Unit 2: HashiCorp Vault PKI — dynamic certificates and secret management

## Scope
Vault's PKI secrets engine as the CA for Pilot network enrollment. Vault handles identity verification (AppRole, K8s auth, cloud IAM) and issues short-lived certificates.

## Deliverables
- Vault PKI integration: daemon requests certificate from Vault PKI mount
- Vault auth methods: AppRole, Kubernetes, AWS IAM, GCP IAM, Azure MSI
- Short-lived certificates: hours not months, automatic renewal
- Dynamic join tokens: Vault Transit engine generates single-use, time-limited join tokens
- Revocation via Vault: revoking cert in Vault propagates to Pilot CRL
- Setup guide: Vault PKI mount configuration, role definition, auth method setup

## Files
- `pkg/daemon/vault.go` — Vault client, certificate request
- `tests/` — Vault integration tests (mock Vault server)

## Priority: HIGH

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Unit 2: HashiCorp Vault PKI — dynamic certificates and secret management #47

Scope

Deliverables

Files

Priority: HIGH

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Unit 2: HashiCorp Vault PKI — dynamic certificates and secret management #47

Description

Scope

Deliverables

Files

Priority: HIGH

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions