The PKCS#12 or PFX format is a binary format for storing the server certificate, intermediate certificates, and the private key in one encryptable file. PFX files usually have extensions such as .pfx and .p12. PFX files are typically used on Windows machines to import and export certificates and private keys.
Some use-cases require users to store those certificates in Vault KV.
Below are the steps to store a binary value to Vault KV store, and retrieve them in base64 format
- Encode the binary file (pfx file) with base64 and store it vault kv as a secret by name cert1:
base64 ./cert.pfx | vault kv put kv/cert1 file=-
- Retrieving the base64 encoded value of the secret
vault kv get --format=json kv/cert1
- to decode the certificate into a binary file if needed
vault kv get -field=file kv/cert1 | base64 --decode > result.pfx
The result.pfx will match the initial cert.pfx.