We recommend using Azure Native.
azure.keyvault.Certifiate
Explore with Pulumi AI
Manages a Key Vault Certificate.
Example Usage
Importing A PFX)
Note: this example assumed the PFX file is located in the same directory at
certificate-to-import.pfx
.
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as std from "@pulumi/std";
const current = azure.core.getClientConfig({});
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
name: "examplekeyvault",
location: example.location,
resourceGroupName: example.name,
tenantId: current.then(current => current.tenantId),
skuName: "premium",
accessPolicies: [{
tenantId: current.then(current => current.tenantId),
objectId: current.then(current => current.objectId),
certificatePermissions: [
"Create",
"Delete",
"DeleteIssuers",
"Get",
"GetIssuers",
"Import",
"List",
"ListIssuers",
"ManageContacts",
"ManageIssuers",
"SetIssuers",
"Update",
],
keyPermissions: [
"Backup",
"Create",
"Decrypt",
"Delete",
"Encrypt",
"Get",
"Import",
"List",
"Purge",
"Recover",
"Restore",
"Sign",
"UnwrapKey",
"Update",
"Verify",
"WrapKey",
],
secretPermissions: [
"Backup",
"Delete",
"Get",
"List",
"Purge",
"Recover",
"Restore",
"Set",
],
}],
});
const exampleCertificate = new azure.keyvault.Certificate("example", {
name: "imported-cert",
keyVaultId: exampleKeyVault.id,
certificate: {
contents: std.filebase64({
input: "certificate-to-import.pfx",
}).then(invoke => invoke.result),
password: "",
},
});
import pulumi
import pulumi_azure as azure
import pulumi_std as std
current = azure.core.get_client_config()
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_key_vault = azure.keyvault.KeyVault("example",
name="examplekeyvault",
location=example.location,
resource_group_name=example.name,
tenant_id=current.tenant_id,
sku_name="premium",
access_policies=[{
"tenant_id": current.tenant_id,
"object_id": current.object_id,
"certificate_permissions": [
"Create",
"Delete",
"DeleteIssuers",
"Get",
"GetIssuers",
"Import",
"List",
"ListIssuers",
"ManageContacts",
"ManageIssuers",
"SetIssuers",
"Update",
],
"key_permissions": [
"Backup",
"Create",
"Decrypt",
"Delete",
"Encrypt",
"Get",
"Import",
"List",
"Purge",
"Recover",
"Restore",
"Sign",
"UnwrapKey",
"Update",
"Verify",
"WrapKey",
],
"secret_permissions": [
"Backup",
"Delete",
"Get",
"List",
"Purge",
"Recover",
"Restore",
"Set",
],
}])
example_certificate = azure.keyvault.Certificate("example",
name="imported-cert",
key_vault_id=example_key_vault.id,
certificate={
"contents": std.filebase64(input="certificate-to-import.pfx").result,
"password": "",
})
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
Name: pulumi.String("examplekeyvault"),
Location: example.Location,
ResourceGroupName: example.Name,
TenantId: pulumi.String(current.TenantId),
SkuName: pulumi.String("premium"),
AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
&keyvault.KeyVaultAccessPolicyArgs{
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(current.ObjectId),
CertificatePermissions: pulumi.StringArray{
pulumi.String("Create"),
pulumi.String("Delete"),
pulumi.String("DeleteIssuers"),
pulumi.String("Get"),
pulumi.String("GetIssuers"),
pulumi.String("Import"),
pulumi.String("List"),
pulumi.String("ListIssuers"),
pulumi.String("ManageContacts"),
pulumi.String("ManageIssuers"),
pulumi.String("SetIssuers"),
pulumi.String("Update"),
},
KeyPermissions: pulumi.StringArray{
pulumi.String("Backup"),
pulumi.String("Create"),
pulumi.String("Decrypt"),
pulumi.String("Delete"),
pulumi.String("Encrypt"),
pulumi.String("Get"),
pulumi.String("Import"),
pulumi.String("List"),
pulumi.String("Purge"),
pulumi.String("Recover"),
pulumi.String("Restore"),
pulumi.String("Sign"),
pulumi.String("UnwrapKey"),
pulumi.String("Update"),
pulumi.String("Verify"),
pulumi.String("WrapKey"),
},
SecretPermissions: pulumi.StringArray{
pulumi.String("Backup"),
pulumi.String("Delete"),
pulumi.String("Get"),
pulumi.String("List"),
pulumi.String("Purge"),
pulumi.String("Recover"),
pulumi.String("Restore"),
pulumi.String("Set"),
},
},
},
})
if err != nil {
return err
}
invokeFilebase64, err := std.Filebase64(ctx, &std.Filebase64Args{
Input: "certificate-to-import.pfx",
}, nil)
if err != nil {
return err
}
_, err = keyvault.NewCertificate(ctx, "example", &keyvault.CertificateArgs{
Name: pulumi.String("imported-cert"),
KeyVaultId: exampleKeyVault.ID(),
Certificate: &keyvault.CertificateCertificateArgs{
Contents: pulumi.String(invokeFilebase64.Result),
Password: pulumi.String(""),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var current = Azure.Core.GetClientConfig.Invoke();
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
{
Name = "examplekeyvault",
Location = example.Location,
ResourceGroupName = example.Name,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
SkuName = "premium",
AccessPolicies = new[]
{
new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
CertificatePermissions = new[]
{
"Create",
"Delete",
"DeleteIssuers",
"Get",
"GetIssuers",
"Import",
"List",
"ListIssuers",
"ManageContacts",
"ManageIssuers",
"SetIssuers",
"Update",
},
KeyPermissions = new[]
{
"Backup",
"Create",
"Decrypt",
"Delete",
"Encrypt",
"Get",
"Import",
"List",
"Purge",
"Recover",
"Restore",
"Sign",
"UnwrapKey",
"Update",
"Verify",
"WrapKey",
},
SecretPermissions = new[]
{
"Backup",
"Delete",
"Get",
"List",
"Purge",
"Recover",
"Restore",
"Set",
},
},
},
});
var exampleCertificate = new Azure.KeyVault.Certificate("example", new()
{
Name = "imported-cert",
KeyVaultId = exampleKeyVault.Id,
KeyVaultCertificate = new Azure.KeyVault.Inputs.CertificateCertificateArgs
{
Contents = Std.Filebase64.Invoke(new()
{
Input = "certificate-to-import.pfx",
}).Apply(invoke => invoke.Result),
Password = "",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
import com.pulumi.azure.keyvault.Certificate;
import com.pulumi.azure.keyvault.CertificateArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = CoreFunctions.getClientConfig();
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.name("examplekeyvault")
.location(example.location())
.resourceGroupName(example.name())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.skuName("premium")
.accessPolicies(KeyVaultAccessPolicyArgs.builder()
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.certificatePermissions(
"Create",
"Delete",
"DeleteIssuers",
"Get",
"GetIssuers",
"Import",
"List",
"ListIssuers",
"ManageContacts",
"ManageIssuers",
"SetIssuers",
"Update")
.keyPermissions(
"Backup",
"Create",
"Decrypt",
"Delete",
"Encrypt",
"Get",
"Import",
"List",
"Purge",
"Recover",
"Restore",
"Sign",
"UnwrapKey",
"Update",
"Verify",
"WrapKey")
.secretPermissions(
"Backup",
"Delete",
"Get",
"List",
"Purge",
"Recover",
"Restore",
"Set")
.build())
.build());
var exampleCertificate = new Certificate("exampleCertificate", CertificateArgs.builder()
.name("imported-cert")
.keyVaultId(exampleKeyVault.id())
.certificate(CertificateCertificateArgs.builder()
.contents(StdFunctions.filebase64(Filebase64Args.builder()
.input("certificate-to-import.pfx")
.build()).result())
.password("")
.build())
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleKeyVault:
type: azure:keyvault:KeyVault
name: example
properties:
name: examplekeyvault
location: ${example.location}
resourceGroupName: ${example.name}
tenantId: ${current.tenantId}
skuName: premium
accessPolicies:
- tenantId: ${current.tenantId}
objectId: ${current.objectId}
certificatePermissions:
- Create
- Delete
- DeleteIssuers
- Get
- GetIssuers
- Import
- List
- ListIssuers
- ManageContacts
- ManageIssuers
- SetIssuers
- Update
keyPermissions:
- Backup
- Create
- Decrypt
- Delete
- Encrypt
- Get
- Import
- List
- Purge
- Recover
- Restore
- Sign
- UnwrapKey
- Update
- Verify
- WrapKey
secretPermissions:
- Backup
- Delete
- Get
- List
- Purge
- Recover
- Restore
- Set
exampleCertificate:
type: azure:keyvault:Certificate
name: example
properties:
name: imported-cert
