Clarify docs around using either Consul or Vault managed PKI paths (#13295)

* Clarify docs around using either Consul or Vault managed PKI paths The current docs can be misread to indicate that you need both the Consul and Vault managed PKI Paths policies. The [Learning Tutorial](https://learn.hashicorp.com/tutorials/consul/vault-pki-consul-connect-ca?in=consul/vault-secure#create-vault-policies) is clearer. This tries to make the original docs as clear as the learning tutorial * Clarify that PKI secret engines are used to store certs Co-authored-by: Blake Covarrubias <blake.covarrubias@gmail.com>
2 years ago · bb35a8303d
parent 8d6b73aed0
commit bb35a8303d
1 changed files with 2 additions and 0 deletions
--- a/website/content/docs/connect/ca/vault.mdx
+++ b/website/content/docs/connect/ca/vault.mdx
@ -201,6 +201,8 @@ If the paths already exist, Consul will use them as configured.

 ## Vault ACL Policies

+Vault PKI can be managed by either Consul or by Vault. If you want to manually create and tune the PKI secret engines used to store the root and intermediate certificates, use Vault Managed PKI Paths. If you want to have the PKI automatically managed for you, use Consul Managed PKI Paths.
+
 ### Vault Managed PKI Paths

 The following Vault policy allows Consul to use pre-existing PKI paths in Vault.