enix/x509-certificate-exporter

v4.0.0 Breaking

This release includes 1 breaking change for platform teams planning a safe upgrade.

Published 28d Monitoring & Metrics

✓ No known CVEs patched

✓ No known CVEs patched in this version

Topics

alert certificates web expiration-monitoring grafana kubernetes

+2 more

monitoring-tool prometheus-exporter

Affected surfaces

breaking_upgrade

Summary

AI summary

Full rewrite to YAML config and pluggable architecture introduces breaking changes.

Full changelog

Full rewrite around a YAML config file and a pluggable architecture — clean foundations for the project to grow on.
Memory-safe Kubernetes watch — RAM usage stays flat instead of spiking; expect to set memory limits ~10× lower than before.
Richer PKCS#12 wiring — full keystore + truststore coverage, flexible passphrase sourcing.
Surface workload metadata — lift watched resource labels onto emitted certificate series.
Supply-chain hardened — SLSA Build L3 provenance, cosign-signed binaries, images and chart, SBOM attestations.
Multi-cluster from a single instance — fan-in metrics from any number of clusters via distinct kubeconfigs.
Per-source observability — granular health and triage signals, not just a global error counter.

This new major version introduces changes that may break existing deployments.
Please read the v3 → v4 migration guide before upgrading.

Exceptionally, this release has no detailed changelog: v4 is the outcome of a deep rewrite spanning over a hundred commits.

Switched from previous configuration format to a YAML-based config file and pluggable architecture.

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track enix/x509-certificate-exporter

Get notified when new releases ship.

About enix/x509-certificate-exporter