DefaultKeyUsages contains the default list of key usages.

AllowsInjectionFromSecretAnnotation is an annotation that must be added to Secret resource that want to denote that they can be directly injected into injectables that have a `inject-ca-from-secret` annotation.

Annotation key for DNS subjectAltNames.

A condition added to Certificate resources when an issuance is required.

CertificateConditionReady indicates that a certificate is ready for use.

Common/known resource kinds.

Annotation key for the name of the certificate that a resource is related to.

CertificateOutputFormatCombinedPEM writes the Certificate's signed certificate chain and private key, in PEM format, to the `tls-combined.pem` target Secret Data key.

CertificateOutputFormatCombinedPEMKey is the name of the data entry in the Secret resource used to store the combined PEM (key + signed certificate).

CertificateOutputFormatDER writes the Certificate's private key in DER binary format to the `key.der` target Secret Data key.

CertificateOutputFormatDERKey is the name of the data entry in the Secret resource used to store the DER formatted private key.

Common/known resource kinds.

Annotation added to CertificateRequest resources to denote the name of a Secret resource containing the private key used to sign the CSR stored on the resource.

Annotation to declare the CertificateRequest "revision", belonging to a Certificate Resource.

Common/known resource kinds.

Annotation key for certificate common name.

Duration key for certificate duration.

ECDSA private key algorithm.

Ed25519 private key algorithm.

Annotation key for emails subjectAltNames.

IngressACMEIssuerHTTP01IngressClassAnnotationKey holds the acmeIssuerHTTP01IngressClassAnnotation value which can be used to override the http01 ingressClass if the challenge type is set to http01.

IngressClassAnnotationKey picks a specific "class" for the Ingress.

IngressClusterIssuerNameAnnotationKey holds the clusterIssuerNameAnnotation value which can be used to override the issuer specified on the created Certificate resource.

IngressIssuerNameAnnotationKey holds the issuerNameAnnotation value which can be used to override the issuer specified on the created Certificate resource.

Annotation key for IP subjectAltNames.

Annotation key used to denote whether a Secret is named on a Certificate as a 'next private key' Secret resource.

IssuerConditionReady represents the fact that a given Issuer condition is in ready state and able to issue certificates.

Annotation key for the 'group' of the Issuer resource.

Common/known resource kinds.

Annotation key for the 'kind' of the Issuer resource.

Annotation key the 'name' of the Issuer resource.

IssueTemporaryCertificateAnnotation is an annotation that can be added to Certificate resources.

JKSSecretKey is the name of the data entry in the Secret resource used to store the jks file.

Data Entry Name in the Secret resource for JKS containing Certificate Authority.

Common label keys added to resources Label key that indicates that a resource is of interest to cert-manager controller By default this is set on certificate.spec.secretName secret as well as on the temporary private key Secret.

PKCS1 private key encoding.

PKCS12SecretKey is the name of the data entry in the Secret resource used to store the p12 file.

Data Entry Name in the Secret resource for PKCS12 containing Certificate Authority.

PKCS8 private key encoding.

Annotation key used to set the PrivateKeyAlgorithm for a Certificate.

Annotation key used to set the PrivateKeyEncoding for a Certificate.

Annotation key used to set the PrivateKeyRotationPolicy for a Certificate.

Annotation key used to set the size of the private key for a Certificate.

Annotation key for certificate renewBefore.

Annotation key used to limit the number of CertificateRequests to be kept for a Certificate.

RSA private key algorithm.

Annotation key for subject organizational units.

Annotation key for subject localities.

Annotation key for subject organizational units.

Annotation key for subject organization.

Annotation key for subject postal codes.

Annotation key for subject provinces.

Annotation key for subject serial number.

Annotation key for subject provinces.

Annotation key for URI subjectAltNames.

Annotation key for certificate key usages.

VenafiCustomFieldsAnnotationKey is the annotation that passes on JSON encoded custom fields to the Venafi issuer This will only work with Venafi TPP v19.3 and higher The value is an array with objects containing the name and value keys for example: `[{"name": "custom-field", "value": "custom-value"}]`.

VenafiPickupIDAnnotationKey is the annotation key used to record the Venafi Pickup ID of a certificate signing request that has been submitted to the Venafi API for collection later.

WantInjectAnnotation is the annotation that specifies that a particular object wants injection of CAs.

WantInjectAPIServerCAAnnotation will - if set to "true" - make the cainjector inject the CA certificate for the Kubernetes apiserver into the resource.

WantInjectFromSecretAnnotation is the annotation that specifies that a particular object wants injection of CAs.

AddToScheme adds the types in this group-version to the given scheme.

GroupVersion is group version used to register these objects.

RotationPolicyAlways means a private key matching the specified requirements will be generated whenever a re-issuance occurs.

RotationPolicyNever means a private key will only be generated if one does not already exist in the target `spec.secretName`.

SchemeBuilder is used to add go types to the GroupVersionKind scheme.

A Certificate resource should be created to ensure an up to date and signed x509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`.

CertificateAdditionalOutputFormat defines an additional output format of a Certificate resource.

CertificateCondition contains condition information for an Certificate.

CertificateKeystores configures additional keystore output formats to be created in the Certificate's output Secret.

CertificateList is a list of Certificates.

CertificatePrivateKey contains configuration options for private keys used by the Certificate controller.

CertificateSecretTemplate defines the default labels and annotations to be copied to the Kubernetes Secret resource named in `CertificateSpec.secretName`.

CertificateSpec defines the desired state of Certificate.

CertificateStatus defines the observed state of Certificate.

An Issuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields.

IssuerCondition contains condition information for an Issuer.

The configuration for the issuer.

IssuerList is a list of Issuers.

IssuerSpec is the specification of an Issuer.

IssuerStatus contains status information about an Issuer.

JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource.

PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource.

Configures an issuer to 'self sign' certificates using the private key used to create the CertificateRequest object.

ServiceAccountRef is a service account used by cert-manager to request a token.

VaultAppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.

VaultAuth is configuration used to authenticate with a Vault server.

Configures an issuer to sign certificates using a HashiCorp Vault PKI backend.

Authenticate against Vault using a Kubernetes ServiceAccount token stored in a Secret.

VenafiCloud defines connection configuration details for Venafi Cloud.

Configures an issuer to sign certificates using a Venafi TPP or Cloud policy zone.

VenafiTPP defines connection configuration details for a Venafi TPP instance.

X509Subject Full X509 name specification.

CertificateConditionType represents an Certificate condition value.

CertificateOutputFormatType specifies which additional output formats should be written to the Certificate's target Secret.

IssuerConditionType represents an Issuer condition value.

KeyUsage specifies valid usage contexts for keys.

+kubebuilder:validation:Enum=RSA;ECDSA;Ed25519.

+kubebuilder:validation:Enum=PKCS1;PKCS8.

Denotes how private keys should be generated or sourced when a Certificate is being issued.