Skip to content

docs: add certforge-issuer to external issuers listUpdate issuers.md#2118

Open
CertForge100 wants to merge 2 commits into
cert-manager:masterfrom
CertForge100:patch-1
Open

docs: add certforge-issuer to external issuers listUpdate issuers.md#2118
CertForge100 wants to merge 2 commits into
cert-manager:masterfrom
CertForge100:patch-1

Conversation

@CertForge100

Copy link
Copy Markdown

Adds certforge-issuer to the list of known external cert-manager issuers.

What is certforge-issuer?

certforge-issuer bridges cert-manager to CertForge's policy engine. It adds governance controls cert-manager doesn't provide natively:

  • Domain Trust Profiles — define which CAs, SANs, and wildcard patterns are valid per domain
  • Approval workflows — route certificate requests to a human approver before issuance
  • Policy enforcement — requests that don't match a Trust Profile are denied before reaching a CA
  • Audit trail — every request, approval, and renewal is logged with actor, timestamp, and outcome

Existing cert-manager Certificate resources require no changes — certforge-issuer is added as the issuerRef and governance is in place immediately.

Links

Tier: 🥈 — released within 12 months, open source

Propose changes

Signed-off-by: CertForge100 <admin@certforge.xyz>
@cert-manager-prow cert-manager-prow Bot added the dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. label May 29, 2026
@cert-manager-prow

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign erikgb for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@cert-manager-prow cert-manager-prow Bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label May 29, 2026
@netlify

netlify Bot commented May 29, 2026

Copy link
Copy Markdown

Deploy Preview for cert-manager ready!

Built without sensitive environment variables

Name Link
🔨 Latest commit 64ef9ca
🔍 Latest deploy log https://app.netlify.com/projects/cert-manager/deploys/6a31328bd3ef8b0008c2dac3
😎 Deploy Preview https://deploy-preview-2118--cert-manager.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds certforge-issuer to the cert-manager external issuers documentation list, including the required reference links for docs, CA/provider site, and release page.

Changes:

  • Added a new 🥈 tier table entry for certforge-issuer.
  • Added reference link definitions for config:certforge-issuer, ca:certforge-issuer, and release:certforge-issuer.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@wallrj-cyberark wallrj-cyberark left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for submitting this. A few items need addressing before this can move forward.

CI failure

The spelling check fails — certforge needs to be added to .spelling. (See #2130 for a recent example where solidserver was added.)

Formatting

The PR removes blank lines between the reference link sections (between [config:...] and [//]: # (CA docs), and between [ca:...] and [//]: # (Release pages)). These section separators should be preserved — compare with the existing file structure.

PR title

The title appears to have a concatenation error: ...external issuers listUpdate issuers.md — "listUpdate" should be two separate words or just "list".

Project maturity

The certforge-issuer repository was created on 20 May 2026 (less than a month ago) with 0 stars, 0 forks, 15 commits, and no open-source licence. The first release (v0.1.0) was cut on 22 May and this PR was opened on 29 May — the same day as the v0.1.1 release.

While the 🥈 tier criteria only require "a release in the last 12 months" (which is technically met), the project has no licence file, which means the code is legally all-rights-reserved. That is a concern for listing it as a cert-manager integration — users cannot legally use or modify the code without an explicit licence grant.

Non-functional product links

The PR adds a [ca:certforge-issuer] link pointing to certgovernance.app. I checked the linked product infrastructure:

  • Docs (docs.certforge.xyz) — returns HTTP 403 Forbidden
  • Signup (app.certforge.xyz/signup) — connection refused (nothing listening)
  • Self-hosted repo (github.com/certforge/self-hosted, linked from the landing page) — returns 404, repository does not exist

The issuer is a proxy to this SaaS product, which does not appear to be operational. Listing it on the cert-manager website would direct users to a product they cannot actually use.

Could you:

  1. Add an open-source licence to the certforge-issuer repository
  2. Ensure the product links are functional before requesting a listing
  3. Fix the CI failure (.spelling)
  4. Restore the blank line separators between reference link sections
  5. Fix the PR title

@maelvls

maelvls commented Jun 16, 2026

Copy link
Copy Markdown
Member

Hey. Nothing to do with your PR, but I've noticed some dead links on https://certgovernance.app/:

Update: links have been updated, they all work now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants