Use case

Automated PKI infrastructure

Quickly create X.509 certificates on demand and reduce the manual overhead.


Creating, rotating, and managing certificates is cumbersome and time consuming

Organizations should protect their infrastructure. However, traditional PKI process workflow takes a long time, which motivates organizations to create certificates which do not expire for a year or more.


Generate and rotate certificates on demand with Vault

Vault's PKI secrets engine can dynamically generate X.509 certificates on demand. This allows services to acquire certificates without going through the usual manual process of generating a private key and Certificate Signing Request (CSR), submitting to a Certificate Authority (CA), and then waiting for the verification and signing process to complete.

Securing Secrets and Identity for 100,000+ Edge Devices
Customer case study

Securing the edge

Deep dive into the architectural patterns that Starbucks used to build secret and identity management capabilities for 100,000+ retail edge devices with HashiCorp Vault.

  • 100k+

    edge devices

  • 1000+


  • 16k+

    stores in North America alone

Ready to get started?

Quickly get hands-on with HashiCorp Cloud Platform Vault and set up your managed Vault cluster.

Streamline certificate management

Certificates are at the nexus of modern secure communication. This will show you how to leverage Vault to quickly and securely generate PKI (x509) and SSH certificates. A demo showing how to leverage this information will help give you ideas how to integrate this into your environments.