# `Relyra.Security.CertificateExpiry`
[🔗](https://github.com/szTheory/relyra/blob/v1.1.0/lib/relyra/security/certificate_expiry.ex#L2)

Batch traversal function to check for expiring SAML certificates.

Provides a pure function `check_all/2` that adopters can hook into
their own schedulers. Queries active/next certificates on enabled
connections that are approaching their `not_after` threshold.

# `check_all`

```elixir
@spec check_all(
  module(),
  keyword()
) :: {:ok, %{optional(binary()) => :ok}} | {:error, Relyra.Error.t()}
```

Checks for expiring certificates and emits standard `:telemetry` events.

`opts`:
  - `:days_to_expiry` — default `30`. Certificates expiring within this many days are flagged.

Returns `{:ok, %{certificate_id => :ok}}` for matching certificates.

---

*Consult [api-reference.md](api-reference.md) for complete listing*