keyVaultId: ${exampleKeyVault.id}
certificate:
contents:
fn::invoke:
Function: std:filebase64
Arguments:
input: certificate-to-import.pfx
Return: result
password:
variables:
current:
fn::invoke:
Function: azure:core:getClientConfig
Arguments: {}
Generating a new certificate
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const current = azure.core.getClientConfig({});
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
name: "examplekeyvault",
location: example.location,
resourceGroupName: example.name,
tenantId: current.then(current => current.tenantId),
skuName: "standard",
softDeleteRetentionDays: 7,
accessPolicies: [{
tenantId: current.then(current => current.tenantId),
objectId: current.then(current => current.objectId),
certificatePermissions: [
"Create",
"Delete",
"DeleteIssuers",
"Get",
"GetIssuers",
"Import",
"List",
"ListIssuers",
"ManageContacts",
"ManageIssuers",
"Purge",
"SetIssuers",
"Update",
],
keyPermissions: [
"Backup",
"Create",
"Decrypt",
"Delete",
"Encrypt",
"Get",
"Import",
"List",
"Purge",
"Recover",
"Restore",
"Sign",
"UnwrapKey",
"Update",
"Verify",
"WrapKey",
],
secretPermissions: [
"Backup",
"Delete",
"Get",
"List",
"Purge",
"Recover",
"Restore",
"Set",
],
}],
});
const exampleCertificate = new azure.keyvault.Certificate("example", {
name: "generated-cert",
keyVaultId: exampleKeyVault.id,
certificatePolicy: {
issuerParameters: {
name: "Self",
},
keyProperties: {
exportable: true,
keySize: 2048,
keyType: "RSA",
reuseKey: true,
},
lifetimeActions: [{
action: {
actionType: "AutoRenew",
},
trigger: {
daysBeforeExpiry: 30,
},
}],
secretProperties: {
contentType: "application/x-pkcs12",
},
x509CertificateProperties: {
extendedKeyUsages: ["1.3.6.1.5.5.7.3.1"],
keyUsages: [
"cRLSign",
"dataEncipherment",
"digitalSignature",
"keyAgreement",
"keyCertSign",
"keyEncipherment",
],
subjectAlternativeNames: {
dnsNames: [
"internal.contoso.com",
"domain.hello.world",
],
},
subject: "CN=hello-world",
validityInMonths: 12,
},
},
});
import pulumi
import pulumi_azure as azure
current = azure.core.get_client_config()
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_key_vault = azure.keyvault.KeyVault("example",
name="examplekeyvault",
location=example.location,
resource_group_name=example.name,
tenant_id=current.tenant_id,
sku_name="standard",
soft_delete_retention_days=7,
access_policies=[{
"tenant_id": current.tenant_id,
"object_id": current.object_id,
"certificate_permissions": [
"Create",
"Delete",
"DeleteIssuers",
"Get",
"GetIssuers",
"Import",
"List",
"ListIssuers",
"ManageContacts",
"ManageIssuers",
"Purge",
"SetIssuers",
"Update",
],
"key_permissions": [
"Backup",
"Create",
"Decrypt",
"Delete",
"Encrypt",
"Get",
"Import",
"List",
"Purge",
"Recover",
"Restore",
"Sign",
"UnwrapKey",
"Update",
"Verify",
"WrapKey",
],
"secret_permissions": [
"Backup",
"Delete",
"Get",
"List",
"Purge",
"Recover",
"Restore",
"Set",
],
}])
example_certificate = azure.keyvault.Certificate("example",
name="generated-cert",
key_vault_id=example_key_vault.id,
certificate_policy={
"issuer_parameters": {
"name": "Self",
},
"key_properties": {
"exportable": True,
"key_size": 2048,
"key_type": "RSA",
"reuse_key": True,
},
"lifetime_actions": [{
"action": {
"action_type": "AutoRenew",
},
"trigger": {
"days_before_expiry": 30,
},
}],
"secret_properties": {
"content_type": "application/x-pkcs12",
},
"x509_certificate_properties": {
"extended_key_usages": ["1.3.6.1.5.5.7.3.1"],
"key_usages": [
"cRLSign",
"dataEncipherment",
"digitalSignature",
"keyAgreement",
"keyCertSign",
"keyEncipherment",
],
"subject_alternative_names": {
"dns_names": [
"internal.contoso.com",
"domain.hello.world",
],
},
"subject": "CN=hello-world",
"validity_in_months": 12,
},
})
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
Name: pulumi.String("examplekeyvault"),
Location: example.Location,
ResourceGroupName: example.Name,
TenantId: pulumi.String(current.TenantId),
SkuName: pulumi.String("standard"),
SoftDeleteRetentionDays: pulumi.Int(7),
AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
&keyvault.KeyVaultAccessPolicyArgs{
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(current.ObjectId),
CertificatePermissions: pulumi.StringArray{
pulumi.String("Create"),
pulumi.String("Delete"),
pulumi.String("DeleteIssuers"),
pulumi.String("Get"),
pulumi.String("GetIssuers"),
pulumi.String("Import"),
pulumi.String("List"),
pulumi.String("ListIssuers"),
pulumi.String("ManageContacts"),
pulumi.String("ManageIssuers"),
pulumi.String("Purge"),
pulumi.String("SetIssuers"),
pulumi.String("Update"),
},
KeyPermissions: pulumi.StringArray{
pulumi.String("Backup"),
pulumi.String("Create"),
pulumi.String("Decrypt"),
pulumi.String("Delete"),
pulumi.String("Encrypt"),
pulumi.String("Get"),
pulumi.String("Import"),
pulumi.String("List"),
pulumi.String("Purge"),
pulumi.String("Recover"),
pulumi.String("Restore"),
pulumi.String("Sign"),
pulumi.String("UnwrapKey"),
pulumi.String("Update"),
pulumi.String("Verify"),
pulumi.String("WrapKey"),
},
SecretPermissions: pulumi.StringArray{
pulumi.String("Backup"),
pulumi.String("Delete"),
pulumi.String("Get"),
pulumi.String("List"),
pulumi.String("Purge"),
pulumi.String("Recover"),
pulumi.String("Restore"),
pulumi.String("Set"),
},
},
},
})
if err != nil {
return err
}
_, err = keyvault.NewCertificate(ctx, "example", &keyvault.CertificateArgs{
Name: pulumi.String("generated-cert"),
KeyVaultId: exampleKeyVault.ID(),
CertificatePolicy: &keyvault.CertificateCertificatePolicyArgs{
IssuerParameters: &keyvault.CertificateCertificatePolicyIssuerParametersArgs{
Name: pulumi.String("Self"),
},
KeyProperties: &keyvault.CertificateCertificatePolicyKeyPropertiesArgs{
Exportable: pulumi.Bool(true),
KeySize: pulumi.Int(2048),
KeyType: pulumi.String("RSA"),
ReuseKey: pulumi.Bool(true),
},
LifetimeActions: keyvault.CertificateCertificatePolicyLifetimeActionArray{
&keyvault.CertificateCertificatePolicyLifetimeActionArgs{
Action: &keyvault.CertificateCertificatePolicyLifetimeActionActionArgs{
ActionType: pulumi.String("AutoRenew"),
},
Trigger: &keyvault.CertificateCertificatePolicyLifetimeActionTriggerArgs{
DaysBeforeExpiry: pulumi.Int(30),
},
},
},
SecretProperties: &keyvault.CertificateCertificatePolicySecretPropertiesArgs{
ContentType: pulumi.String("application/x-pkcs12"),
},
X509CertificateProperties: &keyvault.CertificateCertificatePolicyX509CertificatePropertiesArgs{
ExtendedKeyUsages: pulumi.StringArray{
pulumi.String("1.3.6.1.5.5.7.3.1"),
},
KeyUsages: pulumi.StringArray{
pulumi.String("cRLSign"),
pulumi.String("dataEncipherment"),
pulumi.String("digitalSignature"),
pulumi.String("keyAgreement"),
pulumi.String("keyCertSign"),
pulumi.String("keyEncipherment"),
},
SubjectAlternativeNames: &keyvault.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs{
DnsNames: pulumi.StringArray{
pulumi.String("internal.contoso.com"),
pulumi.String("domain.hello.world"),
},
},
Subject: pulumi.String("CN=hello-world"),
ValidityInMonths: pulumi.Int(12),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var current = Azure.Core.GetClientConfig.Invoke();
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
{
Name = "examplekeyvault",
Location = example.Location,
ResourceGroupName = example.Name,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
SkuName = "standard",
SoftDeleteRetentionDays = 7,
AccessPolicies = new[]
{
new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
CertificatePermissions = new[]
{
"Create",
"Delete",
"DeleteIssuers",
"Get",
"GetIssuers",
"Import",
"List",
"ListIssuers",
"ManageContacts",
"ManageIssuers",
"Purge",
"SetIssuers",
"Update",
},
KeyPermissions = new[]
{
"Backup",
"Create",
"Decrypt",
"Delete",
"Encrypt",
"Get",
"Import",
"List",
"Purge",
"Recover",
"Restore",
"Sign",
"UnwrapKey",
"Update",
"Verify",
"WrapKey",
},
SecretPermissions = new[]
{
"Backup",
"Delete",
"Get",
"List",
"Purge",
"Recover",
"Restore",
"Set",
},
},
},
});
var exampleCertificate = new Azure.KeyVault.Certificate("example", new()
{
Name = "generated-cert",
KeyVaultId = exampleKeyVault.Id,
CertificatePolicy = new Azure.KeyVault.Inputs.CertificateCertificatePolicyArgs
{
IssuerParameters = new Azure.KeyVault.Inputs.CertificateCertificatePolicyIssuerParametersArgs
{
Name = "Self",
},
KeyProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicyKeyPropertiesArgs
{
Exportable = true,
KeySize = 2048,
KeyType = "RSA",
ReuseKey = true,
},
LifetimeActions = new[]
{
new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionArgs
{
Action = new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionActionArgs
{
ActionType = "AutoRenew",
},
Trigger = new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionTriggerArgs
{
DaysBeforeExpiry = 30,
},
},
},
SecretProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicySecretPropertiesArgs
{
ContentType = "application/x-pkcs12",
},
X509CertificateProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicyX509CertificatePropertiesArgs
{
ExtendedKeyUsages = new[]
{
"1.3.6.1.5.5.7.3.1",
},
KeyUsages = new[]
{
"cRLSign",
"dataEncipherment",
"digitalSignature",
"keyAgreement",
"keyCertSign",
"keyEncipherment",
},
SubjectAlternativeNames = new Azure.KeyVault.Inputs.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs
{
DnsNames = new[]
{
"internal.contoso.com",
"domain.hello.world",
},
},
Subject = "CN=hello-world",
ValidityInMonths = 12,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
import com.pulumi.azure.keyvault.Certificate;
import com.pulumi.azure.keyvault.CertificateArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyIssuerParametersArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyKeyPropertiesArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicySecretPropertiesArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyX509CertificatePropertiesArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = CoreFunctions.getClientConfig();
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.name("examplekeyvault")
.location(example.location())
.resourceGroupName(example.name())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.skuName("standard")
.softDeleteRetentionDays(7)
.accessPolicies(KeyVaultAccessPolicyArgs.builder()
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.certificatePermissions(
"Create",
"Delete",
"DeleteIssuers",
"Get",
"GetIssuers",
"Import",
"List",
"ListIssuers",
"ManageContacts",
"ManageIssuers",
"Purge",
"SetIssuers",
"Update")
.keyPermissions(
"Backup",
"Create",
"Decrypt",
"Delete",
"Encrypt",
"Get",
"Import",
"List",
"Purge",
"Recover",
"Restore",
"Sign",
"UnwrapKey",
"Update",
"Verify",
"WrapKey")
.secretPermissions(
"Backup",
"Delete",
"Get",
"List",
"Purge",
"Recover",
"Restore",
"Set")
.build())
.build());
var exampleCertificate = new Certificate("exampleCertificate", CertificateArgs.builder()
.name("generated-cert")
.keyVaultId(exampleKeyVault.id())
.certificatePolicy(CertificateCertificatePolicyArgs.builder()
.issuerParameters(CertificateCertificatePolicyIssuerParametersArgs.builder()
.name("Self")
.build())
.keyProperties(CertificateCertificatePolicyKeyPropertiesArgs.builder()
.exportable(true)
.keySize(2048)
.keyType("RSA")
.reuseKey(true)
.build())
.lifetimeActions(CertificateCertificatePolicyLifetimeActionArgs.builder()
.action(CertificateCertificatePolicyLifetimeActionActionArgs.builder()
.actionType("AutoRenew")
.build())
.trigger(CertificateCertificatePolicyLifetimeActionTriggerArgs.builder()
.daysBeforeExpiry(30)
.build())
.build())
.secretProperties(CertificateCertificatePolicySecretPropertiesArgs.builder()
.contentType("application/x-pkcs12")
.build())
.x509CertificateProperties(CertificateCertificatePolicyX509CertificatePropertiesArgs.builder()
.extendedKeyUsages("1.3.6.1.5.5.7.3.1")
.keyUsages(
"cRLSign",
"dataEncipherment",
"digitalSignature",
"keyAgreement",
"keyCertSign",
"keyEncipherment")
.subjectAlternativeNames(CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs.builder()
.dnsNames(
"internal.contoso.com",
"domain.hello.world")
.build())
.subject("CN=hello-world")
.validityInMonths(12)
.build())
.build())
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleKeyVault:
type: azure:keyvault:KeyVault
name: example
properties:
name: examplekeyvault
location: ${example.location}
resourceGroupName: ${example.name}
tenantId: ${current.tenantId}
skuName: standard
softDeleteRetentionDays: 7
accessPolicies:
- tenantId: ${current.tenantId}
objectId: ${current.objectId}
certificatePermissions:
- Create
- Delete
- DeleteIssuers
- Get
- GetIssuers
- Import
- List
- ListIssuers
- ManageContacts
- ManageIssuers
- Purge
- SetIssuers
- Update
keyPermissions:
- Backup
- Create
- Decrypt
- Delete
- Encrypt
- Get
- Import
- List
- Purge
- Recover
- Restore
- Sign
- UnwrapKey
- Update
- Verify
- WrapKey
secretPermissions:
- Backup
- Delete
- Get
- List
- Purge
- Recover
- Restore
- Set
exampleCertificate:
type: azure:keyvault:Certificate
name: example
properties:
name: generated-cert
keyVaultId: ${exampleKeyVault.id}
certificatePolicy:
issuerParameters:
name: Self
keyProperties:
exportable: true
keySize: 2048
keyType: RSA
reuseKey: true
lifetimeActions:
- action:
actionType: AutoRenew
trigger:
daysBeforeExpiry: 30
secretProperties:
contentType: application/x-pkcs12
x509CertificateProperties:
extendedKeyUsages:
- 1.3.6.1.5.5.7.3.1
keyUsages:
- cRLSign
- dataEncipherment
- digitalSignature
- keyAgreement
- keyCertSign
- keyEncipherment
subjectAlternativeNames:
dnsNames:
- internal.contoso.com
- domain.hello.world
subject: CN=hello-world
validityInMonths: 12
variables:
current:
fn::invoke:
Function: azure:core:getClientConfig
Arguments: {}
Create Certifiate Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Certifiate(name: string, args: CertifiateArgs, opts?: CustomResourceOptions);
@overload
def Certifiate(resource_name: str,
args: CertifiateArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Certifiate(resource_name: str,
opts: Optional[ResourceOptions] = None,
certificate: Optional[CertifiateCertificateArgs] = None,
certificate_policy: Optional[CertifiateCertificatePolicyArgs] = None,
key_vault_id: Optional[str] = None,
name: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)
func NewCertifiate(ctx *Context, name string, args CertifiateArgs, opts ...ResourceOption) (*Certifiate, error)
public Certifiate(string name, CertifiateArgs args, CustomResourceOptions? opts = null)
public Certifiate(String name, CertifiateArgs args)
public Certifiate(String name, CertifiateArgs args, CustomResourceOptions options)
type: azure:keyvault:Certifiate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CertifiateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CertifiateArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CertifiateArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertifiateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CertifiateArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Certifiate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Certifiate resource accepts the following input properties:
- Key
Vault stringId - The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
- Certificate
Policy CertifiateCertificate Policy A
certificate_policy
block as defined below. Changing this (except thelifetime_action
field) will create a new version of the Key Vault Certificate.NOTE: When creating a Key Vault Certificate, at least one of
certificate
orcertificate_policy
is required. Providecertificate
to import an existing certificate,certificate_policy
to generate a new certificate.- Key
Vault CertifiateCertificate Certificate - A
certificate
block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate. - Name string
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- Dictionary<string, string>
- A mapping of tags to assign to the resource.
