Sold by: Garantir
Deployed on AWS
GaraTrust is Garantir's unified cryptographic services platform, delivering Certificate Lifecycle Management (CLM) and Code Signing and more from a single system. Manage unlimited TLS certificates for a flat annual fee, or sign code across every major format - Windows, macOS, iOS, Android, Java, Docker, Linux, and more - with client-side hashing, automated hash validation, and PQC-ready architecture. Deploy in days, not months. One platform, multiple crypto initiatives, predictable pricing. Contact Garantir for private offers covering on-prem deployment, higher-volume tiers, and the Premium Supply Chain Security Bundle.
Overview
GaraTrust, Unified Cryptographic Services Platform
GaraTrust is Garantir's unified cryptographic services platform. One system covers multiple cryptographic use cases, reducing TCO, eliminating vendor sprawl, and preparing you for the post-quantum cryptography (PQC) transition.
This listing includes two GaraTrust products: Certificate Lifecycle Management (CLM) and Code Signing.
The public tiers shown here cover the most common buyer scenarios. If your needs fall outside tiers (higher volumes, on-prem deployment, custom bundles, or tier combinations), contact Garantir for a private offer. Private offers are available for both products.
GaraTrust for CLM
Unlimited TLS certificate management for a flat annual fee. Eliminate per-certificate pricing that can reach $250K to $500K+ with legacy vendors.
Key Capabilities
Network and host-based certificate discovery across on-prem, cloud, and hybrid environments
Full lifecycle automation with push, pull, and hybrid client models
Support for all major public and private CAs, including DigiCert, GlobalSign, Sectigo, AWS Private CA, EJBCA, and ADCS
Protocol support: EST, SCEP, ACME, ADCS, and JIT provisioning
Agentless orchestration across Apache, NGINX, IIS, F5, Palo Alto, VMware, and AWS Lambda
PQC-ready architecture with exportable and non-exportable HSM key support
Public Tiers
Essential, Business, and Unlimited, from 1,000 certificates up to unlimited. Ideal for organizations preparing for 90-day and 45-day short-lived certificate mandates or consolidating away from per-certificate licensing.
Private Offers for CLM
Contact Garantir before purchase for bundled services, specific CA integrations, custom migration support, or commercial terms tailored to your procurement process.
GaraTrust for Code Signing
The most technically complete code signing and software supply chain security platform available. Sign across every major format (Windows Authenticode, macOS, iOS, Android, Java, Docker, Linux RPM/DEB, container images, firmware, and more) from a single unified platform.
Key Capabilities
Client-side hashing, only a small hash crosses the network, reducing upload time and binary exposure. Signatures complete in milliseconds.
Automated hash validation with pre-sign and post-sign modes, defeating compromised build servers and insider threats
Multi-vendor HSM support: Thales Luna, Entrust nShield, Azure Key Vault, and more
Native integration with Windows (CNG), Java (JCA/JCE), macOS (CryptoTokenKit), and Linux (PKCS#11, GPG, OpenSSL). Existing tools like SignTool, jarsigner, codesign, and rpmsign work unchanged.
PQC-ready with cryptographic agility built in
Advanced security controls: FIDO2/WebAuthn, TOTP, TPM-based device auth, just-in-time key activation
Public Tiers
Essential, Business, and Enterprise, from 250,000 up to 1,000,000 signatures annually. Additional volume available through signature pack add-ons.
Private Offers for Code Signing
Code signing needs vary widely across organizations. Contact Garantir for a private offer if you need:
Higher-volume tiers beyond 1M signatures (Enterprise Plus, Pro, Global, Unlimited)
The Premium Supply Chain Security Bundle (reproducible builds, pre-sign malicious code scanning, SBOM generation, and supply chain compliance reporting)
On-prem or air-gapped deployment
Bundled pricing with CLM or other GaraTrust use cases
Custom commercial terms
Platform Advantage
Starting with CLM or Code Signing establishes a foundation that extends to private PKI, passwordless authentication for non-human identities (NHIs), application-level data encryption, and additional use cases as they are released, all from the same platform.
Deployment and Support
SaaS deployment directly through this listing
On-prem, multi-cloud, hybrid, and air-gapped deployment via private offer
24/7 enterprise support included with every subscription
Native migration tooling from Venafi, Keyfactor, DigiCert, and others
Getting Started
Select the product and tier that fits your needs, or contact Garantir first to discuss a private offer
After purchase, AWS Marketplace redirects you to a Garantir registration page
A Garantir team member will contact you within one business day to provision your tenant and schedule onboarding
Begin using GaraTrust with full 24/7 enterprise support from day one
For private offers, pricing customization, or deployment questions, contact Garantir before purchase.
Highlights
- Unified cryptographic services platform. One system for Certificate Lifecycle Management and Code Signing, with a clear path to private PKI, code signing, NHI authentication, and application-level encryption. Reduce TCO, eliminate vendor sprawl, and prepare for post-quantum cryptography with a single platform investment.
- GaraTrust for CLM delivers unlimited TLS certificate management for a flat $99K annual fee, replacing per-cert pricing that can reach $250K to $500K+ with legacy vendors. Network and host discovery, full lifecycle automation, support for all major CAs, and native migration from Venafi and Keyfactor. Deploy in days, not months.
- GaraTrust for Code Signing supports every major signing format (Windows, macOS, iOS, Android, Java, Docker, Linux, and more) from one platform. Client-side hashing for high-performance signing, automated hash validation to defeat compromised build servers, multi-vendor HSM support, and PQC-ready architecture. Your existing tools (SignTool, jarsigner, codesign, rpmsign) work unchanged.
