Roadmap

In progress

We are currently building these features and expect to launch them in the coming weeks.

1. Host Agent

   The agent simplifies the distribution of certificates to your infrastructure. The agent runs as a service on each of your hosts, allowing you to configure the services and certificates to distribute to each host.

   [+1] I want this [-1] I don't need this

High priority

These are features often requested by customers, or critical to the next step in our vision.

1. Single Sign On

   SAML-compliant SSO implementation

   [+1] I want this [-1] I don't need this

2. User management and roles

   Add/invite/remote users from your account. Give them permissions for applications and support manager and viewer roles.

   [+1] I want this [-1] I don't need this

3. Advanced Alerting

   Configure customized alerting types, rules, and destinations

   [+1] I want this [-1] I don't need this

4. Certificate Tags

   Create and manage tags for certificates to organize by owner, department, or use case. UI search and filtering by tag.

   [+1] I want this [-1] I don't need this

5. DNS-PERSIST-01 Validation

   Switch certificate validation over to DNS-PERSIST-01 once implemented by Let's Encrypt.

   [+1] I want this [-1] I don't need this

6. ARI Certificate Renewal

   Honor the ARI certificate renewal timing from Let's Encrypt.

   [+1] I want this [-1] I don't need this

Backlog

Features that we think are neat, or have been requested, but we're not sure where they fit into the plan yet.

1. Local Gateway (local private keys)

   A proxy and private key storage service that runs locally in the customer's environment.

   [+1] I want this [-1] I don't need this

2. Private CA

   Issue private certificates directly from CertKit. Trust your account's root Certificate and generate unlimited certificates signed by CertKit.

   [+1] I want this [-1] I don't need this

3. Other Issuers

   Support for other ACME issuers like Digicert, ZeroSSL, etc.

   [+1] I want this [-1] I don't need this

4. Self-serve rotate API keys

   Rotate and re-issue API keys from the UI.

   [+1] I want this [-1] I don't need this

5. Certificate Transparency Log API

   API access to the Certificate Transparency Log to do advanced searches and firehose data.

   [+1] I want this [-1] I don't need this

6. Certificate Push

   Agent, gateway, or other mechanism to "push" certificates into appliances or systems that are unable to run the agent themselves. This might look like a scripted API call or allowing the agent to upload certificates via SSH or file share.

   [+1] I want this [-1] I don't need this

7. F5 Load Balancers

   Integration with F5 Load Balancers to push updated certificates into them.

   [+1] I want this [-1] I don't need this

Completed

All the things that CertKit already does today!

1. Multiple applications

   Released 2026-01 • Blog Announcement

   Create multiple groups of certificates within an account. Each group should have its own access credentials.

2. Multi-domain certificates

   Released 2025-12 • Blog Announcement

   Create multi-domain (multi-san) certificates. Allow the control of the certificate Common Name (CN).

3. Certificate Transparency Log Search

   Released 2025-11 • Blog Announcement

   Be able to search for all the certificates in a domain from the Certificate Transparency Log, and import them to be monitored or managed by CertKit.