"
```

0 comments on commit 9f067d7

Please sign in to comment.