Compatibility with acme-vault

[xeroc]

As per remilapeyre/vault-acme#34,
I would like to use fabio and acme-vault together to deal with letsencrypt certificates for loadbalancing and have vault deal with the certs through pki (e.g. acme-vault plugin).

However, the keys are different for when issuing certs. While this one is probably easy to get compatibility with, I wonder what is required to get these two wonderful projects talk more nicely with each other.

After all, I wonder how many people's needs this would satisfy.

Cheers,
-- Fabian

[nathanejohnson]

We use vault for our fabio certificate stores. We have a homegrown set of scripts that handle renewals for now, but I have not yet looked into acme-vault. I will take a peek and learn a bit about this project and see what it might take to integrate the two.

[remilapeyre]

Hi @xeroc, as you already noticed vault-acme does not reproduce the API of the PKI engine. I first chose this because creating certificates with an ACME provider is quite different from using a builtin signer.

It turns out that this also makes vault-acme incompatible with all existing Vault integration which makes it less useful. I'm currently working to implement the full PKI api but this will take some time. I will try to implement what's needed for Fabio first so that you can test it.