Multi-tenant Vault PKI with custom root PEM bundles

In the previous article1, I have investigated modern PKI software alternatives. One of the options on the list was HashiCorp Vault. The natural next step is to set up a Vault PKI. This article documents setting up an imaginary multi-tenant Vault PKI with custom PEM bundles generated with OpenSSL. The steps the following: create a root CA with OpenSSL create intermediate CAs for imaginary clients with OpenSSL using HashiCorp Vault in development mode: import custom bundle with root and intermediate certificates configure Vault roles issue a certificate The method for generating the root and intermediate CAs comes from OpenSSL Certificate Authority guide written by Jamie Nguyen2.
Read more

Introduction to Keycloak Authorization Services

As the number of applications and websites in the organization grows, the developer will inevitably receive a request to implement Single Sign-On. Single Sign-On (SSO for short) is an authentication scheme allowing the user to log in with a single set of credentials and share the session across multiple, independent, potentially unrelated systems. The savvy developer will roll out Keycloak, enable Standard Flow client, maybe enable some of the social login options, like GitHub, Google or Facebook and call it a day.
Read more