
Create a cert-manager Issuer (or ClusterIssuer), referencing a Secret, but do not create the Secret.

> ⚠ The issuer refers to a `credentialsRef` that we did not create.
> That is intentional. It is the job of venafi-oauth-helper to create the secret with access-token required to access Venafi TPP.

```yaml
kubectl apply -f- <<EOF
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: issuer-1
spec:
  venafi:
    zone: "REPLACE_WITH_YOUR_VENAFI_POLICY_FOLDER"
    tpp:
      url: https://REPLACE_WITH_VENAFI_TPP_HOST/vedsdk
      caBundle: REPLACE_WITH_BASE64_ENCODED_CERT_CHAIN_TO_ACCESS_VENAFI
      credentialsRef:
        name: issuer-1-credentials
EOF
```

Check to see the status of the issuer. It should be ready.

```bash
kubectl get issuer issuer-1
```

```bash
kubectl describe issuer issuer-1
```

## Next Steps

- [Verify the configuration](/academy/jss05/chapter6)


Configure cert-manager

Next Steps

On this page