vault.pkiSecret.SecretBackendCert
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const app = new vault.pkisecret.SecretBackendCert("app", {
backend: intermediate.path,
name: test.name,
commonName: "app.my.domain",
}, {
dependsOn: [admin],
});
import pulumi
import pulumi_vault as vault
app = vault.pki_secret.SecretBackendCert("app",
backend=intermediate["path"],
name=test["name"],
common_name="app.my.domain",
opts = pulumi.ResourceOptions(depends_on=[admin]))
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/pkiSecret"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := pkiSecret.NewSecretBackendCert(ctx, "app", &pkiSecret.SecretBackendCertArgs{
Backend: pulumi.Any(intermediate.Path),
Name: pulumi.Any(test.Name),
CommonName: pulumi.String("app.my.domain"),
}, pulumi.DependsOn([]pulumi.Resource{
admin,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var app = new Vault.PkiSecret.SecretBackendCert("app", new()
{
Backend = intermediate.Path,
Name = test.Name,
CommonName = "app.my.domain",
}, new CustomResourceOptions
{
DependsOn =
{
admin,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.pkiSecret.SecretBackendCert;
import com.pulumi.vault.pkiSecret.SecretBackendCertArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var app = new SecretBackendCert("app", SecretBackendCertArgs.builder()
.backend(intermediate.path())
.name(test.name())
.commonName("app.my.domain")
.build(), CustomResourceOptions.builder()
.dependsOn(admin)
.build());
}
}
resources:
app:
type: vault:pkiSecret:SecretBackendCert
properties:
backend: ${intermediate.path}
name: ${test.name}
commonName: app.my.domain
options:
dependson:
- ${admin}
Create SecretBackendCert Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecretBackendCert(name: string, args: SecretBackendCertArgs, opts?: CustomResourceOptions);
@overload
def SecretBackendCert(resource_name: str,
args: SecretBackendCertArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecretBackendCert(resource_name: str,
opts: Optional[ResourceOptions] = None,
backend: Optional[str] = None,
common_name: Optional[str] = None,
min_seconds_remaining: Optional[int] = None,
name: Optional[str] = None,
exclude_cn_from_sans: Optional[bool] = None,
format: Optional[str] = None,
ip_sans: Optional[Sequence[str]] = None,
issuer_ref: Optional[str] = None,
alt_names: Optional[Sequence[str]] = None,
auto_renew: Optional[bool] = None,
namespace: Optional[str] = None,
other_sans: Optional[Sequence[str]] = None,
private_key_format: Optional[str] = None,
revoke: Optional[bool] = None,
ttl: Optional[str] = None,
uri_sans: Optional[Sequence[str]] = None,
user_ids: Optional[Sequence[str]] = None)
func NewSecretBackendCert(ctx *Context, name string, args SecretBackendCertArgs, opts ...ResourceOption) (*SecretBackendCert, error)
public SecretBackendCert(string name, SecretBackendCertArgs args, CustomResourceOptions? opts = null)
public SecretBackendCert(String name, SecretBackendCertArgs args)
public SecretBackendCert(String name, SecretBackendCertArgs args, CustomResourceOptions options)
type: vault:pkiSecret:SecretBackendCert
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecretBackendCertArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecretBackendCertArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecretBackendCertArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecretBackendCertArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecretBackendCertArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var secretBackendCertResource = new Vault.PkiSecret.SecretBackendCert("secretBackendCertResource", new()
{
Backend = "string",
CommonName = "string",
MinSecondsRemaining = 0,
Name = "string",
ExcludeCnFromSans = false,
Format = "string",
IpSans = new[]
{
"string",
},
IssuerRef = "string",
AltNames = new[]
{
"string",
},
AutoRenew = false,
Namespace = "string",
OtherSans = new[]
{
"string",
},
PrivateKeyFormat = "string",
Revoke = false,
Ttl = "string",
UriSans = new[]
{
"string",
},
UserIds = new[]
{
"string",
},
});
example, err := pkiSecret.NewSecretBackendCert(ctx, "secretBackendCertResource", &pkiSecret.SecretBackendCertArgs{
Backend: pulumi.String("string"),
CommonName: pulumi.String("string"),
MinSecondsRemaining: pulumi.Int(0),
Name: pulumi.String("string"),
ExcludeCnFromSans: pulumi.Bool(false),
Format: pulumi.String("string"),
IpSans: pulumi.StringArray{
pulumi.String("string"),
},
IssuerRef: pulumi.String("string"),
AltNames: pulumi.StringArray{
pulumi.String("string"),
},
AutoRenew: pulumi.Bool(false),
