Venafi, the inventor and leader of machine identity management, has announced that the open-source cert-manager project has graduated to the Cloud Native Computing Foundation (CNCF) incubation program. 

The incubation program will help cert-manager widen its community of contributors, expand to new use cases, improve extensibility and advance developer and user experience.

Cert-manager was initially created by Jetstack, a Venafi company, and has become the industry standard for TLS machine identity management in Kubernetes and OpenShift environments. Machine identity management is the foundation of security in cloud-native environments.

With over 1.5 million downloads daily and 9.4K stars on Git Hub, cert-manager protects cloud-native workloads with TLS encryption and provides critical security for clusters.

“Cert-manager’s influence on the developer community is clear,” says Chris Aniszcyzk, Chief Technological Officer at CNCF. 

“Joining the incubator validates its strategic value, which will help to drive cert-manager’s growth. Through the project, we’ll be looking to offer solutions to complex cloud native security problems that don’t stall innovation. We’re excited to see how developers use cert-manager as it evolves.”

Cert-manager automates the issuance and renewal of X.509 certificates to authenticate and secure Kubernetes workload communications. 
This includes securing public-facing workloads with ingress and between microservices that can span clusters and cloud environments. Jetstack donated it to the CNCF Sandbox in November 2020. 

Since then, the project has benefited from CNCF's rigorous maturity program. During the last two years, cert-manager has proven its value and strategic importance to the cloud-native landscape through extensive community and end-user engagement. Venafi is a leading contributor to the project and works closely alongside various contributors across the ecosystem.

Some key stats on the project include widespread adoption, with 1.5 million daily downloads across industries including financial services, technology, retail, healthcare and manufacturing.

There is the default installation on 86% of new production clusters. 

It has a 99% approval rating from users across the infrastructure.

There is integration with multiple certificate authorities (CAs), and alignment with numerous open-source projects, including Cilium, Knative, SPIRE, Istio and Linkerd.

It also has contributions from commercial PKI solutions, such as AWS (PCA) and Google (CAS).

 “Cert-manager was developed  by a small team of passionate engineers, so we’re really proud it’s had such an impact,” says Matt Barker, President of Cloud Native Services for Venafi. 

“For us, the chance to work alongside projects that we love and respect, such as Kubernetes and Istio, means the incubator feels like the perfect home. CNCF will be vital to cloud native business strategy moving forward, and we’re honoured to have a hand in this change.”

As a CNCF-hosted project, the cert-manager is part of a neutral foundation aligned with its technical interests and the larger Linux Foundation, which provides governance, marketing support, and community outreach.