Cert Manager Threat Model
Posted on 26 March 2026
One of the nice perks about working at Control Plane is their large involvement in the Opensource community. In this particular project I worked with Sam and Andrea to create a threat model for the cert-manager project.
We analysed different components of cert-manager such as the controller, cainjector, acmesolver, webhook, trust-manager, and approver-policy. Including reviewing RBAC considerations, Secret management, certificate storage, Network isolation, and multi-tenant security considerations.
To best analyse cert-manger, we tried to design an architecture which illustrates a range of common enterprise integration patterns, alongside several default installation parameters, intentional misconfigurations, and design flaws.
In total, 18 different threats were identified and documented along with mitigation recommendations.