Namespace: pulumi.String("string"),
OtherSans: pulumi.StringArray{
pulumi.String("string"),
},
PrivateKeyFormat: pulumi.String("string"),
Revoke: pulumi.Bool(false),
Ttl: pulumi.String("string"),
UriSans: pulumi.StringArray{
pulumi.String("string"),
},
UserIds: pulumi.StringArray{
pulumi.String("string"),
},
})
var secretBackendCertResource = new SecretBackendCert("secretBackendCertResource", SecretBackendCertArgs.builder()
.backend("string")
.commonName("string")
.minSecondsRemaining(0)
.name("string")
.excludeCnFromSans(false)
.format("string")
.ipSans("string")
.issuerRef("string")
.altNames("string")
.autoRenew(false)
.namespace("string")
.otherSans("string")
.privateKeyFormat("string")
.revoke(false)
.ttl("string")
.uriSans("string")
.userIds("string")
.build());
secret_backend_cert_resource = vault.pki_secret.SecretBackendCert("secretBackendCertResource",
backend="string",
common_name="string",
min_seconds_remaining=0,
name="string",
exclude_cn_from_sans=False,
format="string",
ip_sans=["string"],
issuer_ref="string",
alt_names=["string"],
auto_renew=False,
namespace="string",
other_sans=["string"],
private_key_format="string",
revoke=False,
ttl="string",
uri_sans=["string"],
user_ids=["string"])
const secretBackendCertResource = new vault.pkisecret.SecretBackendCert("secretBackendCertResource", {
backend: "string",
commonName: "string",
minSecondsRemaining: 0,
name: "string",
excludeCnFromSans: false,
format: "string",
ipSans: ["string"],
issuerRef: "string",
altNames: ["string"],
autoRenew: false,
namespace: "string",
otherSans: ["string"],
privateKeyFormat: "string",
revoke: false,
ttl: "string",
uriSans: ["string"],
userIds: ["string"],
});
type: vault:pkiSecret:SecretBackendCert
properties:
altNames:
- string
autoRenew: false
backend: string
commonName: string
excludeCnFromSans: false
format: string
ipSans:
- string
issuerRef: string
minSecondsRemaining: 0
name: string
namespace: string
otherSans:
- string
privateKeyFormat: string
revoke: false
ttl: string
uriSans:
- string
userIds:
- string
SecretBackendCert Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecretBackendCert resource accepts the following input properties:
- Backend string
- The PKI secret backend the resource belongs to.
- Common
Name string - CN of certificate to create
- Alt
Names List<string> - List of alternative names
- Auto
Renew bool - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- Exclude
Cn boolFrom Sans - Flag to exclude CN from SANs
- Format string
- The format of data
- Ip
Sans List<string> - List of alternative IPs
- Issuer
Ref string - Specifies the default issuer of this request.
- Min
Seconds intRemaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- Name string
- Name of the role to create the certificate against
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Other
Sans List<string> - List of other SANs
- Private
Key stringFormat - The private key format
- Revoke bool
- If set to
true
, the certificate will be revoked on resource destruction. - Ttl string
- Time to live
- Uri
Sans List<string> - List of alternative URIs
- User
Ids List<string> - List of Subject User IDs
- Backend string
- The PKI secret backend the resource belongs to.
- Common
Name string - CN of certificate to create
- Alt
Names []string - List of alternative names
- Auto
Renew bool - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- Exclude
Cn boolFrom Sans - Flag to exclude CN from SANs
- Format string
- The format of data
- Ip
Sans []string - List of alternative IPs
- Issuer
Ref string - Specifies the default issuer of this request.
- Min
Seconds intRemaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- Name string
- Name of the role to create the certificate against
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Other
Sans []string - List of other SANs
- Private
Key stringFormat - The private key format
- Revoke bool
- If set to
true
, the certificate will be revoked on resource destruction. - Ttl string
- Time to live
- Uri
Sans []string - List of alternative URIs
- User
Ids []string - List of Subject User IDs
- backend String
- The PKI secret backend the resource belongs to.
- common
Name String - CN of certificate to create
- alt
Names List<String> - List of alternative names
- auto
Renew Boolean - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- exclude
Cn BooleanFrom Sans - Flag to exclude CN from SANs
- format String
- The format of data
- ip
Sans List<String> - List of alternative IPs
- issuer
Ref String - Specifies the default issuer of this request.
