CertifyClouds Documentation¶

Azure Key Vault security platform for discovering, protecting, and automating your cloud secrets, keys, and certificates.

Quick Links¶

Quick Start

Get your first scan running in 15 minutes
Features

Explore what CertifyClouds can do
API Reference

REST API documentation
Support

FAQ and troubleshooting guides

What is CertifyClouds?¶

CertifyClouds is a security platform that helps organizations:

Discover all secrets, keys, and certificates across Azure Key Vaults
Monitor expiration dates and compliance posture
Alert teams before credentials expire
Rotate App Registration secrets automatically (PRO)
Sync secrets to AWS and GCP (PRO)

Architecture¶

┌─────────────────────────────────────────────────────────────────┐
│                     Your Azure Environment                       │
├─────────────────────────────────────────────────────────────────┤
│                                                                  │
│  ┌──────────────┐    ┌──────────────┐    ┌──────────────┐       │
│  │  Key Vault   │    │  Key Vault   │    │  Key Vault   │       │
│  │  (Prod)      │    │  (Dev)       │    │  (Staging)   │       │
│  └──────────────┘    └──────────────┘    └──────────────┘       │
│         │                   │                   │                │
│         └───────────────────┼───────────────────┘                │
│                             │                                    │
│                    ┌────────▼────────┐                          │
│                    │  CertifyClouds  │                          │
│                    │  ┌────────────┐ │                          │
│                    │  │ Discovery  │ │                          │
│                    │  │ Compliance │ │                          │
│                    │  │ Alerts     │ │                          │
│                    │  │ Rotation*  │ │                          │
│                    │  │ Sync*      │ │                          │
│                    │  └────────────┘ │                          │
│                    └─────────────────┘                          │
│                                                                  │
└─────────────────────────────────────────────────────────────────┘
                              * PRO tier only

License Tiers¶

Feature	STARTER	PRO
Asset Discovery
Compliance Scoring
Alerts & Notifications
Audit Logging
Max Subscriptions	4	Unlimited
Users	1	Unlimited
Secret Rotation
Multi-Cloud Sync
Dependency Mapping
SSO / OIDC
B2C Tenant Registry

Compare License Tiers

Getting Started¶

1. Deploy CertifyClouds¶

Deploy to Azure Container Apps or Azure Container Instances:

./deploy-certifyclouds-cae.sh \
  --name prd \
  --location uksouth \
  --acr-name YOUR_ACR \
  --container-apps-subnet /subscriptions/.../subnets/snet-cae \
  --postgres-subnet /subscriptions/.../subnets/snet-psql

Installation Guide

2. Configure Azure Permissions¶

Grant CertifyClouds read access to your Key Vaults:

./setup-certifyclouds-access.sh --principal-id $PRINCIPAL_ID --apply

Azure Permissions

3. Run Your First Scan¶

Add your Azure subscriptions in Settings > Subscriptions
Click Scan Now in the Assets tab
Review discovered secrets, keys, and certificates
Check your compliance score

Quick Start Guide

Support¶

Documentation: You're reading it!
Email: support@certifyclouds.com
FAQ: Frequently Asked Questions

Built with :material-heart: for Azure security teams