vcert
vcert copied to clipboard
Venafi
Delete/Remove Method
BUSINESS PROBLEM I am using cert-manager to fully automate certificate signing in an OpenShift environment and would like to be able to have the ability to delete certificates when the associated certificate resources are removed in OpenShift. The cert-manager team that utilizes the vcert library stated that a delete/remove function is not provided by the library. I also confirmed this is true reviewing the go documentation. Without the functionality, Venafi gets flooded with no longer used certificates and the only way to remove them is to manually do so through the UI, which is not sustainable.
PROPOSED SOLUTION I would like to see a delete/remove function implemented as part of the API.
CURRENT ALTERNATIVES Letting Venafi maintain old certificates
VENAFI EXPERIENCE
@mathianasj thank you for submitting your idea. I will consult with the cert-manager team and consider this for the future roadmap. In the meantime, assuming you are using Trust Protection Platform, you might want to look into the Placement Jobs feature. With it you can automatically move certificates that have expired to a "Recycle Bin" folder where they can then be reviewed and permanently deleted if desired. The bulk deletion can be automated by calling the GET /certificates method to enumerate the certificates in the folder and then calling DELETE /certificates/{guid} for each. The Adaptable Log feature can be used to trigger the API script automatically.
@tr1ck3r would you consider this issue addressed with the addition of retire and revoke functions to TPP?