- min
Seconds IntegerRemaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- name String
- Name of the role to create the certificate against
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - other
Sans List<String> - List of other SANs
- private
Key StringFormat - The private key format
- revoke Boolean
- If set to
true
, the certificate will be revoked on resource destruction. - ttl String
- Time to live
- uri
Sans List<String> - List of alternative URIs
- user
Ids List<String> - List of Subject User IDs
- backend string
- The PKI secret backend the resource belongs to.
- common
Name string - CN of certificate to create
- alt
Names string[] - List of alternative names
- auto
Renew boolean - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- exclude
Cn booleanFrom Sans - Flag to exclude CN from SANs
- format string
- The format of data
- ip
Sans string[] - List of alternative IPs
- issuer
Ref string - Specifies the default issuer of this request.
- min
Seconds numberRemaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- name string
- Name of the role to create the certificate against
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - other
Sans string[] - List of other SANs
- private
Key stringFormat - The private key format
- revoke boolean
- If set to
true
, the certificate will be revoked on resource destruction. - ttl string
- Time to live
- uri
Sans string[] - List of alternative URIs
- user
Ids string[] - List of Subject User IDs
- backend str
- The PKI secret backend the resource belongs to.
- common_
name str - CN of certificate to create
- alt_
names Sequence[str] - List of alternative names
- auto_
renew bool - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- exclude_
cn_ boolfrom_ sans - Flag to exclude CN from SANs
- format str
- The format of data
- ip_
sans Sequence[str] - List of alternative IPs
- issuer_
ref str - Specifies the default issuer of this request.
- min_
seconds_ intremaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- name str
- Name of the role to create the certificate against
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - other_
sans Sequence[str] - List of other SANs
- private_
key_ strformat - The private key format
- revoke bool
- If set to
true
, the certificate will be revoked on resource destruction. - ttl str
- Time to live
- uri_
sans Sequence[str] - List of alternative URIs
- user_
ids Sequence[str] - List of Subject User IDs
- backend String
- The PKI secret backend the resource belongs to.
- common
Name String - CN of certificate to create
- alt
Names List<String> - List of alternative names
- auto
Renew Boolean - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- exclude
Cn BooleanFrom Sans - Flag to exclude CN from SANs
- format String
- The format of data
- ip
Sans List<String> - List of alternative IPs
- issuer
Ref String - Specifies the default issuer of this request.
- min
Seconds NumberRemaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- name String
- Name of the role to create the certificate against
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - other
Sans List<String> - List of other SANs
- private
Key StringFormat - The private key format
- revoke Boolean
- If set to
true
, the certificate will be revoked on resource destruction. - ttl String
- Time to live
- uri
Sans List<String> - List of alternative URIs
- user
Ids List<String> - List of Subject User IDs
Outputs
All input properties are implicitly available as output properties. Additionally, the SecretBackendCert resource produces the following output properties:
- Ca
Chain string - The CA chain
- Certificate string
- The certificate
- Expiration int
- The expiration date of the certificate in unix epoch format
- Id string
- The provider-assigned unique ID for this managed resource.
- Issuing
Ca string - The issuing CA
- Private
Key string - The private key
- Private
Key stringType - The private key type
- Renew
Pending bool true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- Serial
Number string - The serial number
- Ca
Chain string - The CA chain
- Certificate string
- The certificate
- Expiration int
- The expiration date of the certificate in unix epoch format
- Id string
- The provider-assigned unique ID for this managed resource.
- Issuing
Ca string - The issuing CA
- Private
Key string - The private key
- Private
Key stringType - The private key type
- Renew
Pending bool true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- Serial
Number string - The serial number
- ca
Chain String - The CA chain
- certificate String
- The certificate
- expiration Integer
- The expiration date of the certificate in unix epoch format
- id String
- The provider-assigned unique ID for this managed resource.
- issuing
Ca String - The issuing CA
- private
Key String - The private key
- private
Key StringType - The private key type
- renew
Pending Boolean true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- serial
Number String - The serial number
- ca
Chain string - The CA chain
- certificate string
- The certificate
- expiration number
- The expiration date of the certificate in unix epoch format
- id string
- The provider-assigned unique ID for this managed resource.
- issuing
Ca string - The issuing CA
- private
Key string - The private key
- private
Key stringType - The private key type
- renew
Pending boolean true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- serial
Number string - The serial number
- ca_
chain str - The CA chain
- certificate str
- The certificate
- expiration int
- The expiration date of the certificate in unix epoch format
- id str
- The provider-assigned unique ID for this managed resource.
