vault.pkiSecret.SecretBackendSign
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const test = new vault.pkisecret.SecretBackendSign("test", {
backend: pki.path,
name: admin.name,
csr: `-----BEGIN CERTIFICATE REQUEST-----
MIIEqDCCApACAQAwYzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEcMBoGA1UEAwwTY2Vy
dC50ZXN0Lm15LmRvbWFpbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
AJupYCQ8UVCWII1Zof1c6YcSSaM9hEaDU78cfKP5RoSeH10BvrWRfT+mzCONVpNP
CW9Iabtvk6hm0ot6ilnndEyVJbc0g7hdDLBX5BM25D+DGZGJRKUz1V+uBrWmXtIt
Vonj7JTDTe7ViH0GDsB7CvqXFGXO2a2cDYBchLkL6vQiFPshxvUsLtwxuy/qdYgy
X6ya+AUoZcoQGy1XxNjfH6cPtWSWQGEp1oPR6vL9hU3laTZb3C+VV4jZem+he8/0
V+qV6fLG92WTXm2hmf8nrtUqqJ+C7mW/RJod+TviviBadIX0OHXW7k5HVsZood01
te8vMRUNJNiZfa9EMIK5oncbQn0LcM3Wo9VrjpL7jREb/4HCS2gswYGv7hzk9cCS
kVY4rDucchKbApuI3kfzmO7GFOF5eiSkYZpY/czNn7VVM3WCu6dpOX4+3rhgrZQw
kY14L930DaLVRUgve/zKVP2D2GHdEOs+MbV7s96UgigT9pXly/yHPj+1sSYqmnaD
5b7jSeJusmzO/nrwXVGLsnezR87VzHl9Ux9g5s6zh+R+PrZuVxYsLvoUpaasH47O
gIcBzSb/6pSGZKAUizmYsHsR1k88dAvsQ+FsUDaNokdi9VndEB4QPmiFmjyLV+0I
1TFoXop4sW11NPz1YCq+IxnYrEaIN3PyhY0GvBJDFY1/AgMBAAGgADANBgkqhkiG
9w0BAQsFAAOCAgEActuqnqS8Y9UF7e08w7tR3FPzGecWreuvxILrlFEZJxiLPFqL
It7uJvtypCVQvz6UQzKdBYO7tMpRaWViB8DrWzXNZjLMrg+QHcpveg8C0Ett4scG
fnvLk6fTDFYrnGvwHTqiHos5i0y3bFLyS1BGwSpdLAykGtvC+VM8mRyw/Y7CPcKN
77kebY/9xduW1g2uxWLr0x90RuQDv9psPojT+59tRLGSp5Kt0IeD3QtnAZEFE4aN
vt+Pd69eg3BgZ8ZeDgoqAw3yppvOkpAFiE5pw2qPZaM4SRphl4d2Lek2zNIMyZqv
do5zh356HOgXtDaSg0POnRGrN/Ua+LMCRTg6GEPUnx9uQb/zt8Zu0hIexDGyykp1
OGqtWlv/Nc8UYuS38v0BeB6bMPeoqQUjkqs8nHlAEFn0KlgYdtDC+7SdQx6wS4te
dBKRNDfC4lS3jYJgs55jHqonZgkpSi3bamlxpfpW0ukGBcmq91wRe4bOw/4uD/vf
UwqMWOdCYcU3mdYNjTWy22ORW3SGFQxMBwpUEURCSoeqWr6aJeQ7KAYkx1PrB5T8
OTEc13lWf+B0PU9UJuGTsmpIuImPDVd0EVDayr3mT5dDbqTVDbe8ppf2IswABmf0
o3DybUeUmknYjl109rdSf+76nuREICHatxXgN3xCMFuBaN4WLO+ksd6Y1Ys=
-----END CERTIFICATE REQUEST-----
`,
commonName: "test.my.domain",
}, {
dependsOn: [admin],
});
import pulumi
import pulumi_vault as vault
test = vault.pki_secret.SecretBackendSign("test",
backend=pki["path"],
name=admin["name"],
csr="""-----BEGIN CERTIFICATE REQUEST-----
MIIEqDCCApACAQAwYzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEcMBoGA1UEAwwTY2Vy
dC50ZXN0Lm15LmRvbWFpbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
AJupYCQ8UVCWII1Zof1c6YcSSaM9hEaDU78cfKP5RoSeH10BvrWRfT+mzCONVpNP
CW9Iabtvk6hm0ot6ilnndEyVJbc0g7hdDLBX5BM25D+DGZGJRKUz1V+uBrWmXtIt
Vonj7JTDTe7ViH0GDsB7CvqXFGXO2a2cDYBchLkL6vQiFPshxvUsLtwxuy/qdYgy
X6ya+AUoZcoQGy1XxNjfH6cPtWSWQGEp1oPR6vL9hU3laTZb3C+VV4jZem+he8/0
V+qV6fLG92WTXm2hmf8nrtUqqJ+C7mW/RJod+TviviBadIX0OHXW7k5HVsZood01
te8vMRUNJNiZfa9EMIK5oncbQn0LcM3Wo9VrjpL7jREb/4HCS2gswYGv7hzk9cCS
kVY4rDucchKbApuI3kfzmO7GFOF5eiSkYZpY/czNn7VVM3WCu6dpOX4+3rhgrZQw
kY14L930DaLVRUgve/zKVP2D2GHdEOs+MbV7s96UgigT9pXly/yHPj+1sSYqmnaD
5b7jSeJusmzO/nrwXVGLsnezR87VzHl9Ux9g5s6zh+R+PrZuVxYsLvoUpaasH47O
gIcBzSb/6pSGZKAUizmYsHsR1k88dAvsQ+FsUDaNokdi9VndEB4QPmiFmjyLV+0I
1TFoXop4sW11NPz1YCq+IxnYrEaIN3PyhY0GvBJDFY1/AgMBAAGgADANBgkqhkiG
9w0BAQsFAAOCAgEActuqnqS8Y9UF7e08w7tR3FPzGecWreuvxILrlFEZJxiLPFqL
It7uJvtypCVQvz6UQzKdBYO7tMpRaWViB8DrWzXNZjLMrg+QHcpveg8C0Ett4scG
fnvLk6fTDFYrnGvwHTqiHos5i0y3bFLyS1BGwSpdLAykGtvC+VM8mRyw/Y7CPcKN
77kebY/9xduW1g2uxWLr0x90RuQDv9psPojT+59tRLGSp5Kt0IeD3QtnAZEFE4aN
vt+Pd69eg3BgZ8ZeDgoqAw3yppvOkpAFiE5pw2qPZaM4SRphl4d2Lek2zNIMyZqv
do5zh356HOgXtDaSg0POnRGrN/Ua+LMCRTg6GEPUnx9uQb/zt8Zu0hIexDGyykp1
