CertifyClouds Documentation¶

Azure secret lifecycle platform for discovering, rotating, and syncing your cloud secrets, keys, and certificates.

Quick Links¶

Quick Start

Get your first scan running in 15 minutes
Features

Explore what CertifyClouds can do
API Reference

REST API documentation
Support

FAQ and troubleshooting guides

What is CertifyClouds?¶

CertifyClouds is a secret lifecycle platform that helps organizations:

Discover all secrets, keys, and certificates across Azure Key Vaults
Monitor expiration dates and compliance posture
Alert teams before credentials expire
Rotate App Registration secrets automatically (PRO + ENTERPRISE)
Sync secrets to AWS and GCP (PRO + ENTERPRISE)

Architecture¶

┌─────────────────────────────────────────────────────────────────┐
│                     Your Azure Environment                       │
├─────────────────────────────────────────────────────────────────┤
│                                                                  │
│  ┌──────────────┐    ┌──────────────┐    ┌──────────────┐       │
│  │  Key Vault   │    │  Key Vault   │    │  Key Vault   │       │
│  │  (Prod)      │    │  (Dev)       │    │  (Staging)   │       │
│  └──────────────┘    └──────────────┘    └──────────────┘       │
│         │                   │                   │                │
│         └───────────────────┼───────────────────┘                │
│                             │                                    │
│                    ┌────────▼────────┐                          │
│                    │  CertifyClouds  │                          │
│                    │  ┌────────────┐ │                          │
│                    │  │ Discovery  │ │                          │
│                    │  │ Compliance │ │                          │
│                    │  │ Alerts     │ │                          │
│                    │  │ Rotation*  │ │                          │
│                    │  │ Sync*      │ │                          │
│                    │  └────────────┘ │                          │
│                    └─────────────────┘                          │
│                                                                  │
└─────────────────────────────────────────────────────────────────┘
                              * PRO and ENTERPRISE tiers

License Tiers¶

Feature	STARTER	PRO	ENTERPRISE
Asset Discovery
Compliance Scoring
Alerts & Notifications
Audit Logging
Max Subscriptions	4	20	21+ / agreed scope
Users	1	Unlimited	Unlimited
Secret Rotation	3/month
Multi-Cloud Sync
Dependency Mapping
SSO / OIDC
B2C Tenant Registry
Commercial Terms	Standard	Standard	MSA/DPA + support schedule

Compare License Tiers

Getting Started¶

1. Deploy CertifyClouds¶

Deploy to Azure Container Apps or Azure Container Instances:

./deploy-certifyclouds-cae.sh \
  --name prd \
  --location uksouth \
  --acr-name YOUR_ACR \
  --container-apps-subnet /subscriptions/.../subnets/snet-cae \
  --postgres-subnet /subscriptions/.../subnets/snet-psql

Installation Guide

2. Configure Azure Permissions¶

Grant CertifyClouds read access to your Key Vaults:

./setup-certifyclouds-access.sh --principal-id $PRINCIPAL_ID --apply

Azure Permissions

3. Run Your First Scan¶

Add your Azure subscriptions in Settings > Subscriptions
Click Scan Now in the Assets tab
Review discovered secrets, keys, and certificates
Check your compliance score

Quick Start Guide

Support¶

Documentation: You're reading it!
Email: support@certifyclouds.com
FAQ: Frequently Asked Questions