HashiCorp Vault with
Keyfactor Secrets Engine

Leverage the value of HashiCorp Vault without compromising enterprise security requirements.

Keyfactor enables DevOps teams to get seamless access to trusted internal and public certificates via native Vault API calls and commands, while security teams maintain complete visibility and control over backend PKI operations.

HashiCorp Vault Keyfactor Integration

Keyfactor + HashiCorp Vault Benefits

Keyfactor delivers a powerful, invisible PKI backend for Vault that’s purpose-built for Vault’s high-volume
workloads. Support thousands of operations per second in environments ranging from thousands to
millions of digital certificates.

Icon Icon

Get Complete Visibility

Discover certificates across all Vault instances and bring them into a single enterprise-wide inventory.

Icon Icon

Secure Root of Trust

Provide Vault with a highly secure, offline root of trust and dedicated PKI platform delivered from the cloud.

Icon Icon

Enforce Policy

Define and configure tighter controls over certificate content and private key requirements.

Icon Icon

Reporting & Compliance

Continuously monitor status, generate reports, search and revoke non-compliant or mis-issued certificates.

Icon Icon

CA Agility

Enable high-volume issuance via Vault from any public or private CAs configured in Keyfactor Command.

Icon Icon

High Performance & Scale

The only platform proven to handle thousands of operations per second for 500M+ certificates.

Seamless PKI Backend at DevOps Speed

The Keyfactor Secrets Engine provides a PKI backend for Vault to issue trusted certificates via the Keyfactor platform.

  • Enables developers to use native Vault API calls and commands to request certificates from Keyfactor
  • Allows security teams to maintain visibility and control over all certificates issued to Vault instances
  • Connect Vault with trusted public, private, or cloud-hosted CAs configured in the Keyfactor platform.

How Keyfactor’s Secrets Engine Works

Keyfactor provides the control and visibility you need around your Vault environment.

Inventory and Manage Vault Certificates with Ease

Keyfactor Orchestrator connects to Vault instances to inventory and synchronizes certificates with the Keyfactor platform.

  • Discovers and inventories certificates from all Vault instances for active monitoring and reporting
  • Allows security teams to add metadata, group certificates, and set alerts and notifications
  • Enables developers to use the built-in Vault PKI while security still maintains visibility

How Keyfactor’s Orchestrator Works

Keyfactor provides real time inventory and reporting for any Vault PKI environment, allowing your security
and compliance teams to have full visibility of the certificates being issued within the Vault platform.

Find out how the Keyfactor platform can modernize your PKI, prevent
certificate outages, accelerate DevOps security, and more.