- Key
Vault stringId - The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
- Certificate
Certifiate
Certificate Args - A
certificate
block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate. - Certificate
Policy CertifiateCertificate Policy Args A
certificate_policy
block as defined below. Changing this (except thelifetime_action
field) will create a new version of the Key Vault Certificate.NOTE: When creating a Key Vault Certificate, at least one of
certificate
orcertificate_policy
is required. Providecertificate
to import an existing certificate,certificate_policy
to generate a new certificate.- Name string
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- map[string]string
- A mapping of tags to assign to the resource.
- key
Vault StringId - The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
- certificate
Certifiate
Certificate - A
certificate
block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate. - certificate
Policy CertifiateCertificate Policy A
certificate_policy
block as defined below. Changing this (except thelifetime_action
field) will create a new version of the Key Vault Certificate.NOTE: When creating a Key Vault Certificate, at least one of
certificate
orcertificate_policy
is required. Providecertificate
to import an existing certificate,certificate_policy
to generate a new certificate.- name String
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- Map<String,String>
- A mapping of tags to assign to the resource.
- key
Vault stringId - The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
- certificate
Certifiate
Certificate - A
certificate
block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate. - certificate
Policy CertifiateCertificate Policy A
certificate_policy
block as defined below. Changing this (except thelifetime_action
field) will create a new version of the Key Vault Certificate.NOTE: When creating a Key Vault Certificate, at least one of
certificate
orcertificate_policy
is required. Providecertificate
to import an existing certificate,certificate_policy
to generate a new certificate.- name string
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- {[key: string]: string}
- A mapping of tags to assign to the resource.
- key_
vault_ strid - The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
- certificate
Certifiate
Certificate Args - A
certificate
block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate. - certificate_
policy CertifiateCertificate Policy Args A
certificate_policy
block as defined below. Changing this (except thelifetime_action
field) will create a new version of the Key Vault Certificate.NOTE: When creating a Key Vault Certificate, at least one of
certificate
orcertificate_policy
is required. Providecertificate
to import an existing certificate,certificate_policy
to generate a new certificate.- name str
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- Mapping[str, str]
- A mapping of tags to assign to the resource.
- key
Vault StringId - The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
- certificate Property Map
- A
certificate
block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate. - certificate
Policy Property Map A
certificate_policy
block as defined below. Changing this (except thelifetime_action
field) will create a new version of the Key Vault Certificate.NOTE: When creating a Key Vault Certificate, at least one of
certificate
orcertificate_policy
is required. Providecertificate
to import an existing certificate,certificate_policy
to generate a new certificate.- name String
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- Map<String>
- A mapping of tags to assign to the resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the Certifiate resource produces the following output properties:
- Certificate
Attributes List<CertifiateCertificate Attribute> - A
certificate_attribute
block as defined below. - Certificate
Data string - The raw Key Vault Certificate data represented as a hexadecimal string.
- Certificate
Data stringBase64 - The Base64 encoded Key Vault Certificate data.
- Id string
- The provider-assigned unique ID for this managed resource.
- Resource
Manager stringId - The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
- Resource
Manager stringVersionless Id - The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
- Secret
Id string - The ID of the associated Key Vault Secret.
- Thumbprint string
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- Version string
- The current version of the Key Vault Certificate.
- Versionless
Id string - The Base ID of the Key Vault Certificate.
- Versionless
Secret stringId - The Base ID of the Key Vault Secret.
- Certificate
Attributes []CertifiateCertificate Attribute - A
certificate_attribute
block as defined below. - Certificate
Data string - The raw Key Vault Certificate data represented as a hexadecimal string.
- Certificate
Data stringBase64 - The Base64 encoded Key Vault Certificate data.
- Id string
- The provider-assigned unique ID for this managed resource.
- Resource
Manager stringId - The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
- Resource
Manager stringVersionless Id - The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
- Secret
Id string - The ID of the associated Key Vault Secret.
- Thumbprint string
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- Version string
- The current version of the Key Vault Certificate.
- Versionless
Id string - The Base ID of the Key Vault Certificate.
- Versionless
Secret stringId - The Base ID of the Key Vault Secret.
- certificate
Attributes List<CertifiateCertificate Attribute> - A
certificate_attribute
block as defined below. - certificate
Data String - The raw Key Vault Certificate data represented as a hexadecimal string.
- certificate
Data StringBase64 - The Base64 encoded Key Vault Certificate data.
- id String
- The provider-assigned unique ID for this managed resource.
- resource
Manager StringId - The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
- resource
Manager StringVersionless Id - The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
- secret
Id String - The ID of the associated Key Vault Secret.
- thumbprint String
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- version String
- The current version of the Key Vault Certificate.
- versionless
Id String - The Base ID of the Key Vault Certificate.
- versionless
Secret StringId - The Base ID of the Key Vault Secret.
- certificate
Attributes CertifiateCertificate Attribute[] - A
certificate_attribute
block as defined below. - certificate
Data string - The raw Key Vault Certificate data represented as a hexadecimal string.
- certificate
Data stringBase64 - The Base64 encoded Key Vault Certificate data.
- id string
- The provider-assigned unique ID for this managed resource.
- resource
Manager stringId - The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
- resource
Manager stringVersionless Id - The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
- secret
Id string - The ID of the associated Key Vault Secret.
- thumbprint string
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- version string
- The current version of the Key Vault Certificate.
- versionless
Id string - The Base ID of the Key Vault Certificate.
- versionless
Secret stringId - The Base ID of the Key Vault Secret.
- certificate_
attributes Sequence[CertifiateCertificate Attribute] - A
certificate_attribute
block as defined below. - certificate_
data str - The raw Key Vault Certificate data represented as a hexadecimal string.
- certificate_
data_ strbase64 - The Base64 encoded Key Vault Certificate data.
- id str
- The provider-assigned unique ID for this managed resource.
- resource_
manager_ strid - The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
- resource_
manager_ strversionless_ id - The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
- secret_
id str - The ID of the associated Key Vault Secret.
- thumbprint str
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- version str
- The current version of the Key Vault Certificate.
- versionless_
id str - The Base ID of the Key Vault Certificate.
- versionless_
secret_ strid - The Base ID of the Key Vault Secret.
- certificate
Attributes List<Property Map> - A
certificate_attribute
block as defined below. - certificate
Data String - The raw Key Vault Certificate data represented as a hexadecimal string.