OGqtWlv/Nc8UYuS38v0BeB6bMPeoqQUjkqs8nHlAEFn0KlgYdtDC+7SdQx6wS4te
dBKRNDfC4lS3jYJgs55jHqonZgkpSi3bamlxpfpW0ukGBcmq91wRe4bOw/4uD/vf
UwqMWOdCYcU3mdYNjTWy22ORW3SGFQxMBwpUEURCSoeqWr6aJeQ7KAYkx1PrB5T8
OTEc13lWf+B0PU9UJuGTsmpIuImPDVd0EVDayr3mT5dDbqTVDbe8ppf2IswABmf0
o3DybUeUmknYjl109rdSf+76nuREICHatxXgN3xCMFuBaN4WLO+ksd6Y1Ys=
-----END CERTIFICATE REQUEST-----
""",
common_name="test.my.domain",
opts = pulumi.ResourceOptions(depends_on=[admin]))
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/pkiSecret"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := pkiSecret.NewSecretBackendSign(ctx, "test", &pkiSecret.SecretBackendSignArgs{
Backend: pulumi.Any(pki.Path),
Name: pulumi.Any(admin.Name),
Csr: pulumi.String(`-----BEGIN CERTIFICATE REQUEST-----
MIIEqDCCApACAQAwYzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEcMBoGA1UEAwwTY2Vy
dC50ZXN0Lm15LmRvbWFpbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
AJupYCQ8UVCWII1Zof1c6YcSSaM9hEaDU78cfKP5RoSeH10BvrWRfT+mzCONVpNP
CW9Iabtvk6hm0ot6ilnndEyVJbc0g7hdDLBX5BM25D+DGZGJRKUz1V+uBrWmXtIt
Vonj7JTDTe7ViH0GDsB7CvqXFGXO2a2cDYBchLkL6vQiFPshxvUsLtwxuy/qdYgy
X6ya+AUoZcoQGy1XxNjfH6cPtWSWQGEp1oPR6vL9hU3laTZb3C+VV4jZem+he8/0
V+qV6fLG92WTXm2hmf8nrtUqqJ+C7mW/RJod+TviviBadIX0OHXW7k5HVsZood01
te8vMRUNJNiZfa9EMIK5oncbQn0LcM3Wo9VrjpL7jREb/4HCS2gswYGv7hzk9cCS
kVY4rDucchKbApuI3kfzmO7GFOF5eiSkYZpY/czNn7VVM3WCu6dpOX4+3rhgrZQw
kY14L930DaLVRUgve/zKVP2D2GHdEOs+MbV7s96UgigT9pXly/yHPj+1sSYqmnaD
5b7jSeJusmzO/nrwXVGLsnezR87VzHl9Ux9g5s6zh+R+PrZuVxYsLvoUpaasH47O
gIcBzSb/6pSGZKAUizmYsHsR1k88dAvsQ+FsUDaNokdi9VndEB4QPmiFmjyLV+0I
1TFoXop4sW11NPz1YCq+IxnYrEaIN3PyhY0GvBJDFY1/AgMBAAGgADANBgkqhkiG
9w0BAQsFAAOCAgEActuqnqS8Y9UF7e08w7tR3FPzGecWreuvxILrlFEZJxiLPFqL
It7uJvtypCVQvz6UQzKdBYO7tMpRaWViB8DrWzXNZjLMrg+QHcpveg8C0Ett4scG
fnvLk6fTDFYrnGvwHTqiHos5i0y3bFLyS1BGwSpdLAykGtvC+VM8mRyw/Y7CPcKN
77kebY/9xduW1g2uxWLr0x90RuQDv9psPojT+59tRLGSp5Kt0IeD3QtnAZEFE4aN
vt+Pd69eg3BgZ8ZeDgoqAw3yppvOkpAFiE5pw2qPZaM4SRphl4d2Lek2zNIMyZqv
do5zh356HOgXtDaSg0POnRGrN/Ua+LMCRTg6GEPUnx9uQb/zt8Zu0hIexDGyykp1
OGqtWlv/Nc8UYuS38v0BeB6bMPeoqQUjkqs8nHlAEFn0KlgYdtDC+7SdQx6wS4te
dBKRNDfC4lS3jYJgs55jHqonZgkpSi3bamlxpfpW0ukGBcmq91wRe4bOw/4uD/vf
UwqMWOdCYcU3mdYNjTWy22ORW3SGFQxMBwpUEURCSoeqWr6aJeQ7KAYkx1PrB5T8
OTEc13lWf+B0PU9UJuGTsmpIuImPDVd0EVDayr3mT5dDbqTVDbe8ppf2IswABmf0
o3DybUeUmknYjl109rdSf+76nuREICHatxXgN3xCMFuBaN4WLO+ksd6Y1Ys=
-----END CERTIFICATE REQUEST-----
`),
CommonName: pulumi.String("test.my.domain"),
}, pulumi.DependsOn([]pulumi.Resource{
admin,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var test = new Vault.PkiSecret.SecretBackendSign("test", new()
{
Backend = pki.Path,
Name = admin.Name,
Csr = @"-----BEGIN CERTIFICATE REQUEST-----
MIIEqDCCApACAQAwYzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEcMBoGA1UEAwwTY2Vy
dC50ZXN0Lm15LmRvbWFpbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
AJupYCQ8UVCWII1Zof1c6YcSSaM9hEaDU78cfKP5RoSeH10BvrWRfT+mzCONVpNP
CW9Iabtvk6hm0ot6ilnndEyVJbc0g7hdDLBX5BM25D+DGZGJRKUz1V+uBrWmXtIt
Vonj7JTDTe7ViH0GDsB7CvqXFGXO2a2cDYBchLkL6vQiFPshxvUsLtwxuy/qdYgy
X6ya+AUoZcoQGy1XxNjfH6cPtWSWQGEp1oPR6vL9hU3laTZb3C+VV4jZem+he8/0
V+qV6fLG92WTXm2hmf8nrtUqqJ+C7mW/RJod+TviviBadIX0OHXW7k5HVsZood01
te8vMRUNJNiZfa9EMIK5oncbQn0LcM3Wo9VrjpL7jREb/4HCS2gswYGv7hzk9cCS
kVY4rDucchKbApuI3kfzmO7GFOF5eiSkYZpY/czNn7VVM3WCu6dpOX4+3rhgrZQw
kY14L930DaLVRUgve/zKVP2D2GHdEOs+MbV7s96UgigT9pXly/yHPj+1sSYqmnaD
5b7jSeJusmzO/nrwXVGLsnezR87VzHl9Ux9g5s6zh+R+PrZuVxYsLvoUpaasH47O
