Overview

CyberArk Certificate Manager for Kubernetes (formerly Venafi TLS Protect for Kubernetes) provides comprehensive automation, discovery, and control of machine identities within Kubernetes environments. It addresses the challenges of managing machine identity security infrastructure in complex, multi-cloud and multi-cluster cloud-native settings. The software enhances application reliability while simultaneously lowering DevOps expenses by offering discovery, observability, control, and consistency of cloud-native machine identities. It automates the discovery and security of all cloud-native machine identities, even those not issued by cert-manager, enabling the definition of standardized policies and cert-manager configurations. This ensures consistent policies across all cloud-native machine identities and guarantees the correct configuration of cert-manager across all clusters. The solution scales across multi, hybrid, and private clouds, providing long-term commercial support for cert-manager, including FIPS 140-2-compliant and signed, scanned builds. Furthermore, it monitors the health and status of the security infrastructure, discovers SPIFFE, SVID, mTLS, and TLS certificates (including those not issued by cert-manager), and observes the health of cert-manager across all Kubernetes clusters. This visibility allows for the detection of misconfigurations and the prevention of outages or misuse. The software supports pod-to-pod and service mesh configurations and allows for the sharing of policies and configurations across clusters and cloud providers for all TLS, mTLS, and SPIFFE SVID certificates. It integrates with various cloud and DevOps tools, including secrets managers, CI/CD tools, and CAs, and integrates with other CyberArk solutions.

Features

Automated Machine Identity Management Automates the discovery and security of all cloud-native machine identities, including those not issued by cert-manager. - Improves application reliability. - Reduces DevOps costs. Centralized Policy Management Defines standardized policies and cert-manager configurations to ensure consistency across all cloud-native machine identities and clusters. - Enforces consistent policies. - Guarantees correct cert-manager configuration across all clusters. Comprehensive Monitoring and Observability Monitors the health and status of cloud-native security infrastructure, including the discovery of various certificate types and the health of cert-manager across all clusters. - Provides visibility into the automation process. - Detects misconfigurations and prevents outages or misuse. Scalability and Flexibility

• Scales to meet the needs of various cloud environments, including multi, hybrid, and private clouds, with long-term commercial support for cert-manager, including FIPS 140-2-compliant builds.
  • Supports pod-to-pod and service mesh configurations.
  • Shares policy and configurations across clusters and cloud providers.