- certificate
Data StringBase64 - The Base64 encoded Key Vault Certificate data.
- id String
- The provider-assigned unique ID for this managed resource.
- resource
Manager StringId - The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
- resource
Manager StringVersionless Id - The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
- secret
Id String - The ID of the associated Key Vault Secret.
- thumbprint String
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- version String
- The current version of the Key Vault Certificate.
- versionless
Id String - The Base ID of the Key Vault Certificate.
- versionless
Secret StringId - The Base ID of the Key Vault Secret.
Look up Existing Certifiate Resource
Get an existing Certifiate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CertifiateState, opts?: CustomResourceOptions): Certifiate
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
certificate: Optional[CertifiateCertificateArgs] = None,
certificate_attributes: Optional[Sequence[CertifiateCertificateAttributeArgs]] = None,
certificate_data: Optional[str] = None,
certificate_data_base64: Optional[str] = None,
certificate_policy: Optional[CertifiateCertificatePolicyArgs] = None,
key_vault_id: Optional[str] = None,
name: Optional[str] = None,
resource_manager_id: Optional[str] = None,
resource_manager_versionless_id: Optional[str] = None,
secret_id: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
thumbprint: Optional[str] = None,
version: Optional[str] = None,
versionless_id: Optional[str] = None,
versionless_secret_id: Optional[str] = None) -> Certifiate
func GetCertifiate(ctx *Context, name string, id IDInput, state *CertifiateState, opts ...ResourceOption) (*Certifiate, error)
public static Certifiate Get(string name, Input<string> id, CertifiateState? state, CustomResourceOptions? opts = null)
public static Certifiate get(String name, Output<String> id, CertifiateState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Certificate
Attributes List<CertifiateCertificate Attribute> - A
certificate_attribute
block as defined below. - Certificate
Data string - The raw Key Vault Certificate data represented as a hexadecimal string.
- Certificate
Data stringBase64 - The Base64 encoded Key Vault Certificate data.
- Certificate
Policy CertifiateCertificate Policy A
certificate_policy
block as defined below. Changing this (except thelifetime_action
field) will create a new version of the Key Vault Certificate.NOTE: When creating a Key Vault Certificate, at least one of
certificate
orcertificate_policy
is required. Providecertificate
to import an existing certificate,certificate_policy
to generate a new certificate.- Key
Vault CertifiateCertificate Certificate - A
certificate
block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate. - Key
Vault stringId - The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
- Name string
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- Resource
Manager stringId - The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
- Resource
Manager stringVersionless Id - The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
- Secret
Id string - The ID of the associated Key Vault Secret.
- Dictionary<string, string>
- A mapping of tags to assign to the resource.
- Thumbprint string
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- Version string
- The current version of the Key Vault Certificate.
- Versionless
Id string - The Base ID of the Key Vault Certificate.
- Versionless
Secret stringId - The Base ID of the Key Vault Secret.
- Certificate
Certifiate
Certificate Args - A
certificate
block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate. - Certificate
Attributes []CertifiateCertificate Attribute Args - A
certificate_attribute
block as defined below. - Certificate
Data string - The raw Key Vault Certificate data represented as a hexadecimal string.
- Certificate
Data stringBase64 - The Base64 encoded Key Vault Certificate data.
- Certificate
Policy CertifiateCertificate Policy Args A
certificate_policy
block as defined below. Changing this (except thelifetime_action
field) will create a new version of the Key Vault Certificate.NOTE: When creating a Key Vault Certificate, at least one of
certificate
orcertificate_policy
is required. Providecertificate
to import an existing certificate,certificate_policy
to generate a new certificate.- Key
Vault stringId - The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
- Name string
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- Resource
Manager stringId - The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
- Resource
Manager stringVersionless Id - The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
- Secret
Id string - The ID of the associated Key Vault Secret.
- map[string]string
- A mapping of tags to assign to the resource.
- Thumbprint string
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- Version string
- The current version of the Key Vault Certificate.
- Versionless
Id string - The Base ID of the Key Vault Certificate.
- Versionless
Secret stringId - The Base ID of the Key Vault Secret.
- certificate
Certifiate
Certificate - A
certificate
block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate. - certificate
Attributes List<CertifiateCertificate Attribute> - A
certificate_attribute
block as defined below. - certificate
Data String - The raw Key Vault Certificate data represented as a hexadecimal string.
- certificate
Data StringBase64 - The Base64 encoded Key Vault Certificate data.
- certificate
Policy CertifiateCertificate Policy A
certificate_policy
block as defined below. Changing this (except thelifetime_action
field) will create a new version of the Key Vault Certificate.NOTE: When creating a Key Vault Certificate, at least one of
certificate
orcertificate_policy
is required. Providecertificate
to import an existing certificate,certificate_policy
to generate a new certificate.- key
Vault StringId - The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
- name String
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- resource
Manager StringId - The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
- resource
Manager StringVersionless Id - The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
- secret
Id String - The ID of the associated Key Vault Secret.
- Map<String,String>
- A mapping of tags to assign to the resource.
- thumbprint String
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- version String
- The current version of the Key Vault Certificate.
- versionless
Id String - The Base ID of the Key Vault Certificate.
- versionless
Secret StringId - The Base ID of the Key Vault Secret.
- certificate
Certifiate
Certificate - A
certificate
block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate. - certificate
Attributes CertifiateCertificate Attribute[] - A
certificate_attribute
block as defined below. - certificate
Data string - The raw Key Vault Certificate data represented as a hexadecimal string.
- certificate
Data stringBase64 - The Base64 encoded Key Vault Certificate data.
- certificate
Policy CertifiateCertificate Policy A
certificate_policy
block as defined below. Changing this (except thelifetime_action
field) will create a new version of the Key Vault Certificate.NOTE: When creating a Key Vault Certificate, at least one of
certificate
orcertificate_policy
is required. Providecertificate
to import an existing certificate,certificate_policy
to generate a new certificate.- key
Vault stringId - The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
- name string
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- resource
Manager stringId - The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
- resource
Manager stringVersionless Id - The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
- secret
Id string - The ID of the associated Key Vault Secret.
- {[key: string]: string}
- A mapping of tags to assign to the resource.
- thumbprint string
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- version string
- The current version of the Key Vault Certificate.
- versionless
Id string - The Base ID of the Key Vault Certificate.
- versionless
Secret stringId - The Base ID of the Key Vault Secret.
- certificate
Certifiate
Certificate Args - A
certificate
block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate. - certificate_
attributes Sequence[CertifiateCertificate Attribute Args] - A
certificate_attribute
block as defined below. - certificate_
data str - The raw Key Vault Certificate data represented as a hexadecimal string.
- certificate_
data_ strbase64 - The Base64 encoded Key Vault Certificate data.
- certificate_
policy CertifiateCertificate Policy Args A
certificate_policy
block as defined below. Changing this (except thelifetime_action
field) will create a new version of the Key Vault Certificate.NOTE: When creating a Key Vault Certificate, at least one of
certificate
orcertificate_policy
is required. Providecertificate
to import an existing certificate,certificate_policy
to generate a new certificate.- key_
vault_ strid - The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
- name str
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- resource_
manager_ strid - The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
- resource_
manager_ strversionless_ id - The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
- secret_
id str - The ID of the associated Key Vault Secret.
- Mapping[str, str]
- A mapping of tags to assign to the resource.
- thumbprint str
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- version str
- The current version of the Key Vault Certificate.
- versionless_
id str - The Base ID of the Key Vault Certificate.
- versionless_
secret_ strid - The Base ID of the Key Vault Secret.
- certificate Property Map
- A
certificate
block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate. - certificate
Attributes List<Property Map> - A
certificate_attribute
block as defined below. - certificate
Data String - The raw Key Vault Certificate data represented as a hexadecimal string.
- certificate
Data StringBase64 - The Base64 encoded Key Vault Certificate data.
