The Bugs
Consistency
Some backend configuration and API consistency issues. Vault is not the most consistent with their API either, but they do pick one: plural or singular, and do LIST/GET on that endpoint... here you are sometimes doing plural, sometimes plural and signular.
roles is LIST, and READ,UPDATEcerts is LIST, cert is READissuer is READ,UPDATE
Non-Existant Paths
issuers is listed in UnauthenticatedPaths but does not exist.
Seal-Wrap
role/* doesn't really need to be seal-wrapped. config is where private keys live
The Bugs
Consistency
Some backend configuration and API consistency issues. Vault is not the most consistent with their API either, but they do pick one: plural or singular, and do LIST/GET on that endpoint... here you are sometimes doing plural, sometimes plural and signular.
rolesis LIST, and READ,UPDATEcertsis LIST,certis READissueris READ,UPDATENon-Existant Paths
issuersis listed in UnauthenticatedPaths but does not exist.Seal-Wrap
role/*doesn't really need to be seal-wrapped.configis where private keys live