Hello Teams,

A critical audit of certificate information for OpenShift operators is required due to a recent GitLab incident. While platform-side audits are complete, we need each operator team's cooperation to collect necessary data.

• This is a action to ensure compliance and security across the OpenShift operator portfolio.
• The goal is to complete the audit by the end of 2025.

Required Certificate Details
Each operator team must audit and capture the following details for their certificates :

• System/User Managed: Whether the certificate is system or user managed (or both).
• Purpose: The function of the certificate.
• Duration: The total validity period.
• Rotation Automation: Whether automatic rotation is provided.
• Validity Timing: How long the certificate is valid for (e.g., 30 days, one year).

Action Item: Run Script and Submit Data
To simplify this process, Ramon Acedo Rodriguez has created a script to automate data collection.

1. Run the Script:

• Log into an installed cluster as kube-admin.
• Run the script created by Ramon: https://github.com/racedo/openshift-certificate-analyzer/tree/main/Bash%20Script 

2. Submit the Data:

• The script will generate a CSV file containing all the necessary certificate information.
• You must then extract the line entries/rows for your specific operator(s) and insert them directly into the "layered operator inputs" spreadsheet. 

Failure to provide this data will result in non-compliance for your operator.  

Eugenia Gibson
Technical Program Manager (TPM),  Hybrid Platforms - Red Hat Operators
She/her/hers | Mobile +1 703 474 2513
Red Hat