Skip to main content

Requirements & Considerations

When developing Management Layer solutions for CyberArk Certificate Manager - SaaS, you should always build with the goal of certification in mind.

✅ Certificate Manager - SaaS Certification

Certified solutions see increased adoption from users. Find out more!

Minimum Requirements

  • The solution must be able to request certificates from Venafi.
  • The solution must automate the delivery of any necessary certificate(s) required for the security of applications managed by the management layer.
  • The solution must perform any necessary updates to any bindings/configurations/associations attached to the machine identity.
  • The solution must report back to Certificate Manager - SaaS all installed locations(s) and necessary metadata (service/port, profile, etc.)of the any certificates obtained through Venafi.
  • If possible, the solution should store relevant, associated metadata of the certificate (like expiry date) which can be utilized for automated operations.
  • If possible, Certificate Manager - SaaS must be able to continuously validate any machine identity is installed at any known location(s). "Validation" can take many forms. The important part is that the solution is able to detect any changes and report back to Venafi if a certificate is removed or replaced.

✅ Focus on UX

The best solutions will require as little, if any, human interaction as possible after initial configuration.

Security Considerations

  • The solution should be developed with standard security best practices in mind.
  • The solution should make no attempts to harvest user data.
  • Effective data validation should be implemented to catch errors.
    • Values should be checked before being passed to functions in code.
    • Values should be checked before being passed to Venafi or target product/platform/service.

Building a Better User Experience

We understand that every target product is different and some functionality may not be supported. The following additional requirements greatly enhance the user experience, provide additional value to teams and organizations and should be implemented if at all possible.

  • Renewal of any existing machine identities in use would be transparent to end users and not cause any downtime.
  • Provide the ability to import existing machine identities in use by the management layer and any lower-level components to Venafi for comprehensive visibility and rapid onboarding.

Primers

We think you'll find the following references helpful when developing your solution.

If you've found other articles or tools that you think should be included here, please let us know!

Success Stories

Existing solutions that fit this use case:

From the Venafi Marketplace:

From elsewhere: