Adding custom Venafi annotations

You can add custom Venafi annotations for the ClusterIssuer resource.

Venafi TPP (Trust Protection Platform) requires a custom-field to be included in all certificate issuance API requests.
This custom-field can be mandatory or not mandatory depending on how the custom-field is configured on Venafi TPP.

As an example, to add a custom Venafi field annotation NBKID with the value ADFS:1234554321 to the ClusterIssuer named tpp-issuer, use the following commands:


kubectl patch clusterissuer tpp-issuer --type='merge' -p
                '{"metadata":{"annotations":{"venafi.cert-manager.io/custom-fields":"[{\"name\":\"NBKID\",\"value\":\"ADFS:1234554321\"}]"}}}'
kubectl patch clusterissuer tpp-issuer-short --type='merge' -p
                '{"metadata":{"annotations":{"venafi.cert-manager.io/custom-fields":"[{\"name\":\"NBKID\",\"value\":\"ADFS:1234554321\"}]"}}}'

The custom Venafi field annotation is successfully added to the selected ClusterIssuer.