gIcBzSb/6pSGZKAUizmYsHsR1k88dAvsQ+FsUDaNokdi9VndEB4QPmiFmjyLV+0I
1TFoXop4sW11NPz1YCq+IxnYrEaIN3PyhY0GvBJDFY1/AgMBAAGgADANBgkqhkiG
9w0BAQsFAAOCAgEActuqnqS8Y9UF7e08w7tR3FPzGecWreuvxILrlFEZJxiLPFqL
It7uJvtypCVQvz6UQzKdBYO7tMpRaWViB8DrWzXNZjLMrg+QHcpveg8C0Ett4scG
fnvLk6fTDFYrnGvwHTqiHos5i0y3bFLyS1BGwSpdLAykGtvC+VM8mRyw/Y7CPcKN
77kebY/9xduW1g2uxWLr0x90RuQDv9psPojT+59tRLGSp5Kt0IeD3QtnAZEFE4aN
vt+Pd69eg3BgZ8ZeDgoqAw3yppvOkpAFiE5pw2qPZaM4SRphl4d2Lek2zNIMyZqv
do5zh356HOgXtDaSg0POnRGrN/Ua+LMCRTg6GEPUnx9uQb/zt8Zu0hIexDGyykp1
OGqtWlv/Nc8UYuS38v0BeB6bMPeoqQUjkqs8nHlAEFn0KlgYdtDC+7SdQx6wS4te
dBKRNDfC4lS3jYJgs55jHqonZgkpSi3bamlxpfpW0ukGBcmq91wRe4bOw/4uD/vf
UwqMWOdCYcU3mdYNjTWy22ORW3SGFQxMBwpUEURCSoeqWr6aJeQ7KAYkx1PrB5T8
OTEc13lWf+B0PU9UJuGTsmpIuImPDVd0EVDayr3mT5dDbqTVDbe8ppf2IswABmf0
o3DybUeUmknYjl109rdSf+76nuREICHatxXgN3xCMFuBaN4WLO+ksd6Y1Ys=
-----END CERTIFICATE REQUEST-----
",
CommonName = "test.my.domain",
}, new CustomResourceOptions
{
DependsOn =
{
admin,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.pkiSecret.SecretBackendSign;
import com.pulumi.vault.pkiSecret.SecretBackendSignArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new SecretBackendSign("test", SecretBackendSignArgs.builder()
.backend(pki.path())
.name(admin.name())
.csr("""
-----BEGIN CERTIFICATE REQUEST-----
MIIEqDCCApACAQAwYzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEcMBoGA1UEAwwTY2Vy
dC50ZXN0Lm15LmRvbWFpbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
AJupYCQ8UVCWII1Zof1c6YcSSaM9hEaDU78cfKP5RoSeH10BvrWRfT+mzCONVpNP
CW9Iabtvk6hm0ot6ilnndEyVJbc0g7hdDLBX5BM25D+DGZGJRKUz1V+uBrWmXtIt
Vonj7JTDTe7ViH0GDsB7CvqXFGXO2a2cDYBchLkL6vQiFPshxvUsLtwxuy/qdYgy
X6ya+AUoZcoQGy1XxNjfH6cPtWSWQGEp1oPR6vL9hU3laTZb3C+VV4jZem+he8/0
V+qV6fLG92WTXm2hmf8nrtUqqJ+C7mW/RJod+TviviBadIX0OHXW7k5HVsZood01
te8vMRUNJNiZfa9EMIK5oncbQn0LcM3Wo9VrjpL7jREb/4HCS2gswYGv7hzk9cCS
kVY4rDucchKbApuI3kfzmO7GFOF5eiSkYZpY/czNn7VVM3WCu6dpOX4+3rhgrZQw
kY14L930DaLVRUgve/zKVP2D2GHdEOs+MbV7s96UgigT9pXly/yHPj+1sSYqmnaD
5b7jSeJusmzO/nrwXVGLsnezR87VzHl9Ux9g5s6zh+R+PrZuVxYsLvoUpaasH47O
gIcBzSb/6pSGZKAUizmYsHsR1k88dAvsQ+FsUDaNokdi9VndEB4QPmiFmjyLV+0I
1TFoXop4sW11NPz1YCq+IxnYrEaIN3PyhY0GvBJDFY1/AgMBAAGgADANBgkqhkiG
9w0BAQsFAAOCAgEActuqnqS8Y9UF7e08w7tR3FPzGecWreuvxILrlFEZJxiLPFqL
It7uJvtypCVQvz6UQzKdBYO7tMpRaWViB8DrWzXNZjLMrg+QHcpveg8C0Ett4scG
fnvLk6fTDFYrnGvwHTqiHos5i0y3bFLyS1BGwSpdLAykGtvC+VM8mRyw/Y7CPcKN
77kebY/9xduW1g2uxWLr0x90RuQDv9psPojT+59tRLGSp5Kt0IeD3QtnAZEFE4aN
vt+Pd69eg3BgZ8ZeDgoqAw3yppvOkpAFiE5pw2qPZaM4SRphl4d2Lek2zNIMyZqv
do5zh356HOgXtDaSg0POnRGrN/Ua+LMCRTg6GEPUnx9uQb/zt8Zu0hIexDGyykp1
OGqtWlv/Nc8UYuS38v0BeB6bMPeoqQUjkqs8nHlAEFn0KlgYdtDC+7SdQx6wS4te
dBKRNDfC4lS3jYJgs55jHqonZgkpSi3bamlxpfpW0ukGBcmq91wRe4bOw/4uD/vf
UwqMWOdCYcU3mdYNjTWy22ORW3SGFQxMBwpUEURCSoeqWr6aJeQ7KAYkx1PrB5T8
OTEc13lWf+B0PU9UJuGTsmpIuImPDVd0EVDayr3mT5dDbqTVDbe8ppf2IswABmf0
o3DybUeUmknYjl109rdSf+76nuREICHatxXgN3xCMFuBaN4WLO+ksd6Y1Ys=
-----END CERTIFICATE REQUEST-----
""")
.commonName("test.my.domain")
.build(), CustomResourceOptions.builder()
.dependsOn(admin)
.build());
}
}
resources:
test:
type: vault:pkiSecret:SecretBackendSign
properties:
backend: ${pki.path}
name: ${admin.name}
csr: |
-----BEGIN CERTIFICATE REQUEST-----
MIIEqDCCApACAQAwYzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEcMBoGA1UEAwwTY2Vy
dC50ZXN0Lm15LmRvbWFpbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
