TLS Protect Cloud packages and add-ons¶
TLS Protect Cloud is available in two base packages Standard and Enterprise, with optional add-ons for advanced use cases. The features available to you depend on your assigned package. License usage is measured separately from package selection using the Secured Certificate Instance (SCI) metric.
Compare packages¶
Tip
You can view your current plan and add-ons on the Licensing page (Settings > Licensing).
Every organization needs to license either the Standard or Enterprise package to use TLS Protect Cloud. Each package includes features for certificate lifecycle management, with Enterprise adding extended automation, integration, and compliance capabilities.
| Feature | Standard | Enterprise |
|---|---|---|
| SSO and IdP integrations | ✅ | ✅ |
| Certificate discovery (internet, internal network, CA import, API import) | ✅ | ✅ |
| Certificate monitoring and TLS validation | ✅ | ✅ |
| Email and in-product notifications | ✅ | ✅ |
| Custom reports and dashboards | ✅ | ✅ |
| Event log retention | 90 days | 13 months |
| Certificate issuance and CA connectors | ✅ | ✅ |
| Revocation and approval workflows | ✅ | ✅ |
| Built-in CA | ✅ | ✅ |
| Push provisioning (auto renewal, scheduling, validation) | ❌ | ✅ |
| Push provisioning connectors (on-prem, cloud) | ❌ | ✅ |
| Machine, onboard, and cloud keystore discovery | ❌ | ✅ |
| SIEM, webhook, and Slack alerting | ❌ | ✅ |
| Credential management (CyberArk, adaptable credential) | ❌ | ✅ |
| HSM integration (hardware encryption for tenant data) | ❌ | ✅ |
| Full lifecycle CLM APIs | ❌ | ✅ |
| Automation frameworks (ACME, SCEP/EST) | ❌ | partial1 |
| Advanced revocation (CRL, monitoring) | ❌ | ✅ |
| Compliance policies | ❌ | ✅ |
| Adaptable workflows | ❌ | ✅ |
Note
NOTE: Feature availability is determined by your entitled package. As shown in the table above, some advanced capabilities are only available with the Enterprise package.
Add-ons¶
Add-ons are licensed separately and must be used in combination with a base package. Add-ons provide access to specialized integrations and extended platform capabilities.
| Add-on | Description |
|---|---|
| TLS Protect for Kubernetes | Adds support for visibility and automation of certificates in Kubernetes environments. Includes discovery, cert-manager integration, and service binding awareness. |
| Firefly | Provides a private certificate authority that you can host in your own environment. While the platform issues and manages Firefly-issued certificates, they don't count towards your SCI license usage. |
Related topics¶
- Understanding licensing in TLS Protect Cloud
- How license usage is calculated
- Viewing your entitlements and usage
- Settings that affect license consumption
-
Currently supported in Zero Touch PKI and self-hosted. Contact Venafi Support for details. ↩