Secure Machine Identities in Puppet Workflows

Transform Puppet workflows by automating the lifecycle of machine certificates — from issuance to renewal — with identity and policy validation built in.

SecureW2 extends certificate-based trust into Puppet's workflows, enforcing automated certificate issuance and lifecycle policies. Certificates are issued, renewed, and revoked automatically via ACME and REST APIs, ensuring infrastructure updates move fast without sacrificing security. This enables organizations to scale automation confidently, knowing every task is executed by a trusted, policy-compliant machine.

Technical Specifications

Setup Time

Fast Deployment

Certificate-Based Automation in an Hour

Sync Method

Dynamic APIs

Triggered via Automated Policies

Secure Protocols

ACME & Dynamic SCEP

Standards-Based Enrollment for Automation

Certificate Infrastructure

Managed Dynamic PKI

Adaptive Access with Signals from your Environment 

Audit & Compliance

Full Visibility

Export Logs to SIEM Systems

Adaptive Policy 

Real-Time Enforcement 

Revoke Access as Threats Evolve

Enterprise SSO with Zero Trust
Guest & Contractor Onboarding
Device Trust Management
Schedule DemoContact Sales

How SecureW2 + Puppet Protects Your Devices

Certificate Lifecycle Automation

Automate enrollment & renewal using SecureW2’s REST and ACME APIs — no manual steps, no ticketing systems.

Built for Automation

Validate Posture Behind Certs

SecureW2 integrates with your security stack to ensure certificates only go (and stay) on trusted systems.

High-Assurance Trust

Simple. Secure. Scalable

A service setup in minutes, backed by powerful automation tools, with protection for HSM keys that meets FIPS140-2 level 3+ standards.

Managed Cloud PKI

Top SecureW2 + Puppet Use Cases

ACME Server Certificate Enrollment

Automate server and workload certificate issuance using SecureW2’s ACME endpoints.

Implementation Steps
  • 1 Admin configures SecureW2’s ACME API endpoint with External Account Binding (EAB)
  • 2 Server initiates enrollment using an ACME-compatible client (e.g. win-acme, acme.sh)
  • 3 Request is processed by SW2 Policy Engine, identity is verified in identity/security systems
  • 4 Certificate is issued and installed on the device/system
Expected Outcomes

  • Automates TLS certificate issuance for internal services

  • Ensures only authorized systems can request certs via EAB and IP controls

  • Compatible with existing ACME clients and tooling

  • Eliminates manual certificate provisioning for dev and IT teams

REST API Certificate Enrollment

Enable fully customizable certificate enrollment for non-human identities using SecureW2's REST APIs.

Implementation Steps
  • 1 Admin integrates SecureW2’s certificate issuance API into automation scripts or pipeline tools
  • 2 System reaches out to SecureW2’s PKI, which validates it’s request
  • 3 Request is processed by SW2 Policy Engine, identity is verified in identity/security systems
  • 4 Certificate is issued and installed device/system
Expected Outcomes

  • Enables granular, programmable control over certificate workflows

  • Seamlessly integrates into CI/CD pipelines and config management tools

  • Customizes certificate types and lifespans by object, team, or managing system

  • Simplify server, IoT, and container security at scale with minimal overhead

Protocols Supported

Comprehensive protocol support for seamless SecureW2 and Puppet integration

Protocol Supported Notes
SAML 2.0 Used with JoinNow MultiOS to authenticate users against a cloud IDP, initiating the certificate enrollment process.
LDAP Used with JoinNow MultiOS to validate users in an LDAP database before enrolling them for a certificate.
802.1X Set up 802.1x in under an hour with our cloud, managed PKI, 802.1x onboarding, and RADIUS authentication services.
EAP-TLS We don't just set you up for 802.1x. Achieve the gold standard, Passwordless, certificate-based, 802.1x Wi-Fi.
ACME Dynamic PKI services that enable the use of ACME DA for user devices and for server certificate automation.
Dynamic SCEP Prevent API compromise and certificate spoofing with certificate auto-enrollment via Dynamic SCEP.
OAuth 2.0 Query IAM, MDM, and EDR infrastructure to continuously monitor trust for PKI and network access automation.
OpenID Connect Confirm user/device identity before authorizing certificate enrollment or renewal.

Elevate Anisble Machine Security with SecureW2

See how you can automate certificate lifecycles for non-human identities with SecureW2 today!

Schedule DemoContact Sales