Plugins overview
This page provides a high-level overview of how custom plugins work and the types of plugins Trust Lifecycle Manager supports.
Prerequisites
Permissions and feature availability
To add and manage plugins in Trust Lifecycle Manager, you need the Plugin Developer user role or a custom role that includes the Manage plugin development permission. If you do not see this user role, or if you have this user role but do not see the Integrations > Plugins menu in Trust Lifecycle Manager, the plugins feature is not available for your account.
Notice
For help verifying or enabling this feature, contact your DigiCert account representative.
DigiCert sensor
All plugins require at least one DigiCert sensor installed on your network. The sensor acts as the execution environment for the plugin and enables secure communications between Trust Lifecycle Manager and the target systems.
If you don't already have a sensor, you can still build and upload the plugin. However, you must have an active sensor in place before you can create an instance (connector) of the plugin in Trust Lifecycle Manager. To learn more, see Deploy and manage sensors.
Plugins architecture
Custom plugins are managed by DigiCert sensors in the same way as other network-based connectors. After building your custom plugin, you upload it to Trust Lifecycle Manager to verify and make it available for deployment. You can then configure specific instances of the plugin from the Integrations > Connectors > Add connector page.
For each instance (connector) of the plugin, you configure:
A specific DigiCert sensor in your account to manage that plugin instance. The managing sensor must be installed on a dedicated host on your network with access to the target system.
The network and authentication parameters the managing sensor should use to connect to the target system for that plugin instance.
Any other configuration parameters you have defined as part of the discovery and automation logic for your custom plugin.
After configuring a plugin instance, you can use the standard inventory functions in Trust Lifecycle Manager to view and manage the certificates and associated data on the target system. Available management functions depend on the plugin type.
Types of plugins
Currently, Trust Lifecycle Manager supports the following types of custom plugins. DigiCert provides different GitHub repositories to help build each plugin type. When you upload the plugin, you select the plugin type. You can then configure instances of the plugin from the respective sections of the Integrations > Connectors > Add connector page.
Automation
Automation plugins are used to manage certificates on network appliances and cloud services. This plugin type enables the following management functions:
Discover existing certificates and their associated endpoint data on the target systems.
Use the managed automation solution in Trust Lifecycle Manager to automate certificate lifecycle management for the target systems, including:
Enroll and install new certificates on unsecured endpoints.
Reissue, renew, or switch CA for installed certificates.
Configure auto-renewal to issue and install new certificates when nearing expiration.
Notice
Automation plugins are comparable to the Appliances and Cloud services categories for pre-built connectors.
Discovery
Discovery plugins are used to import discovery data from external scan providers. This plugin type enables the following management functions:
Import certificates, endpoints, and security data from custom discovery sources to your Trust Lifecycle Manager inventory.
Once imported, use the standard monitoring tools to track the imported certificates, including custom reports and lifecycle notifications.
Imported certificates are also candidates for automated lifecycle management using the managed automation solution. This requires additional configuration.
Notice
Discovery plugins are comparable to the Scan solutions category for pre-built connectors.