X.509 certificate management for Kubernetes

Automate certificate management in cloud native environments

cert-manager builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide to developers 'certificates as a service' in your Kubernetes cluster.



  • Provide easy to use tools to manage certificates.
  • A standardised API for interacting with multiple certificate authorities (CAs).
  • Gives security teams the confidence to allow developers to manage their own certificates.
  • Support for ACME (Let's Encrypt), HashiCorp Vault, Venafi, self signed and internal certificate authorities.
  • Extensible to support custom, internal or otherwise unsupported CAs.


Support for popular CA types

Out of the box, cert-manager supports ACME (i.e. Let's Encrypt), HashiCorp Vault, Venafi, self signed and internal CA issuer types.

Kubernetes native

cert-manager natively targets Kubernetes and OpenShift. This means it integrates well with other ecosystem tools and addons for your cluster, in order to seamlessly secure all your cloud native infrastructure.

Talk to us on Slack

Interested in learning more, speaking to other contributors, or finding answers?

Contributions welcome

Want to join the fun on Github? New users are always welcome!

Follow us on Twitter

For features announcements, interesting cert-manager news, and other great things.

cert-manager is a CNCF member project

cert-manager is a CNCF member project