- certificate
Policy Property Map A
certificate_policy
block as defined below. Changing this (except thelifetime_action
field) will create a new version of the Key Vault Certificate.NOTE: When creating a Key Vault Certificate, at least one of
certificate
orcertificate_policy
is required. Providecertificate
to import an existing certificate,certificate_policy
to generate a new certificate.- key
Vault StringId - The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
- name String
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- resource
Manager StringId - The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
- resource
Manager StringVersionless Id - The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
- secret
Id String - The ID of the associated Key Vault Secret.
- Map<String>
- A mapping of tags to assign to the resource.
- thumbprint String
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- version String
- The current version of the Key Vault Certificate.
- versionless
Id String - The Base ID of the Key Vault Certificate.
- versionless
Secret StringId - The Base ID of the Key Vault Secret.
Supporting Types
CertifiateCertificate, CertifiateCertificateArgs
- Contents string
- The base64-encoded certificate contents.
- Password string
The password associated with the certificate.
NOTE: A PEM certificate is already base64 encoded. To successfully import, the
contents
property should include a PEM encoded X509 certificate and a private_key in pkcs8 format. There should only be linux style\n
line endings and the whole block should have the PEM begin/end blocks around the certificate data and the private key data.To convert a private key to pkcs8 format with openssl use:
openssl pkcs8 -topk8 -nocrypt -in private_key.pem > private_key_pk8.pem
The PEM content should look something like:
-----BEGIN CERTIFICATE----- aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K : aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK : d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK -----END PRIVATE KEY-----
- Contents string
- The base64-encoded certificate contents.
- Password string
The password associated with the certificate.
NOTE: A PEM certificate is already base64 encoded. To successfully import, the
contents
property should include a PEM encoded X509 certificate and a private_key in pkcs8 format. There should only be linux style\n
line endings and the whole block should have the PEM begin/end blocks around the certificate data and the private key data.To convert a private key to pkcs8 format with openssl use:
openssl pkcs8 -topk8 -nocrypt -in private_key.pem > private_key_pk8.pem
The PEM content should look something like:
-----BEGIN CERTIFICATE----- aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K : aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK : d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK -----END PRIVATE KEY-----
- contents String
- The base64-encoded certificate contents.
- password String
The password associated with the certificate.
NOTE: A PEM certificate is already base64 encoded. To successfully import, the
contents
property should include a PEM encoded X509 certificate and a private_key in pkcs8 format. There should only be linux style\n
line endings and the whole block should have the PEM begin/end blocks around the certificate data and the private key data.To convert a private key to pkcs8 format with openssl use:
openssl pkcs8 -topk8 -nocrypt -in private_key.pem > private_key_pk8.pem
The PEM content should look something like:
-----BEGIN CERTIFICATE----- aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K : aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK : d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK -----END PRIVATE KEY-----
- contents string
- The base64-encoded certificate contents.
- password string
The password associated with the certificate.
NOTE: A PEM certificate is already base64 encoded. To successfully import, the
contents
property should include a PEM encoded X509 certificate and a private_key in pkcs8 format. There should only be linux style\n
line endings and the whole block should have the PEM begin/end blocks around the certificate data and the private key data.To convert a private key to pkcs8 format with openssl use:
openssl pkcs8 -topk8 -nocrypt -in private_key.pem > private_key_pk8.pem
The PEM content should look something like:
-----BEGIN CERTIFICATE----- aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K : aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK : d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK -----END PRIVATE KEY-----
- contents str
- The base64-encoded certificate contents.
- password str
The password associated with the certificate.
NOTE: A PEM certificate is already base64 encoded. To successfully import, the
contents
property should include a PEM encoded X509 certificate and a private_key in pkcs8 format. There should only be linux style\n
line endings and the whole block should have the PEM begin/end blocks around the certificate data and the private key data.To convert a private key to pkcs8 format with openssl use:
openssl pkcs8 -topk8 -nocrypt -in private_key.pem > private_key_pk8.pem
The PEM content should look something like:
-----BEGIN CERTIFICATE----- aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K : aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK : d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK -----END PRIVATE KEY-----
- contents String
- The base64-encoded certificate contents.
- password String
The password associated with the certificate.
NOTE: A PEM certificate is already base64 encoded. To successfully import, the
contents
property should include a PEM encoded X509 certificate and a private_key in pkcs8 format. There should only be linux style\n
line endings and the whole block should have the PEM begin/end blocks around the certificate data and the private key data.To convert a private key to pkcs8 format with openssl use:
openssl pkcs8 -topk8 -nocrypt -in private_key.pem > private_key_pk8.pem
The PEM content should look something like:
-----BEGIN CERTIFICATE----- aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K : aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK : d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK -----END PRIVATE KEY-----
CertifiateCertificateAttribute, CertifiateCertificateAttributeArgs
- Created string
- The create time of the Key Vault Certificate.
- Enabled bool
- whether the Key Vault Certificate is enabled.
- Expires string
- The expires time of the Key Vault Certificate.
- Not
Before string - The not before valid time of the Key Vault Certificate.
- Recovery
Level string - The deletion recovery level of the Key Vault Certificate.
- Updated string
- The recent update time of the Key Vault Certificate.
- Created string
- The create time of the Key Vault Certificate.
- Enabled bool
- whether the Key Vault Certificate is enabled.
- Expires string
- The expires time of the Key Vault Certificate.
- Not
Before string - The not before valid time of the Key Vault Certificate.
- Recovery
Level string - The deletion recovery level of the Key Vault Certificate.
- Updated string
- The recent update time of the Key Vault Certificate.
- created String
- The create time of the Key Vault Certificate.
- enabled Boolean
- whether the Key Vault Certificate is enabled.
- expires String
- The expires time of the Key Vault Certificate.
- not
Before String - The not before valid time of the Key Vault Certificate.
- recovery
Level String - The deletion recovery level of the Key Vault Certificate.
- updated String
- The recent update time of the Key Vault Certificate.
- created string
- The create time of the Key Vault Certificate.
- enabled boolean
- whether the Key Vault Certificate is enabled.
- expires string
- The expires time of the Key Vault Certificate.
- not
Before string - The not before valid time of the Key Vault Certificate.
- recovery
Level string - The deletion recovery level of the Key Vault Certificate.
- updated string
- The recent update time of the Key Vault Certificate.
- created str
- The create time of the Key Vault Certificate.
- enabled bool
- whether the Key Vault Certificate is enabled.
- expires str
- The expires time of the Key Vault Certificate.
- not_
before str - The not before valid time of the Key Vault Certificate.
- recovery_
level str - The deletion recovery level of the Key Vault Certificate.
- updated str
- The recent update time of the Key Vault Certificate.
- created String
- The create time of the Key Vault Certificate.
- enabled Boolean
- whether the Key Vault Certificate is enabled.
- expires String
- The expires time of the Key Vault Certificate.
- not
Before String - The not before valid time of the Key Vault Certificate.
- recovery
Level String - The deletion recovery level of the Key Vault Certificate.
- updated String
- The recent update time of the Key Vault Certificate.
CertifiateCertificatePolicy, CertifiateCertificatePolicyArgs
- Issuer
Parameters CertifiateCertificate Policy Issuer Parameters - A
issuer_parameters
block as defined below. - Key
Properties CertifiateCertificate Policy Key Properties - A
key_properties
block as defined below. - Secret
Properties CertifiateCertificate Policy Secret Properties - A
secret_properties
block as defined below. - Lifetime
Actions List<CertifiateCertificate Policy Lifetime Action> - A
lifetime_action
block as defined below. - X509Certificate
Properties CertifiateCertificate Policy X509Certificate Properties - A
x509_certificate_properties
block as defined below. Required whencertificate
block is not specified.
- Issuer
Parameters CertifiateCertificate Policy Issuer Parameters - A
issuer_parameters
block as defined below. - Key
Properties CertifiateCertificate Policy Key Properties - A
key_properties
block as defined below. - Secret
Properties CertifiateCertificate Policy Secret Properties - A
secret_properties
block as defined below. - Lifetime
Actions []CertifiateCertificate Policy Lifetime Action - A
lifetime_action
block as defined below. - X509Certificate
Properties CertifiateCertificate Policy X509Certificate Properties - A
x509_certificate_properties
block as defined below. Required whencertificate
block is not specified.