- issuing_
ca str - The issuing CA
- private_
key str - The private key
- private_
key_ strtype - The private key type
- renew_
pending bool true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- serial_
number str - The serial number
- ca
Chain String - The CA chain
- certificate String
- The certificate
- expiration Number
- The expiration date of the certificate in unix epoch format
- id String
- The provider-assigned unique ID for this managed resource.
- issuing
Ca String - The issuing CA
- private
Key String - The private key
- private
Key StringType - The private key type
- renew
Pending Boolean true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- serial
Number String - The serial number
Look up Existing SecretBackendCert Resource
Get an existing SecretBackendCert resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecretBackendCertState, opts?: CustomResourceOptions): SecretBackendCert
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
alt_names: Optional[Sequence[str]] = None,
auto_renew: Optional[bool] = None,
backend: Optional[str] = None,
ca_chain: Optional[str] = None,
certificate: Optional[str] = None,
common_name: Optional[str] = None,
exclude_cn_from_sans: Optional[bool] = None,
expiration: Optional[int] = None,
format: Optional[str] = None,
ip_sans: Optional[Sequence[str]] = None,
issuer_ref: Optional[str] = None,
issuing_ca: Optional[str] = None,
min_seconds_remaining: Optional[int] = None,
name: Optional[str] = None,
namespace: Optional[str] = None,
other_sans: Optional[Sequence[str]] = None,
private_key: Optional[str] = None,
private_key_format: Optional[str] = None,
private_key_type: Optional[str] = None,
renew_pending: Optional[bool] = None,
revoke: Optional[bool] = None,
serial_number: Optional[str] = None,
ttl: Optional[str] = None,
uri_sans: Optional[Sequence[str]] = None,
user_ids: Optional[Sequence[str]] = None) -> SecretBackendCert
func GetSecretBackendCert(ctx *Context, name string, id IDInput, state *SecretBackendCertState, opts ...ResourceOption) (*SecretBackendCert, error)
public static SecretBackendCert Get(string name, Input<string> id, SecretBackendCertState? state, CustomResourceOptions? opts = null)
public static SecretBackendCert get(String name, Output<String> id, SecretBackendCertState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Alt
Names List<string> - List of alternative names
- Auto
Renew bool - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- Backend string
- The PKI secret backend the resource belongs to.
- Ca
Chain string - The CA chain
- Certificate string
- The certificate
- Common
Name string - CN of certificate to create
- Exclude
Cn boolFrom Sans - Flag to exclude CN from SANs
- Expiration int
- The expiration date of the certificate in unix epoch format
- Format string
- The format of data
- Ip
Sans List<string> - List of alternative IPs
- Issuer
Ref string - Specifies the default issuer of this request.
- Issuing
Ca string - The issuing CA
- Min
Seconds intRemaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- Name string
- Name of the role to create the certificate against
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Other
Sans List<string> - List of other SANs
- Private
Key string - The private key
- Private
Key stringFormat - The private key format
- Private
Key stringType - The private key type
- Renew
Pending bool true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- Revoke bool
- If set to
true
, the certificate will be revoked on resource destruction. - Serial
Number string - The serial number
- Ttl string
- Time to live
- Uri
Sans List<string> - List of alternative URIs
- User
Ids List<string> - List of Subject User IDs
- Alt
Names []string - List of alternative names
- Auto
Renew bool - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- Backend string
- The PKI secret backend the resource belongs to.
- Ca
Chain string - The CA chain
- Certificate string
- The certificate
- Common
Name string - CN of certificate to create
- Exclude
Cn boolFrom Sans - Flag to exclude CN from SANs
- Expiration int
- The expiration date of the certificate in unix epoch format
- Format string
- The format of data
- Ip
Sans []string - List of alternative IPs
- Issuer
Ref string - Specifies the default issuer of this request.
- Issuing
Ca string - The issuing CA
- Min
Seconds intRemaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- Name string
- Name of the role to create the certificate against
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Other
Sans []string - List of other SANs
- Private
Key string - The private key
- Private
Key stringFormat - The private key format
- Private
Key stringType - The private key type
- Renew
Pending bool true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- Revoke bool
- If set to
true
, the certificate will be revoked on resource destruction. - Serial
Number string - The serial number
- Ttl string
- Time to live
- Uri
Sans []string - List of alternative URIs
- User
Ids []string - List of Subject User IDs
- alt
Names List<String> - List of alternative names
- auto
Renew Boolean - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- backend String
- The PKI secret backend the resource belongs to.
