vault-pki

Name: vault-pki
Author: automateyournetwork/netclaw

$npx mdskill add automateyournetwork/netclaw/vault-pki

Manages HashiCorp Vault PKI certificate infrastructure

Enables certificate lifecycle management for PKI infrastructure
Uses Vault PKI API and vault-mcp server for secure access
Executes commands based on user queries about issuers, roles, and certificates
Returns structured outputs for certificate actions and configurations

SKILL.md

.github/skills/vault-pkiView on GitHub ↗

---
name: vault-pki
description: "Manage HashiCorp Vault PKI certificate infrastructure."
version: 1.0.0
license: Apache-2.0
author: netclaw
tags: []
---

# Vault PKI Skill

Manage HashiCorp Vault PKI certificate infrastructure.

## Tools

| Tool | Description |
|------|-------------|
| `enable_pki` | Enable PKI secrets engine at a path |
| `create_pki_issuer` | Create a CA certificate issuer |
| `list_pki_issuers` | List configured issuers |
| `get_pki_issuer` | Get issuer details |
| `create_pki_role` | Create certificate issuing role |
| `list_pki_roles` | List PKI roles |
| `get_pki_role` | Get role configuration |
| `issue_certificate` | Issue certificate from role |
| `list_certificates` | List issued certificates |
| `revoke_certificate` | Revoke a certificate |

## Example Queries

```
List PKI roles in the network-pki engine

Issue a certificate for router-mgmt.example.com

Create a PKI role for network device certificates

Show issuers in the pki/network path
```

## Prerequisites

- `VAULT_ADDR` Vault server address
- `VAULT_TOKEN` Token with PKI management policy
- Optional: `VAULT_NAMESPACE` for Vault Enterprise

## Server

This skill uses the `vault-mcp` server which connects to Vault PKI API.

More from automateyournetwork/netclaw

Skill	Description
aap-automation	Red Hat Ansible Automation Platform — inventory management, job template execution, project SCM sync, ad-hoc commands, host management, Galaxy content discovery. Use when automating infrastructure with Ansible, running playbooks, managing inventories, or searching for Ansible collections and roles.
aap-eda	Event-Driven Ansible (EDA) — activation lifecycle, rulebook management, decision environments, event stream monitoring. Use when managing event-driven automation triggers, enabling/disabling activations, or reviewing EDA rulebooks.
aap-lint	ansible-lint playbook and role validation — syntax checking, best practice enforcement, project-wide analysis, rule filtering. Use when validating Ansible playbooks, checking code quality, or enforcing automation best practices before deployment.
aci-change-deploy	Safe ACI policy change deployment - ServiceNow CR lifecycle, pre/post-change fault baselines, APIC policy application, automatic rollback on fault delta, and GAIT audit trail. Use when deploying ACI policy changes, creating tenants or EPGs, pushing config to APIC, or running a change window with rollback protection.
aci-fabric-audit	Comprehensive Cisco ACI fabric health audit - node status, tenant/VRF/BD/EPG policy review, contract analysis, fault triage, and endpoint learning verification. Use when auditing ACI fabric health, checking for faults, reviewing tenant policies, or running pre/post-change baselines on APIC.
arista-cvp	Arista CloudVision Portal (CVP) automation via REST API — device inventory, events, connectivity monitoring, tag management (4 tools). Use when managing Arista devices, checking CloudVision events, monitoring network connectivity probes, or tagging devices in CVP.
aruba-cx-config	View and manage Aruba CX switch configurations, perform ISSU upgrades, and firmware operations
aruba-cx-interfaces	Monitor Aruba CX switch interface status, LLDP neighbors, and optical transceiver health
aruba-cx-switching	View and manage Aruba CX switch VLANs and MAC address tables for Layer 2 operations
aruba-cx-system	Discover Aruba CX switch system information, firmware versions, and VSF topology