Skip to content

Getting Started¶

Welcome to CertifyClouds! This section will help you get up and running with Azure secret lifecycle automation.

Prerequisites¶

Before you begin, ensure you have:

[x] Azure subscription with Owner or Contributor role
[x] Azure CLI installed and logged in (az login)
[x] A CertifyClouds license key
[x] Azure Container Registry (ACR) with the CertifyClouds image
[x] Network access configured (subnets for app + database)

Setup Path¶

Quick Start

Get your first scan in 15 minutes
Installation

Full deployment guide for Azure
Azure Permissions

Required IAM roles and setup
Environment Setup

Configuration and environment variables
Licensing

STARTER vs PRO feature comparison
CI/CD Integration

Integrate cc-scan into GitHub Actions, Azure DevOps, or GitLab CI

Quick Overview¶

Step 1: Deploy¶

Deploy CertifyClouds to Azure Container Apps or Container Instances. The deployment creates:

Application container with managed identity
PostgreSQL Flexible Server for data storage
VNet integration for secure network access

Step 2: Configure¶

Grant the managed identity read access to your Key Vaults using the provided setup script:

./setup-certifyclouds-access.sh --principal-id $PRINCIPAL_ID --apply

Step 3: Scan¶

Add your Azure subscriptions and run a discovery scan. CertifyClouds will find all secrets, keys, and certificates across your Key Vaults.

Step 4: Monitor¶

Review your compliance score, configure alerts for expiring credentials, and set up rotation policies (PRO tier).

Next Steps¶

Quick Start Guide - Fastest path to first scan
Installation Guide - Detailed deployment instructions
Azure Permissions - Understanding required permissions