- ca
Chain String - The CA chain
- certificate String
- The certificate
- common
Name String - CN of certificate to create
- exclude
Cn BooleanFrom Sans - Flag to exclude CN from SANs
- expiration Integer
- The expiration date of the certificate in unix epoch format
- format String
- The format of data
- ip
Sans List<String> - List of alternative IPs
- issuer
Ref String - Specifies the default issuer of this request.
- issuing
Ca String - The issuing CA
- min
Seconds IntegerRemaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- name String
- Name of the role to create the certificate against
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - other
Sans List<String> - List of other SANs
- private
Key String - The private key
- private
Key StringFormat - The private key format
- private
Key StringType - The private key type
- renew
Pending Boolean true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- revoke Boolean
- If set to
true
, the certificate will be revoked on resource destruction. - serial
Number String - The serial number
- ttl String
- Time to live
- uri
Sans List<String> - List of alternative URIs
- user
Ids List<String> - List of Subject User IDs
- alt
Names string[] - List of alternative names
- auto
Renew boolean - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- backend string
- The PKI secret backend the resource belongs to.
- ca
Chain string - The CA chain
- certificate string
- The certificate
- common
Name string - CN of certificate to create
- exclude
Cn booleanFrom Sans - Flag to exclude CN from SANs
- expiration number
- The expiration date of the certificate in unix epoch format
- format string
- The format of data
- ip
Sans string[] - List of alternative IPs
- issuer
Ref string - Specifies the default issuer of this request.
- issuing
Ca string - The issuing CA
- min
Seconds numberRemaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- name string
- Name of the role to create the certificate against
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - other
Sans string[] - List of other SANs
- private
Key string - The private key
- private
Key stringFormat - The private key format
- private
Key stringType - The private key type
- renew
Pending boolean true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- revoke boolean
- If set to
true
, the certificate will be revoked on resource destruction. - serial
Number string - The serial number
- ttl string
- Time to live
- uri
Sans string[] - List of alternative URIs
- user
Ids string[] - List of Subject User IDs
- alt_
names Sequence[str] - List of alternative names
- auto_
renew bool - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- backend str
- The PKI secret backend the resource belongs to.
- ca_
chain str - The CA chain
- certificate str
- The certificate
- common_
name str - CN of certificate to create
- exclude_
cn_ boolfrom_ sans - Flag to exclude CN from SANs
- expiration int
- The expiration date of the certificate in unix epoch format
- format str
- The format of data
- ip_
sans Sequence[str] - List of alternative IPs
- issuer_
ref str - Specifies the default issuer of this request.
- issuing_
ca str - The issuing CA
- min_
seconds_ intremaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- name str
- Name of the role to create the certificate against
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - other_
sans Sequence[str] - List of other SANs
- private_
key str - The private key
- private_
key_ strformat - The private key format
- private_
key_ strtype - The private key type
- renew_
pending bool true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- revoke bool
- If set to
true
, the certificate will be revoked on resource destruction. - serial_
number str - The serial number
- ttl str
- Time to live
- uri_
sans Sequence[str] - List of alternative URIs
- user_
ids Sequence[str] - List of Subject User IDs
- alt
Names List<String> - List of alternative names
- auto
Renew Boolean - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- backend String
- The PKI secret backend the resource belongs to.
- ca
Chain String - The CA chain
- certificate String
- The certificate
- common
Name String - CN of certificate to create
- exclude
Cn BooleanFrom Sans - Flag to exclude CN from SANs
- expiration Number
- The expiration date of the certificate in unix epoch format
- format String
- The format of data
- ip
Sans List<String> - List of alternative IPs
- issuer
Ref String - Specifies the default issuer of this request.
- issuing
Ca String - The issuing CA
- min
Seconds NumberRemaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- name String
- Name of the role to create the certificate against
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - other
Sans List<String> - List of other SANs
- private
Key String - The private key
- private
Key StringFormat - The private key format
- private
Key StringType - The private key type
- renew
Pending Boolean true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- revoke Boolean
- If set to
true
, the certificate will be revoked on resource destruction. - serial
Number String - The serial number
- ttl String
- Time to live
- uri
Sans List<String> - List of alternative URIs
- user
Ids List<String> - List of Subject User IDs
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vault
Terraform Provider.