Interview › Security & DevSecOps
What is certificate management, and how do tools like cert-manager help? [Advanced]
Answer
Certificate management covers issuing, renewing, rotating, revoking, and monitoring certificates. Tools like cert-manager automate certificate requests and renewal in Kubernetes by integrating with issuers such as Let's Encrypt, internal CAs, Vault, or cloud certificate services.
Technical explanation
Manual certificate management often causes outages from expired certificates.
cert-manager uses Kubernetes custom resources such as Certificate and Issuer/ClusterIssuer to manage lifecycle.
Good certificate management includes expiry alerts, short-lived certificates where feasible, and clear ownership of internal CAs.
Hands-on example
Hands-on: install cert-manager, create a ClusterIssuer for ACME or Vault PKI, create a Certificate resource for api.example.com, mount the resulting TLS secret into an Ingress, and monitor cert-manager events plus certificate expiration metrics.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Security & DevSecOps interview questions
- What is DevSecOps, and how does it differ from traditional security gating at the end? [Basic]
- What does shift-left security mean, and why does it matter? [Basic]
- What is the difference between SAST, DAST, IAST, and SCA? [Basic]
- When in the pipeline does each of SAST, DAST, and SCA run? [Basic]
- What is the difference between SAST and DAST, and what does each catch and miss? [Basic]
- What is software composition analysis (SCA), and why does it matter for dependencies? [Basic]
- What is SonarQube, and what does it analyse? [Basic]
- Is SonarQube primarily SAST, code quality, or both? [Basic]