Skip to main content

Concept

Certificate cleanup is a project-level setting that automatically removes expired certificates on a daily schedule. Over time, expired certificates accumulate and add clutter to your certificate inventory. Enabling cleanup keeps your project organized by periodically deleting certificates that have been expired for a configurable number of days.

Configuring Certificate Cleanup

To configure certificate cleanup, head to your Certificate Management Project > Settings > Certificate Cleanup. certificate cleanup settings

Fields

  • Enable toggle: Turns automatic cleanup on or off for the project. When disabled, no certificates are removed.
  • Delete certificates N days after expiration: The number of days a certificate must be expired before it becomes eligible for deletion. For example, setting this to 3 means certificates are removed 3 days after their notAfter date. Accepts values between 1 and 30.

Options

  • Skip Certificates with Active Syncs: When enabled, certificates that are synced to external services (e.g. AWS Certificate Manager, Azure Key Vault) are not removed. This prevents breaking active integrations that depend on the certificate.

Last Execution

After the cleanup job runs, the settings page displays:
  • Status: Whether the last run succeeded or encountered errors.
  • Last Run: The date and time of the last execution.
  • Certificates Removed: The number of certificates deleted in the last run.

Permissions

Only project Admins can view and configure certificate cleanup settings.