- issuer
Parameters CertifiateCertificate Policy Issuer Parameters - A
issuer_parameters
block as defined below. - key
Properties CertifiateCertificate Policy Key Properties - A
key_properties
block as defined below. - secret
Properties CertifiateCertificate Policy Secret Properties - A
secret_properties
block as defined below. - lifetime
Actions List<CertifiateCertificate Policy Lifetime Action> - A
lifetime_action
block as defined below. - x509Certificate
Properties CertifiateCertificate Policy X509Certificate Properties - A
x509_certificate_properties
block as defined below. Required whencertificate
block is not specified.
- issuer
Parameters CertifiateCertificate Policy Issuer Parameters - A
issuer_parameters
block as defined below. - key
Properties CertifiateCertificate Policy Key Properties - A
key_properties
block as defined below. - secret
Properties CertifiateCertificate Policy Secret Properties - A
secret_properties
block as defined below. - lifetime
Actions CertifiateCertificate Policy Lifetime Action[] - A
lifetime_action
block as defined below. - x509Certificate
Properties CertifiateCertificate Policy X509Certificate Properties - A
x509_certificate_properties
block as defined below. Required whencertificate
block is not specified.
- issuer_
parameters CertifiateCertificate Policy Issuer Parameters - A
issuer_parameters
block as defined below. - key_
properties CertifiateCertificate Policy Key Properties - A
key_properties
block as defined below. - secret_
properties CertifiateCertificate Policy Secret Properties - A
secret_properties
block as defined below. - lifetime_
actions Sequence[CertifiateCertificate Policy Lifetime Action] - A
lifetime_action
block as defined below. - x509_
certificate_ Certifiateproperties Certificate Policy X509Certificate Properties - A
x509_certificate_properties
block as defined below. Required whencertificate
block is not specified.
- issuer
Parameters Property Map - A
issuer_parameters
block as defined below. - key
Properties Property Map - A
key_properties
block as defined below. - secret
Properties Property Map - A
secret_properties
block as defined below. - lifetime
Actions List<Property Map> - A
lifetime_action
block as defined below. - x509Certificate
Properties Property Map - A
x509_certificate_properties
block as defined below. Required whencertificate
block is not specified.
CertifiateCertificatePolicyIssuerParameters, CertifiateCertificatePolicyIssuerParametersArgs
- Name string
- The name of the Certificate Issuer. Possible values include
Self
(for self-signed certificate), orUnknown
(for a certificate issuing authority likeLet's Encrypt
and Azure direct supported ones).
- Name string
- The name of the Certificate Issuer. Possible values include
Self
(for self-signed certificate), orUnknown
(for a certificate issuing authority likeLet's Encrypt
and Azure direct supported ones).
- name String
- The name of the Certificate Issuer. Possible values include
Self
(for self-signed certificate), orUnknown
(for a certificate issuing authority likeLet's Encrypt
and Azure direct supported ones).
- name string
- The name of the Certificate Issuer. Possible values include
Self
(for self-signed certificate), orUnknown
(for a certificate issuing authority likeLet's Encrypt
and Azure direct supported ones).
- name str
- The name of the Certificate Issuer. Possible values include
Self
(for self-signed certificate), orUnknown
(for a certificate issuing authority likeLet's Encrypt
and Azure direct supported ones).
- name String
- The name of the Certificate Issuer. Possible values include
Self
(for self-signed certificate), orUnknown
(for a certificate issuing authority likeLet's Encrypt
and Azure direct supported ones).
CertifiateCertificatePolicyKeyProperties, CertifiateCertificatePolicyKeyPropertiesArgs
- Exportable bool
- Is this certificate exportable?
- Key
Type string - Specifies the type of key. Possible values are
EC
,EC-HSM
,RSA
,RSA-HSM
andoct
. - Reuse
Key bool - Is the key reusable?
- Curve string
- Specifies the curve to use when creating an
EC
key. Possible values areP-256
,P-256K
,P-384
, andP-521
. This field will be required in a future release ifkey_type
isEC
orEC-HSM
. - Key
Size int - The size of the key used in the certificate. Possible values include
2048
,3072
, and4096
forRSA
keys, or256
,384
, and521
forEC
keys. This property is required when using RSA keys.
- Exportable bool
- Is this certificate exportable?
- Key
Type string - Specifies the type of key. Possible values are
EC
,EC-HSM
,RSA
,RSA-HSM
andoct
. - Reuse
Key bool - Is the key reusable?
- Curve string
- Specifies the curve to use when creating an
EC
key. Possible values areP-256
,P-256K
,P-384
, andP-521
. This field will be required in a future release ifkey_type
isEC
orEC-HSM
. - Key
Size int - The size of the key used in the certificate. Possible values include
2048
,3072
, and4096
forRSA
keys, or256
,384
, and521
forEC
keys. This property is required when using RSA keys.
- exportable Boolean
- Is this certificate exportable?
- key
Type String - Specifies the type of key. Possible values are
EC
,EC-HSM
,RSA
,RSA-HSM
andoct
. - reuse
Key Boolean - Is the key reusable?
- curve String
- Specifies the curve to use when creating an
EC
key. Possible values areP-256
,P-256K
,P-384
, andP-521
. This field will be required in a future release ifkey_type
isEC
orEC-HSM
. - key
Size Integer - The size of the key used in the certificate. Possible values include
2048
,3072
, and4096
forRSA
keys, or256
,384
, and521
forEC
keys. This property is required when using RSA keys.
- exportable boolean
- Is this certificate exportable?
- key
Type string - Specifies the type of key. Possible values are
EC
,EC-HSM
,RSA
,RSA-HSM
andoct
. - reuse
Key boolean - Is the key reusable?
- curve string
- Specifies the curve to use when creating an
EC
key. Possible values areP-256
,P-256K
,P-384
, andP-521
. This field will be required in a future release ifkey_type
isEC
orEC-HSM
. - key
Size number - The size of the key used in the certificate. Possible values include
2048
,3072
, and4096
forRSA
keys, or256
,384
, and521
forEC
keys. This property is required when using RSA keys.
- exportable bool
- Is this certificate exportable?
- key_
type str - Specifies the type of key. Possible values are
EC
,EC-HSM
,RSA
,RSA-HSM
andoct
. - reuse_
key bool - Is the key reusable?
- curve str
- Specifies the curve to use when creating an
EC
key. Possible values areP-256
,P-256K
,P-384
, andP-521
. This field will be required in a future release ifkey_type
isEC
orEC-HSM
. - key_
size int - The size of the key used in the certificate. Possible values include
2048
,3072
, and4096
forRSA
keys, or256
,384
, and521
forEC
keys. This property is required when using RSA keys.
- exportable Boolean
- Is this certificate exportable?
- key
Type String - Specifies the type of key. Possible values are
EC
,EC-HSM
,RSA
,RSA-HSM
andoct
. - reuse
Key Boolean - Is the key reusable?
- curve String
- Specifies the curve to use when creating an
EC
key. Possible values areP-256
,P-256K
,P-384
, andP-521
. This field will be required in a future release ifkey_type
isEC
orEC-HSM
. - key
Size Number - The size of the key used in the certificate. Possible values include
2048
,3072
, and4096
forRSA
keys, or256
,384
, and521
forEC
keys. This property is required when using RSA keys.
CertifiateCertificatePolicyLifetimeAction, CertifiateCertificatePolicyLifetimeActionArgs
- Action
Certifiate
Certificate Policy Lifetime Action Action - A
action
block as defined below. - Trigger
Certifiate
Certificate Policy Lifetime Action Trigger - A
trigger
block as defined below.
- Action
Certifiate
Certificate Policy Lifetime Action Action - A
action
block as defined below. - Trigger
Certifiate
Certificate Policy Lifetime Action Trigger - A
trigger
block as defined below.
- action
Certifiate
Certificate Policy Lifetime Action Action - A
action
block as defined below. - trigger
Certifiate
Certificate Policy Lifetime Action Trigger - A
trigger
block as defined below.
