ACME v25.2

Submit Search

Create the EAB Secret for the Issuer

Create a secret in Kubernetes that contains the secret of the EAB key you will use to register an account in the Keyfactor ACME server.

Note: A user must be issued an EAB key (see GET KeyManagement) before being able to register an ACME client and request a certificate.

To create a secret in Kubernetes for your EAB key’s secret:

Acquire an EAB key for the appropriate user (see GET KeyManagement).
Convert the EAB secret to base64 url encoding. You can do this conversion with a command similar to:
Copy
```
echo -n "YOUR-EAB-KEY-SECRET" | tr '/+' '_-' | tr -d '='
```
Note: Normally, the EAB KeyValue returned from the Get /KeyManagement API An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoint An endpoint is a URL that enables the API to gain access to resources on a server. is already base64 encoded and only needs URL encoding.

Create the secret in Kubernetes for the EAB secret. For example:

Copy

kubectl create secret generic eab-secret -n cert-manager --from-literal secret=BASE64URL-ENCODED-EAB-KEY-SECRET

Was this page helpful? Provide Feedback

Version v25.2

On this page:

© 2025 Keyfactor. All rights reserved.

Hero New Regular