Skip to content

Configuring the Kubernetes integration

The interface between a cert-manager instance and Venafi as a Service™ (VaaS) is configured via a cert-manager issuer. The issuer contains a reference to a Kubernetes secret that contains your VaaS API key as well as the zone that will be used by the cert-manager plugin to request certificates. The ‘cloudsecret’ field contains the name of the Kubernetes secret that contains your API key. The ‘zone’ field contains the name of the zone.

    kind: Issuer
      name: cloud-devops-issuer
      namespace: cert-manager-example
            cloudsecret: clouddevsecret
            zone: "Default"
  • Use Your Parameters on the Automation page to determine which zone should be used to issue certificates.



Your Parameters displays the policies that must be conformed to when certificates are requested from the zone.

Additional information and examples of setting up the issuer with VaaS and other Venafi solutions can be found in Venafi's Github page.