> ## Documentation Index
> Fetch the complete documentation index at: https://infisical.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Certificate Cleanup

> Automatically remove expired certificates to keep your inventory organized.

Automatically remove expired certificates from your Certificate Manager. Cleanup runs daily and deletes certificates that have been expired for a configurable number of days.

<Info>
  This setting is managed by product admins and applies to all certificates in the Certificate Manager.
</Info>

## Configure Certificate Cleanup

<Steps>
  <Step title="Navigate to settings">
    Go to **Certificate Manager → Settings → Certificate Cleanup**.
  </Step>

  <Step title="Enable cleanup">
    Toggle **Enable** to turn on automatic cleanup.
  </Step>

  <Step title="Set retention period">
    Configure **Delete certificates N days after expiration**:

    | Value | Behavior                                          |
    | ----- | ------------------------------------------------- |
    | `3`   | Certificates are deleted 3 days after expiration  |
    | `7`   | Certificates are deleted 7 days after expiration  |
    | `30`  | Certificates are deleted 30 days after expiration |

    <Note>
      Values must be between 1 and 30 days.
    </Note>
  </Step>

  <Step title="Configure options">
    | Option                                  | Description                                                                                     |
    | --------------------------------------- | ----------------------------------------------------------------------------------------------- |
    | **Skip Certificates with Active Syncs** | Don't delete certificates that are synced to external services (AWS ACM, Azure Key Vault, etc.) |

    <Warning>
      Deleting synced certificates can break integrations. Enable this option if you use certificate syncs.
    </Warning>
  </Step>
</Steps>

## Monitoring Cleanup

After the cleanup job runs, the settings page displays:

| Field                    | Description                              |
| ------------------------ | ---------------------------------------- |
| **Status**               | Whether the last run succeeded or failed |
| **Last Run**             | Date and time of the last execution      |
| **Certificates Removed** | Number of certificates deleted           |

## Permissions

Only **Product Admins** can configure certificate cleanup settings.

## What's Next?

<CardGroup cols={2}>
  <Card title="Certificate Policies" icon="file-contract" href="/documentation/platform/pki/settings/policies">
    Define constraints for certificates.
  </Card>

  <Card title="Certificate Profiles" icon="id-card" href="/documentation/platform/pki/settings/profiles">
    Create profiles that link CAs with policies.
  </Card>

  <Card title="Managing Certificates" icon="list" href="/documentation/platform/pki/applications/certificates">
    View and manage certificates in Applications.
  </Card>

  <Card title="Certificate Syncs" icon="arrows-rotate" href="/documentation/platform/pki/applications/certificate-syncs/overview">
    Push certificates to cloud destinations.
  </Card>
</CardGroup>