In high-security environments, it's important to store sensitive data like SSL certificate-key pairs in memory only, not on disk. Here we show how to generate ephemeral SSL key pairs using HashiCorp Vault and store them in the in-memory NGINX Plus key-value store.
Protecting SSL Private Keys in NGINX with HashiCorp Vault
The second post of our series about protecting SSL private keys shows how to set up HashiCorp Vault to store the passwords that protect private keys, and to configure NGINX to retrieve the passwords. We also discuss using a hardware security module for even greater security.
Service Discovery for NGINX Plus Using Consul APIs
Discover how Consul and NGINX Plus work together to automate reconfiguration of upstream server groups, with a demo implementation provided on GitHub