AJupYCQ8UVCWII1Zof1c6YcSSaM9hEaDU78cfKP5RoSeH10BvrWRfT+mzCONVpNP
CW9Iabtvk6hm0ot6ilnndEyVJbc0g7hdDLBX5BM25D+DGZGJRKUz1V+uBrWmXtIt
Vonj7JTDTe7ViH0GDsB7CvqXFGXO2a2cDYBchLkL6vQiFPshxvUsLtwxuy/qdYgy
X6ya+AUoZcoQGy1XxNjfH6cPtWSWQGEp1oPR6vL9hU3laTZb3C+VV4jZem+he8/0
V+qV6fLG92WTXm2hmf8nrtUqqJ+C7mW/RJod+TviviBadIX0OHXW7k5HVsZood01
te8vMRUNJNiZfa9EMIK5oncbQn0LcM3Wo9VrjpL7jREb/4HCS2gswYGv7hzk9cCS
kVY4rDucchKbApuI3kfzmO7GFOF5eiSkYZpY/czNn7VVM3WCu6dpOX4+3rhgrZQw
kY14L930DaLVRUgve/zKVP2D2GHdEOs+MbV7s96UgigT9pXly/yHPj+1sSYqmnaD
5b7jSeJusmzO/nrwXVGLsnezR87VzHl9Ux9g5s6zh+R+PrZuVxYsLvoUpaasH47O
gIcBzSb/6pSGZKAUizmYsHsR1k88dAvsQ+FsUDaNokdi9VndEB4QPmiFmjyLV+0I
1TFoXop4sW11NPz1YCq+IxnYrEaIN3PyhY0GvBJDFY1/AgMBAAGgADANBgkqhkiG
9w0BAQsFAAOCAgEActuqnqS8Y9UF7e08w7tR3FPzGecWreuvxILrlFEZJxiLPFqL
It7uJvtypCVQvz6UQzKdBYO7tMpRaWViB8DrWzXNZjLMrg+QHcpveg8C0Ett4scG
fnvLk6fTDFYrnGvwHTqiHos5i0y3bFLyS1BGwSpdLAykGtvC+VM8mRyw/Y7CPcKN
77kebY/9xduW1g2uxWLr0x90RuQDv9psPojT+59tRLGSp5Kt0IeD3QtnAZEFE4aN
vt+Pd69eg3BgZ8ZeDgoqAw3yppvOkpAFiE5pw2qPZaM4SRphl4d2Lek2zNIMyZqv
do5zh356HOgXtDaSg0POnRGrN/Ua+LMCRTg6GEPUnx9uQb/zt8Zu0hIexDGyykp1
OGqtWlv/Nc8UYuS38v0BeB6bMPeoqQUjkqs8nHlAEFn0KlgYdtDC+7SdQx6wS4te
dBKRNDfC4lS3jYJgs55jHqonZgkpSi3bamlxpfpW0ukGBcmq91wRe4bOw/4uD/vf
UwqMWOdCYcU3mdYNjTWy22ORW3SGFQxMBwpUEURCSoeqWr6aJeQ7KAYkx1PrB5T8
OTEc13lWf+B0PU9UJuGTsmpIuImPDVd0EVDayr3mT5dDbqTVDbe8ppf2IswABmf0
o3DybUeUmknYjl109rdSf+76nuREICHatxXgN3xCMFuBaN4WLO+ksd6Y1Ys=
-----END CERTIFICATE REQUEST-----
commonName: test.my.domain
options:
dependson:
- ${admin}
Create SecretBackendSign Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecretBackendSign(name: string, args: SecretBackendSignArgs, opts?: CustomResourceOptions);
@overload
def SecretBackendSign(resource_name: str,
args: SecretBackendSignArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecretBackendSign(resource_name: str,
opts: Optional[ResourceOptions] = None,
common_name: Optional[str] = None,
csr: Optional[str] = None,
backend: Optional[str] = None,
format: Optional[str] = None,
auto_renew: Optional[bool] = None,
exclude_cn_from_sans: Optional[bool] = None,
alt_names: Optional[Sequence[str]] = None,
ip_sans: Optional[Sequence[str]] = None,
issuer_ref: Optional[str] = None,
min_seconds_remaining: Optional[int] = None,
name: Optional[str] = None,
namespace: Optional[str] = None,
other_sans: Optional[Sequence[str]] = None,
ttl: Optional[str] = None,
uri_sans: Optional[Sequence[str]] = None)
func NewSecretBackendSign(ctx *Context, name string, args SecretBackendSignArgs, opts ...ResourceOption) (*SecretBackendSign, error)
public SecretBackendSign(string name, SecretBackendSignArgs args, CustomResourceOptions? opts = null)
public SecretBackendSign(String name, SecretBackendSignArgs args)
public SecretBackendSign(String name, SecretBackendSignArgs args, CustomResourceOptions options)
type: vault:pkiSecret:SecretBackendSign
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecretBackendSignArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecretBackendSignArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecretBackendSignArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecretBackendSignArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecretBackendSignArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var secretBackendSignResource = new Vault.PkiSecret.SecretBackendSign("secretBackendSignResource", new()
