Platform · Cloud Discovery

One certificate inventory across every cloud.

By Updated

Connect AWS, Azure, Google Cloud, Kubernetes, and private infrastructure into a single inventory — so multi-cloud sprawl becomes one searchable, risk-scored, automatable source of truth.

Scan your domain Book a demo
Read-only connectorsAWS · Azure · GCPSyncs continuously
cloud connectors · acme-corp3 clouds synced
*.acme.comAWS ACMsynced
api.azure.acmeKey Vault30d
gcp-lb.acmeGCP CMsynced
vault.aws.acmeSecrets Mgr7d
The problem

Every cloud is its
own certificate island.

Cloud providers manage certificates well — within their own walls. Across clouds, you’re left stitching consoles together by hand.

Cloud silos

Each provider manages certs in its own console with no shared view.

Multi-cloud sprawl

Certs spread across accounts, regions, and services you can’t track.

Scattered key stores

ACM, Key Vault, and Secrets Manager each hold a different slice.

No cross-cloud view

Single-cloud tools can’t answer “where are all my certs?”

How it works

Connect once,
see everything.

1
Connect

Add read-only connectors to AWS, Azure, and GCP.

2
Sync

Certificates and metadata sync on a schedule.

3
Unify

All clouds collapse into one inventory.

4
Automate

Monitor and renew across every cloud.

Architecture

Every cloud into
one inventory.

Clouds
AWSACM · IAM
AzureKey Vault
Google CloudCert Manager
Cloud connectorsread-only · sync 6h
Output
Unified inventoryall clouds
Monitoringcross-cloud
Automationrenew anywhere
Outcomes

Multi-cloud, finally
under one roof.

Cross-cloud visibility

One view across AWS, Azure, and GCP.

Read-only & safe

Connectors never modify your cloud config.

Always current

Continuous sync keeps the inventory fresh.

Single inventory

Cloud certs alongside public and internal.

Automate anywhere

Renew and deploy across every provider.

Least privilege

Scoped, auditable read-only access.

Coverage

Eight supported environments.
One inventory.

AWS ACMmanaged certificates
AWS Private CAinternal issuance
Azure Key Vaultcert + secret store
Azure App Gatewayedge TLS
Google CASprivate CA service
Google Load Balancersmanaged certs
Kubernetescluster TLS · ingress
cert-managercluster automation
FAQ

Cloud discovery,
answered.

Cloud discovery uses read-only connectors to pull certificates and their metadata from cloud providers — AWS, Azure, and Google Cloud — into a single inventory, unifying certificates that otherwise live in separate provider consoles.
AWS (ACM, IAM, Secrets Manager), Azure (Key Vault), and Google Cloud (Certificate Manager), with more services covered over time.
Yes. Cloud connectors use read-only, least-privilege access. They inventory certificates and metadata without modifying your cloud configuration.
Connectors sync on a regular schedule (typically every few hours), so new and rotated certificates across your clouds appear in the inventory automatically.
Connectors use scoped, auditable credentials with least-privilege permissions, following each provider’s recommended cross-account access patterns.
Yes. MachineCert discovers certificates across multiple cloud accounts, subscriptions, projects, and regions, consolidating them into one inventory.
Yes. Once discovered, cloud certificates can be brought into automated renewal and deployed back to services like ACM, Key Vault, and load balancers.
A cloud-native certificate manager only handles certs within that provider. MachineCert unifies all clouds — plus public and internal certificates — in one inventory and automation plane.
Explore the platform

Related capabilities

Certificate discoveryThe full discovery picture.Public discoveryCT logs and DNS.Internal discoveryAgent-based private discovery.Multi-cloud certificatesOne inventory across clouds.InventoryOne source of truth.Renewal automationRenew across every cloud.
Get started

Unify your multi-cloud certificates.

Scan your domain, then connect your clouds to bring every certificate into one inventory.

Book a demo