From 66c2341571efc75a6d3abbe98b4756315214c97b Mon Sep 17 00:00:00 2001
From: Ian Bucad <ian.bucad@datadoghq.com>
Date: Thu, 7 May 2026 00:51:38 +1000
Subject: [PATCH] [windows_certificate] Document certificate_store_regex
 configuration (Agent v7.80.0)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 windows_certificate/README.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/windows_certificate/README.md b/windows_certificate/README.md
index 9eb4609fb340b..7c4a5af5fa650 100644
--- a/windows_certificate/README.md
+++ b/windows_certificate/README.md
@@ -68,6 +68,25 @@ instances:
 ```
 The `policy_validation_flags` [suppress specific validation errors][12] that may not be relevant for your use case. See the [`sample windows_certificate.d/conf.yaml`][4] for a list of all the flags available for use.
 
+Beginning with Agent v7.80.0, the integration supports `certificate_store_regex`, a list of [Go `regexp`][13] patterns matched against store names enumerated from `HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates`. Either `certificate_store`, `certificate_store_regex`, or both must be configured.
+
+This example configuration monitors all certificates in the `ROOT` store as well as any stores whose names start with `Trusted`:
+
+```yaml
+instances:
+  - certificate_store: ROOT
+    certificate_store_regex:
+      - ^Trusted
+```
+
+This example configuration monitors all certificates across all stores:
+
+```yaml
+instances:
+  - certificate_store_regex:
+      - .*
+```
+
 ### Tags
 
 The integration automatically tags all metrics and service checks with the name of the store in the `certificate_store:<STORE>` tag. Certificate metrics and service checks are tagged with the certificate's subjects, thumbprints and serial numbers. CRL metrics and service checks are tagged with the CRL's issuer and thumbprint.
@@ -115,3 +134,4 @@ Need additional help? Contact [Datadog support][9].
 [10]: https://docs.datadoghq.com/agent/guide/agent-configuration-files/#agent-configuration-directory
 [11]: https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/network-policy-server-certificate-revocation-list-overview
 [12]: https://learn.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_chain_policy_para
+[13]: https://pkg.go.dev/regexp/syntax