{
CommonName = "string",
Csr = "string",
Backend = "string",
Format = "string",
AutoRenew = false,
ExcludeCnFromSans = false,
AltNames = new[]
{
"string",
},
IpSans = new[]
{
"string",
},
IssuerRef = "string",
MinSecondsRemaining = 0,
Name = "string",
Namespace = "string",
OtherSans = new[]
{
"string",
},
Ttl = "string",
UriSans = new[]
{
"string",
},
});
example, err := pkiSecret.NewSecretBackendSign(ctx, "secretBackendSignResource", &pkiSecret.SecretBackendSignArgs{
CommonName: pulumi.String("string"),
Csr: pulumi.String("string"),
Backend: pulumi.String("string"),
Format: pulumi.String("string"),
AutoRenew: pulumi.Bool(false),
ExcludeCnFromSans: pulumi.Bool(false),
AltNames: pulumi.StringArray{
pulumi.String("string"),
},
IpSans: pulumi.StringArray{
pulumi.String("string"),
},
IssuerRef: pulumi.String("string"),
MinSecondsRemaining: pulumi.Int(0),
Name: pulumi.String("string"),
Namespace: pulumi.String("string"),
OtherSans: pulumi.StringArray{
pulumi.String("string"),
},
Ttl: pulumi.String("string"),
UriSans: pulumi.StringArray{
pulumi.String("string"),
},
})
var secretBackendSignResource = new SecretBackendSign("secretBackendSignResource", SecretBackendSignArgs.builder()
.commonName("string")
.csr("string")
.backend("string")
.format("string")
.autoRenew(false)
.excludeCnFromSans(false)
.altNames("string")
.ipSans("string")
.issuerRef("string")
.minSecondsRemaining(0)
.name("string")
.namespace("string")
.otherSans("string")
.ttl("string")
.uriSans("string")
.build());
secret_backend_sign_resource = vault.pki_secret.SecretBackendSign("secretBackendSignResource",
common_name="string",
csr="string",
backend="string",
format="string",
auto_renew=False,
exclude_cn_from_sans=False,
alt_names=["string"],
ip_sans=["string"],
issuer_ref="string",
min_seconds_remaining=0,
name="string",
namespace="string",
other_sans=["string"],
ttl="string",
uri_sans=["string"])
const secretBackendSignResource = new vault.pkisecret.SecretBackendSign("secretBackendSignResource", {
commonName: "string",
csr: "string",
backend: "string",
format: "string",
autoRenew: false,
excludeCnFromSans: false,
altNames: ["string"],
ipSans: ["string"],
issuerRef: "string",
minSecondsRemaining: 0,
name: "string",
namespace: "string",
otherSans: ["string"],
ttl: "string",
uriSans: ["string"],
});
type: vault:pkiSecret:SecretBackendSign
properties:
altNames:
- string
autoRenew: false
backend: string
commonName: string
csr: string
excludeCnFromSans: false
format: string
ipSans:
- string
issuerRef: string
minSecondsRemaining: 0
name: string
namespace: string
otherSans:
- string
ttl: string
uriSans:
- string
SecretBackendSign Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecretBackendSign resource accepts the following input properties:
- Backend string
- The PKI secret backend the resource belongs to.
- Common
Name string - CN of certificate to create
- Csr string
- The CSR
- Alt
Names List<string> - List of alternative names
- Auto
Renew bool - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- Exclude
Cn boolFrom Sans - Flag to exclude CN from SANs
- Format string
- The format of data
- Ip
Sans List<string> - List of alternative IPs
- Issuer
Ref string - Specifies the default issuer of this request. Can
be the value
default
, a name, or an issuer ID. Use ACLs to prevent access to the/pki/issuer/:issuer_ref/{issue,sign}/:name
