This repository has been archived on 2026-07-08. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
infospace-bench/infospaces/patterns-of-it-securita-architecture/artifacts/entities/pattern-certificate-automation.md

44 lines
1.1 KiB
Markdown

# Pattern: Certificate Automation
Status: seed
Readiness target: RL3 production
Primary owners: Railiance platform, NetKingdom
Genesis family: Secrets and cryptography
## Problem
Manual certificate issuance and renewal create outages, weak defaults,
and stale trust anchors.
## Context
Use this pattern for ingress TLS, internal service TLS, mTLS, workload
certificates, admin endpoints, and platform APIs.
## Forces
- Certificates need automated issuance and renewal.
- Trust roots must be owned and rotated.
- Internal and external certificate policies differ.
- Expiry must be observable before outage.
## Solution
Automate certificate issuance, renewal, monitoring, and rotation through
approved issuers and scoped identities. Treat certificate authority
material as platform-root secret material.
## Verification
- Certificates renew before expiry.
- Issuers and trust roots are documented and protected.
- Expiry monitoring alerts before service impact.
- mTLS or internal TLS policies are tested where required.
## Related Patterns
- Workload Identity.
- Secret Zero Avoidance.
- Secure Cluster Baseline.
- Network Default Deny.