| cert-manager Enterprise Issuer | cert-manager-enterprise-issuer | Allows cert-manager to request certificates from Control Plane using Workload Identity Federation. | cert-manager Enterprise Issuer |
| Certificate Issuance | certificate-issuance | Enables issuing of new certificates using CyberArk APIs. | Custom API Integration |
| Certificates Discovered on Kubernetes Clusters | venafi-tlspdc | Enables your CyberArk Certificate Manager - Self-Hosted instance to connect to CyberArk Certificate Manager for Kubernetes and retrieve certificates discovered on Kubernetes clusters. | Certificate Manager - Self-Hosted |
| cert-manager Components | oci-registry-cm | Grants access to manage enterprise-level components within cert-manager. | OCI Registry |
| Distributed Issuance | distributed-issuance | Allows issuing of certificates with Distributed Issuer | Distributed Issuer, Discovery Agent |
| Enterprise Approver Policy Component for cert-manager | oci-registry-cm-ape | Enables management of approval policies within cert-manager. | OCI Registry |
| Enterprise Issuer Component for cert-manager | oci-registry-cm-vei | Allows management of the Enterprise Issuer for CyberArk Certificate Manager components within cert-manager. | OCI Registry |
| Kubernetes Discovery | kubernetes-discovery | Enables discovery and identification of Kubernetes resources. | Workload Identity Management, Discovery Agent |
| OpenShift Routes Component for cert-manager | openshift-routes | Grants access to the OpenShift Routes for cert-manager component. | OCI Registry |
| Built-in Account Write | svcaccount-write | Allows creation of built-in accounts for the other use cases listed here. You can use the API or CLI to create a built-in account with this scope. | Discovery Agent |
| Workload Identity Manager LTS and FIPS | oci-registry-firefly-ent | Grants access to the LTS and FIPS versions of the Workload Identity Manager. | OCI Registry |