Details
Sold by
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor, and additional usage. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. Usage-based pricing is in effect for overages or additional usage not covered in the contract. These charges are applied on top of the contract price. If you choose not to renew or replace your contract before the contract end date, access to your entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months | Overage cost |
|---|---|---|---|
CLM Essential | GaraTrust for CLM, Essential. Up to 1,000 TLS certificates under management. Includes one public CA, network and host discovery, full lifecycle management for public TLS certificates, automation and policy enforcement, SCEP/EST/ACME protocol support, and standard exportable key support. SaaS deployment. 24/7 enterprise support included. Additional certificate volume available through certificate pack add-ons. Ideal for smaller organizations solving the public TLS short-lived certificate challenge. | $50,000.00 | |
CLM Business | GaraTrust for CLM, Business. Up to 3,000 TLS certificates under management. Includes two public CAs and one private CA root, network and host discovery, full lifecycle management for all certificate types, automation and policy enforcement, SCEP/EST/ACME protocol support, access to all orchestrations, and support for both exportable and non-exportable HSM keys. SaaS deployment. 24/7 enterprise support included. Additional certificate volume available through certificate pack add-ons. Ideal for medium-sized organizations with internal CAs. | $75,000.00 | |
CLM Unlimited | GaraTrust for CLM, Unlimited. Unlimited TLS certificates under management, with no caps, no overage charges, and no certificate counting. Includes network and host discovery, full lifecycle automation, support for all major public and private CAs (DigiCert, GlobalSign, Sectigo, AWS Private CA, EJBCA, ADCS), protocol support for EST/SCEP/ACME/ADCS/JIT, agentless orchestration, and both exportable and non-exportable HSM keys. PQC-ready architecture. SaaS deployment included; on-prem via private offer. 24/7 enterprise support. Ideal for large enterprises, cloud-native environments, and organizations preparing for 90-day and 45-day short-lived certificate mandates. | $99,000.00 | - |
Code Signing Essential | GaraTrust for Code Signing, Essential. Up to 250,000 signatures annually. Sign across every major format including Windows Authenticode, macOS, iOS, Android, Java, Docker, Linux (RPM/DEB), container images, and firmware, from a single platform. Includes client-side hashing for high-performance signing, multi-vendor HSM support, native integration with existing signing tools (SignTool, jarsigner, codesign, rpmsign), FIPS 140-2/3 certified HSM key storage, PQC-ready architecture, and multi-factor authentication. SaaS deployment. 24/7 enterprise support included. Additional signing volume available through signature pack add-ons. Ideal for organizations beginning their code signing consolidation journey. | $35,000.00 | |
Code Signing Business | GaraTrust for Code Signing, Business. Up to 500,000 signatures annually. Sign across every major format including Windows, macOS, iOS, Android, Java, Docker, Linux (RPM/DEB), container images, and firmware. Includes client-side hashing, automated hash validation with pre-sign and post-sign modes, multi-vendor HSM support, native integration with existing signing tools, advanced security controls (FIDO2/WebAuthn, TPM device auth, just-in-time key activation, multi-tier approval workflows), and PQC-ready cryptographic agility. SaaS and on-prem deployment. 24/7 enterprise support included. Additional signing volume available through signature pack add-ons. Ideal for growing organizations with multi-platform signing needs. | $60,000.00 | |
Code Signing Enterprise | GaraTrust for Code Signing, Enterprise. Up to 1,000,000 signatures annually. Sign across every major format including Windows, macOS, iOS, Android, Java, Docker, Linux (RPM/DEB), container images, and firmware. Includes client-side hashing, automated hash validation with pre-sign and post-sign modes (defeating compromised build servers and insider threats), multi-vendor HSM support, native integration with existing signing tools, advanced security controls (FIDO2/WebAuthn, TPM device auth, just-in-time key activation, multi-tier approval workflows), and PQC-ready cryptographic agility. SaaS included; on-prem and air-gapped via private offer. The Premium Supply Chain Security Bundle (reproducible builds, malicious code scanning, SBOM generation, compliance reporting) is available via private offer. 24/7 enterprise support. Higher-volume tiers available via private offer. Ideal for enterprises with significant multi-platform code signing needs. | $99,000.00 |
Vendor refund policy
All GaraTrust subscriptions purchased through AWS Marketplace are non-refundable. For subscription questions, technical issues, or commercial concerns, please contact Garantir at support@garantir.io . Private offer terms are governed by the applicable private offer agreement.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Enterprise Support Included
All GaraTrust subscriptions include 24x7x365 enterprise support, with assistance available for both Certificate Lifecycle Management (CLM) and Code Signing use cases.
What's Included
24x7x365 availability for critical issues
Onboarding and implementation support during initial tenant provisioning
Technical support for configuration, integrations, CA/HSM connectivity, and signing workflows
Migration assistance for customers moving from Venafi, Keyfactor, DigiCert, or other legacy vendors
Account and commercial support for subscription, billing, and private offer questions
How to Reach Support
After purchase, customers receive onboarding details and direct support contacts through the Garantir registration flow. Before purchase, general product and commercial questions can be directed to the support channels listed below.
Additional Resources
Documentation, product guides, and deployment references are available at the Garantir website linked in the Additional Resources section.
For pre-sales, private offer, and commercial questions, contact : : +1 (858) 751-4865Hours: 24x7x365 for active subscribers
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.