paths to prevent users overriding the role'sissuer_ref
value. - Min
Seconds intRemaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- Name string
- Name of the role to create the certificate against
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Other
Sans List<string> - List of other SANs
- Ttl string
- Time to live
- Uri
Sans List<string> - List of alternative URIs
- Backend string
- The PKI secret backend the resource belongs to.
- Common
Name string - CN of certificate to create
- Csr string
- The CSR
- Alt
Names []string - List of alternative names
- Auto
Renew bool - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- Exclude
Cn boolFrom Sans - Flag to exclude CN from SANs
- Format string
- The format of data
- Ip
Sans []string - List of alternative IPs
- Issuer
Ref string - Specifies the default issuer of this request. Can
be the value
default
, a name, or an issuer ID. Use ACLs to prevent access to the/pki/issuer/:issuer_ref/{issue,sign}/:name
paths to prevent users overriding the role'sissuer_ref
value. - Min
Seconds intRemaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- Name string
- Name of the role to create the certificate against
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Other
Sans []string - List of other SANs
- Ttl string
- Time to live
- Uri
Sans []string - List of alternative URIs
- backend String
- The PKI secret backend the resource belongs to.
- common
Name String - CN of certificate to create
- csr String
- The CSR
- alt
Names List<String> - List of alternative names
- auto
Renew Boolean - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- exclude
Cn BooleanFrom Sans - Flag to exclude CN from SANs
- format String
- The format of data
- ip
Sans List<String> - List of alternative IPs
- issuer
Ref String - Specifies the default issuer of this request. Can
be the value
default
, a name, or an issuer ID. Use ACLs to prevent access to the/pki/issuer/:issuer_ref/{issue,sign}/:name
paths to prevent users overriding the role'sissuer_ref
value. - min
Seconds IntegerRemaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- name String
- Name of the role to create the certificate against
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - other
Sans List<String> - List of other SANs
- ttl String
- Time to live
- uri
Sans List<String> - List of alternative URIs
- backend string
- The PKI secret backend the resource belongs to.
- common
Name string - CN of certificate to create
- csr string
- The CSR
- alt
Names string[] - List of alternative names
- auto
Renew boolean - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- exclude
Cn booleanFrom Sans - Flag to exclude CN from SANs
- format string
- The format of data
- ip
Sans string[] - List of alternative IPs
- issuer
Ref string - Specifies the default issuer of this request. Can
be the value
default
, a name, or an issuer ID. Use ACLs to prevent access to the/pki/issuer/:issuer_ref/{issue,sign}/:name
paths to prevent users overriding the role'sissuer_ref
value. - min
Seconds numberRemaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- name string
- Name of the role to create the certificate against
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - other
Sans string[] - List of other SANs
- ttl string
- Time to live
- uri
Sans string[] - List of alternative URIs
- backend str
- The PKI secret backend the resource belongs to.
