# CI/CD Pipeline Integration Continuous Integration and Continuous Deployment (CI/CD) pipelines frequently deploy new applications, services, and environments. Certificates must be provisioned, validated, and rotated automatically as part of these workflows. CERTInext enables seamless integration with CI/CD pipelines to automate certificate lifecycle operations during build, release, and deployment stages. By integrating CERTInext APIs into CI/CD tools, organizations can embed certificate management directly into DevOps workflows without manual intervention. #### Purpose CI/CD integration allows organizations to: * Automatically request certificates during deployment * Submit CSRs programmatically * Retrieve issued certificates during pipeline execution * Trigger renewals as part of release workflows * Enforce product-level policies consistently * Maintain centralized lifecycle visibility This ensures that certificate management becomes part of application delivery rather than a separate operational task. #### Integration Methods CERTInext supports CI/CD automation using: **REST APIs**\ Used for ordering, renewing, revoking, and downloading certificates. **ACME Protocol**\ Used for fully automated issuance and renewal of TLS certificates. API credentials are created under:\ **Integrations → APIs → + New API Credentials** #### Typical CI/CD Workflow 1. Pipeline initiates certificate request using REST or ACME. 2. CSR is generated within the pipeline or application environment. 3. CERTInext submits the request to the configured CA. 4. Domain Control Validation (if required) is completed. 5. Certificate is retrieved programmatically. 6. Pipeline deploys the certificate to target infrastructure. 7. Renewal workflows are automated prior to expiry. All lifecycle events are logged within CERTInext. #### Common Use Cases **Application Deployment Automation**\ Automatically generate certificates during new environment provisioning. **Microservices & Containers**\ Issue certificates dynamically when services scale or redeploy. **Infrastructure-as-Code**\ Embed certificate automation into Terraform, ARM, or other infrastructure templates. **Blue-Green or Canary Releases**\ Provision certificates aligned with staged deployments. #### Supported CI/CD Platforms CERTInext can integrate with: * Jenkins * GitLab CI * Azure DevOps * GitHub Actions * Bamboo * Custom automation scripts Integration is protocol-based and not limited to specific tools. #### Security Best Practices * Store API credentials in secure vaults (not in pipeline code) * Use least-privilege service accounts * Restrict credentials to specific Products * Rotate API credentials periodically * Monitor API usage through audit logs #### Monitoring and Governance Certificates issued via CI/CD: * Appear in centralized certificate inventory * Are monitored for expiry and policy compliance * Trigger alerts if renewal fails * Follow configured approval workflows (if enabled) This ensures DevOps speed does not compromise governance. #### Operational Notes * ACME is recommended for fully automated TLS workflows. * REST APIs provide broader lifecycle control. * Failed automation steps should be reviewed in audit logs. * Renewal windows should align with release schedules. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.certinext.io/documentation/automation-and-devops/ci-cd-pipeline-integration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.