Discovering and importing Kubernetes certificates into Venafi TPP

In this course, we will install cert-discovery-venafi onto a Kubernetes cluster, and connect it to a Venafi TPP instance.

Introducing cert-discovery-venafi

Venafi Trust Protection Platform is widely used by many organizations to centrally manage all keys and certificates. This allows security teams to have full control over certificate issuance and define governance models via policies consistently. With this the security teams have the required visibility of all certificates across the enterprise

Venafi TPP users can already scan their network for certificates using Scanafi. they can also scan secrets stored in HashiCorp Vault using the Venafi PKI Monitoring Secrets Engine for HashiCorp Vault.

Kubernetes clusters also contain many certificates that may not be found by whenever the HTTPS endpoint (or STARTTLS endpoint) is not available to Scanafi. Although you can already monitor the certificates issued by Venafi TPP when using cert-manager, all the other certificate do not surface in Venafi TPP.

This solution aims at pushing the certificates found in your Kubernetes cluster to Venafi TPP.

In the next chapter, you will see a demonstration of how certificates show up in Venafi TPP with the use of cert-discovery-venafi.