- common_
name str - CN of certificate to create
- csr str
- The CSR
- alt_
names Sequence[str] - List of alternative names
- auto_
renew bool - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- exclude_
cn_ boolfrom_ sans - Flag to exclude CN from SANs
- format str
- The format of data
- ip_
sans Sequence[str] - List of alternative IPs
- issuer_
ref str - Specifies the default issuer of this request. Can
be the value
default
, a name, or an issuer ID. Use ACLs to prevent access to the/pki/issuer/:issuer_ref/{issue,sign}/:name
paths to prevent users overriding the role'sissuer_ref
value. - min_
seconds_ intremaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- name str
- Name of the role to create the certificate against
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - other_
sans Sequence[str] - List of other SANs
- ttl str
- Time to live
- uri_
sans Sequence[str] - List of alternative URIs
- backend String
- The PKI secret backend the resource belongs to.
- common
Name String - CN of certificate to create
- csr String
- The CSR
- alt
Names List<String> - List of alternative names
- auto
Renew Boolean - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- exclude
Cn BooleanFrom Sans - Flag to exclude CN from SANs
- format String
- The format of data
- ip
Sans List<String> - List of alternative IPs
- issuer
Ref String - Specifies the default issuer of this request. Can
be the value
default
, a name, or an issuer ID. Use ACLs to prevent access to the/pki/issuer/:issuer_ref/{issue,sign}/:name
paths to prevent users overriding the role'sissuer_ref
value. - min
Seconds NumberRemaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- name String
- Name of the role to create the certificate against
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - other
Sans List<String> - List of other SANs
- ttl String
- Time to live
- uri
Sans List<String> - List of alternative URIs
Outputs
All input properties are implicitly available as output properties. Additionally, the SecretBackendSign resource produces the following output properties:
- Ca
Chains List<string> - The CA chain
- Certificate string
- The certificate
- Expiration int
- The expiration date of the certificate in unix epoch format
- Id string
- The provider-assigned unique ID for this managed resource.
- Issuing
Ca string - The issuing CA
- Renew
Pending bool true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- Serial
Number string - The certificate's serial number, hex formatted.
- Ca
Chains []string - The CA chain
- Certificate string
- The certificate
- Expiration int
- The expiration date of the certificate in unix epoch format
- Id string
- The provider-assigned unique ID for this managed resource.
- Issuing
Ca string - The issuing CA
- Renew
Pending bool true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- Serial
Number string - The certificate's serial number, hex formatted.
- ca
Chains List<String> - The CA chain
- certificate String
- The certificate
- expiration Integer
- The expiration date of the certificate in unix epoch format
- id String
- The provider-assigned unique ID for this managed resource.
- issuing
Ca String - The issuing CA
- renew
Pending Boolean true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- serial
Number String - The certificate's serial number, hex formatted.
- ca
Chains string[] - The CA chain
- certificate string
- The certificate
- expiration number
- The expiration date of the certificate in unix epoch format
- id string
- The provider-assigned unique ID for this managed resource.
- issuing
Ca string - The issuing CA
- renew
Pending boolean true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- serial
Number string - The certificate's serial number, hex formatted.
- ca_
chains Sequence[str] - The CA chain
- certificate str
- The certificate
- expiration int
- The expiration date of the certificate in unix epoch format
- id str
- The provider-assigned unique ID for this managed resource.
- issuing_
ca str - The issuing CA
- renew_
pending bool true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- serial_
number str - The certificate's serial number, hex formatted.
- ca
Chains List<String> - The CA chain
- certificate String
- The certificate
- expiration Number
- The expiration date of the certificate in unix epoch format
- id String
- The provider-assigned unique ID for this managed resource.
- issuing
Ca String - The issuing CA
- renew
Pending Boolean true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- serial
Number String - The certificate's serial number, hex formatted.
Look up Existing SecretBackendSign Resource
Get an existing SecretBackendSign resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecretBackendSignState, opts?: CustomResourceOptions): SecretBackendSign
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
alt_names: Optional[Sequence[str]] = None,
auto_renew: Optional[bool] = None,
backend: Optional[str] = None,
ca_chains: Optional[Sequence[str]] = None,
certificate: Optional[str] = None,
common_name: Optional[str] = None,
csr: Optional[str] = None,
exclude_cn_from_sans: Optional[bool] = None,
expiration: Optional[int] = None,
format: Optional[str] = None,
ip_sans: Optional[Sequence[str]] = None,
issuer_ref: Optional[str] = None,
issuing_ca: Optional[str] = None,
min_seconds_remaining: Optional[int] = None,
name: Optional[str] = None,
namespace: Optional[str] = None,
other_sans: Optional[Sequence[str]] = None,
renew_pending: Optional[bool] = None,
serial_number: Optional[str] = None,
ttl: Optional[str] = None,
uri_sans: Optional[Sequence[str]] = None) -> SecretBackendSign
func GetSecretBackendSign(ctx *Context, name string, id IDInput, state *SecretBackendSignState, opts ...ResourceOption) (*SecretBackendSign, error)
public static SecretBackendSign Get(string name, Input<string> id, SecretBackendSignState? state, CustomResourceOptions? opts = null)
public static SecretBackendSign get(String name, Output<String> id, SecretBackendSignState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Alt
Names List<string> - List of alternative names
- Auto
Renew bool - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- Backend string
- The PKI secret backend the resource belongs to.
