Google Cloud Certificate Authority Service

Easily manage certificates across your cloud-native applications and workloads with Keyfactor and Google Cloud Certificate Authority Service.

Watch integration demo
Keyfactor and Google CA Service

Private CA (Cloud)


AnyCA Gateway


Certificate Lifecycle Automation
IoT Identity Platform

Today enterprises deploy multiple public and private CAs to match the demands of different use cases, trust requirements, and hybrid cloud environments across the business. With this transition comes the need to manage thousands of machine identities and certificates at hyper-scale across any CA, on-premise or in the cloud.

Keyfactor integrates with Google Cloud Certificate Authority Service (CAS) to provide end-to-end discovery and lifecycle automation. PKI administrators retain full visibility and governance over certificates issued from Google Cloud CAS, while application and infrastructure teams benefit from self-service workflow and automation via plugins to cloud-native and DevOps tools.


Scalable Certificate Automation for Google Cloud

Icon Icon

Deploy Faster

Use Google Cloud Platform’s built-in private CA service to issue certificates for cloud-native workloads and applications.

Icon Icon

Enforce Trust

Renewal, revocation and monitoring operations can all be performed from within the Keyfactor platform.

Icon Icon

Simplify PKI

Synchronize certificate inventory across private CAs in Google Cloud Platform, as well as all other public and private CAs.

Icon Icon

Enable Automation

Enable auto-enrollment via ACME or SCEP and automate the provisioning and installation to endpoints and network devices.

Icon Icon

Support DevOps

Integrate with your DevOps toolset to monitor and automate certificates for applications, ingress controllers, and mTLS.

Icon Icon

Stay Agile

Adapt quickly with bulk revocation and renewal, and seamless migration of certificates from one CA to another without disruption.


Real-time certificate discovery and reporting

Gain full visibility into the issuance and use of certificates in your Google Cloud Platform deployment with:

  • Direct integration to Google CA Service for real-time synchronization
  • Network-based discovery for SSL/TLS certificates on-prem and the cloud
  • Authenticated discovery of certificate and key stores
Google Cloud Certificate Authority Inventory
Gpogle Cloud Certificate Authority Governance

Centralized governance and control over all certificates

The Keyfactor AnyCA Gateway acts as a Registration Authority (RA), making it easy for PKI teams to ensure that every private certificate issued via Google Certificate Authority Service is trusted and compliant with enterprise policy.

  • Centralized dashboard to monitor CA status, certificate issuance, and expiration
  • Automated compliance reports and scheduled expiry notifications
  • One-click revocation and renewal

One platform for all certificates on-prem and in the cloud

The Keyfactor console makes it easy for end-users to request, renew, and automatically provision their certificates all from one place. No ad hoc processes or switching between CA interfaces.

  • Self-service certificate enrollment and provisioning via UI or API
  • Auto-enrollment of certificates to endpoints and network devices via SCEP or ACME
  • Ingress and mTLS certificate automation via Istio and Kubernetes plugins
Google Cloud Certificate Authority Service Automation Multi-CA

Find out how the Keyfactor platform can modernize your PKI, prevent
certificate outages, accelerate DevOps security, and more.