- action
Certifiate
Certificate Policy Lifetime Action Action - A
action
block as defined below. - trigger
Certifiate
Certificate Policy Lifetime Action Trigger - A
trigger
block as defined below.
- action
Certifiate
Certificate Policy Lifetime Action Action - A
action
block as defined below. - trigger
Certifiate
Certificate Policy Lifetime Action Trigger - A
trigger
block as defined below.
- action Property Map
- A
action
block as defined below. - trigger Property Map
- A
trigger
block as defined below.
CertifiateCertificatePolicyLifetimeActionAction, CertifiateCertificatePolicyLifetimeActionActionArgs
- Action
Type string - The Type of action to be performed when the lifetime trigger is triggerec. Possible values include
AutoRenew
andEmailContacts
.
- Action
Type string - The Type of action to be performed when the lifetime trigger is triggerec. Possible values include
AutoRenew
andEmailContacts
.
- action
Type String - The Type of action to be performed when the lifetime trigger is triggerec. Possible values include
AutoRenew
andEmailContacts
.
- action
Type string - The Type of action to be performed when the lifetime trigger is triggerec. Possible values include
AutoRenew
andEmailContacts
.
- action_
type str - The Type of action to be performed when the lifetime trigger is triggerec. Possible values include
AutoRenew
andEmailContacts
.
- action
Type String - The Type of action to be performed when the lifetime trigger is triggerec. Possible values include
AutoRenew
andEmailContacts
.
CertifiateCertificatePolicyLifetimeActionTrigger, CertifiateCertificatePolicyLifetimeActionTriggerArgs
- Days
Before intExpiry - The number of days before the Certificate expires that the action associated with this Trigger should run. Conflicts with
lifetime_percentage
. - Lifetime
Percentage int - The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Conflicts with
days_before_expiry
.
- Days
Before intExpiry - The number of days before the Certificate expires that the action associated with this Trigger should run. Conflicts with
lifetime_percentage
. - Lifetime
Percentage int - The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Conflicts with
days_before_expiry
.
- days
Before IntegerExpiry - The number of days before the Certificate expires that the action associated with this Trigger should run. Conflicts with
lifetime_percentage
. - lifetime
Percentage Integer - The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Conflicts with
days_before_expiry
.
- days
Before numberExpiry - The number of days before the Certificate expires that the action associated with this Trigger should run. Conflicts with
lifetime_percentage
. - lifetime
Percentage number - The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Conflicts with
days_before_expiry
.
- days_
before_ intexpiry - The number of days before the Certificate expires that the action associated with this Trigger should run. Conflicts with
lifetime_percentage
. - lifetime_
percentage int - The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Conflicts with
days_before_expiry
.
- days
Before NumberExpiry - The number of days before the Certificate expires that the action associated with this Trigger should run. Conflicts with
lifetime_percentage
. - lifetime
Percentage Number - The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Conflicts with
days_before_expiry
.
CertifiateCertificatePolicySecretProperties, CertifiateCertificatePolicySecretPropertiesArgs
- Content
Type string - The Content-Type of the Certificate, such as
application/x-pkcs12
for a PFX orapplication/x-pem-file
for a PEM.
- Content
Type string - The Content-Type of the Certificate, such as
application/x-pkcs12
for a PFX orapplication/x-pem-file
for a PEM.
- content
Type String - The Content-Type of the Certificate, such as
application/x-pkcs12
for a PFX orapplication/x-pem-file
for a PEM.
- content
Type string - The Content-Type of the Certificate, such as
application/x-pkcs12
for a PFX orapplication/x-pem-file
for a PEM.
- content_
type str - The Content-Type of the Certificate, such as
application/x-pkcs12
for a PFX orapplication/x-pem-file
for a PEM.
- content
Type String - The Content-Type of the Certificate, such as
application/x-pkcs12
for a PFX orapplication/x-pem-file
for a PEM.
CertifiateCertificatePolicyX509CertificateProperties, CertifiateCertificatePolicyX509CertificatePropertiesArgs
- Key
Usages List<string> - A list of uses associated with this Key. Possible values include
cRLSign
,dataEncipherment
,decipherOnly
,digitalSignature
,encipherOnly
,keyAgreement
,keyCertSign
,keyEncipherment
andnonRepudiation
and are case-sensitive. - Subject string
- The Certificate's Subject.
- Validity
In intMonths - The Certificates Validity Period in Months.
- Extended
Key List<string>Usages - A list of Extended/Enhanced Key Usages.
- Subject
Alternative CertifiateNames Certificate Policy X509Certificate Properties Subject Alternative Names - A
subject_alternative_names
block as defined below.
- Key
Usages []string - A list of uses associated with this Key. Possible values include
cRLSign
,dataEncipherment
,decipherOnly
,digitalSignature
,encipherOnly
,keyAgreement
,keyCertSign
,keyEncipherment
andnonRepudiation
and are case-sensitive. - Subject string
- The Certificate's Subject.
- Validity
In intMonths - The Certificates Validity Period in Months.
- Extended
Key []stringUsages - A list of Extended/Enhanced Key Usages.
- Subject
Alternative CertifiateNames Certificate Policy X509Certificate Properties Subject Alternative Names - A
subject_alternative_names
block as defined below.
- key
Usages List<String> - A list of uses associated with this Key. Possible values include
cRLSign
,dataEncipherment
,decipherOnly
,digitalSignature
,encipherOnly
,keyAgreement
,keyCertSign
,keyEncipherment
andnonRepudiation
and are case-sensitive. - subject String
- The Certificate's Subject.
- validity
In IntegerMonths - The Certificates Validity Period in Months.
- extended
Key List<String>Usages - A list of Extended/Enhanced Key Usages.
- subject
Alternative CertifiateNames Certificate Policy X509Certificate Properties Subject Alternative Names - A
subject_alternative_names
block as defined below.
- key
Usages string[] - A list of uses associated with this Key. Possible values include
cRLSign
,dataEncipherment
,decipherOnly
,digitalSignature
,encipherOnly
,keyAgreement
,keyCertSign
,keyEncipherment
andnonRepudiation
and are case-sensitive. - subject string
- The Certificate's Subject.
- validity
In numberMonths - The Certificates Validity Period in Months.
- extended
Key string[]Usages - A list of Extended/Enhanced Key Usages.
- subject
Alternative CertifiateNames Certificate Policy X509Certificate Properties Subject Alternative Names - A
subject_alternative_names
block as defined below.
- key_
usages Sequence[str] - A list of uses associated with this Key. Possible values include
cRLSign
,dataEncipherment
,decipherOnly
,digitalSignature
,encipherOnly
,keyAgreement
,keyCertSign
,keyEncipherment
andnonRepudiation
and are case-sensitive. - subject str
- The Certificate's Subject.
- validity_
in_ intmonths - The Certificates Validity Period in Months.
- extended_
key_ Sequence[str]usages - A list of Extended/Enhanced Key Usages.
- subject_
alternative_ Certifiatenames Certificate Policy X509Certificate Properties Subject Alternative Names - A
subject_alternative_names
block as defined below.
- key
Usages List<String> - A list of uses associated with this Key. Possible values include
cRLSign
,dataEncipherment
,decipherOnly
,digitalSignature
,encipherOnly
,keyAgreement
,keyCertSign
,keyEncipherment
andnonRepudiation
and are case-sensitive. - subject String
- The Certificate's Subject.
- validity
In NumberMonths - The Certificates Validity Period in Months.
- extended
Key List<String>Usages - A list of Extended/Enhanced Key Usages.
- subject
Alternative Property MapNames - A
subject_alternative_names
block as defined below.
CertifiateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames, CertifiateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs
Import
Key Vault Certificates can be imported using the resource id
, e.g.
$ pulumi import azure:keyvault/certifiate:Certifiate example "https://example-keyvault.vault.azure.net/certificates/example/fdf067c93bbb4b22bff4d8b7a9a56217"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurerm
Terraform Provider.