- Ca
Chains List<string> - The CA chain
- Certificate string
- The certificate
- Common
Name string - CN of certificate to create
- Csr string
- The CSR
- Exclude
Cn boolFrom Sans - Flag to exclude CN from SANs
- Expiration int
- The expiration date of the certificate in unix epoch format
- Format string
- The format of data
- Ip
Sans List<string> - List of alternative IPs
- Issuer
Ref string - Specifies the default issuer of this request. Can
be the value
default
, a name, or an issuer ID. Use ACLs to prevent access to the/pki/issuer/:issuer_ref/{issue,sign}/:name
paths to prevent users overriding the role'sissuer_ref
value. - Issuing
Ca string - The issuing CA
- Min
Seconds intRemaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- Name string
- Name of the role to create the certificate against
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Other
Sans List<string> - List of other SANs
- Renew
Pending bool true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- Serial
Number string - The certificate's serial number, hex formatted.
- Ttl string
- Time to live
- Uri
Sans List<string> - List of alternative URIs
- Alt
Names []string - List of alternative names
- Auto
Renew bool - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- Backend string
- The PKI secret backend the resource belongs to.
- Ca
Chains []string - The CA chain
- Certificate string
- The certificate
- Common
Name string - CN of certificate to create
- Csr string
- The CSR
- Exclude
Cn boolFrom Sans - Flag to exclude CN from SANs
- Expiration int
- The expiration date of the certificate in unix epoch format
- Format string
- The format of data
- Ip
Sans []string - List of alternative IPs
- Issuer
Ref string - Specifies the default issuer of this request. Can
be the value
default
, a name, or an issuer ID. Use ACLs to prevent access to the/pki/issuer/:issuer_ref/{issue,sign}/:name
paths to prevent users overriding the role'sissuer_ref
value. - Issuing
Ca string - The issuing CA
- Min
Seconds intRemaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- Name string
- Name of the role to create the certificate against
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Other
Sans []string - List of other SANs
- Renew
Pending bool true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- Serial
Number string - The certificate's serial number, hex formatted.
- Ttl string
- Time to live
- Uri
Sans []string - List of alternative URIs
- alt
Names List<String> - List of alternative names
- auto
Renew Boolean - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- backend String
- The PKI secret backend the resource belongs to.
- ca
Chains List<String> - The CA chain
- certificate String
- The certificate
- common
Name String - CN of certificate to create
- csr String
- The CSR
- exclude
Cn BooleanFrom Sans - Flag to exclude CN from SANs
- expiration Integer
- The expiration date of the certificate in unix epoch format
- format String
- The format of data
- ip
Sans List<String> - List of alternative IPs
- issuer
Ref String - Specifies the default issuer of this request. Can
be the value
default
, a name, or an issuer ID. Use ACLs to prevent access to the/pki/issuer/:issuer_ref/{issue,sign}/:name
paths to prevent users overriding the role'sissuer_ref
value. - issuing
Ca String - The issuing CA
- min
Seconds IntegerRemaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- name String
- Name of the role to create the certificate against
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - other
Sans List<String> - List of other SANs
- renew
Pending Boolean true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- serial
Number String - The certificate's serial number, hex formatted.
- ttl String
- Time to live
- uri
Sans List<String> - List of alternative URIs
- alt
Names string[] - List of alternative names
- auto
Renew boolean - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- backend string
- The PKI secret backend the resource belongs to.
- ca
Chains string[] - The CA chain
- certificate string
- The certificate
- common
Name string - CN of certificate to create
- csr string
- The CSR
- exclude
Cn booleanFrom Sans - Flag to exclude CN from SANs
- expiration number
- The expiration date of the certificate in unix epoch format
- format string
- The format of data
- ip
Sans string[] - List of alternative IPs
- issuer
Ref string - Specifies the default issuer of this request. Can
be the value
default
, a name, or an issuer ID. Use ACLs to prevent access to the/pki/issuer/:issuer_ref/{issue,sign}/:name
paths to prevent users overriding the role'sissuer_ref
value. - issuing
Ca string - The issuing CA
- min
Seconds numberRemaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- name string
- Name of the role to create the certificate against
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - other
Sans string[] - List of other SANs
- renew
Pending boolean true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- serial
Number string - The certificate's serial number, hex formatted.
- ttl string
- Time to live
- uri
Sans string[] - List of alternative URIs
- alt_
names Sequence[str] - List of alternative names
- auto_
renew bool - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- backend str
- The PKI secret backend the resource belongs to.
- ca_
chains Sequence[str] - The CA chain
- certificate str
- The certificate
- common_
name str - CN of certificate to create
- csr str
- The CSR
- exclude_
cn_ boolfrom_ sans - Flag to exclude CN from SANs
- expiration int
- The expiration date of the certificate in unix epoch format
- format str
- The format of data
- ip_
sans Sequence[str] - List of alternative IPs
- issuer_
ref str - Specifies the default issuer of this request. Can
be the value
default
, a name, or an issuer ID. Use ACLs to prevent access to the/pki/issuer/:issuer_ref/{issue,sign}/:name
paths to prevent users overriding the role'sissuer_ref
value. - issuing_
ca str - The issuing CA
- min_
seconds_ intremaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- name str
- Name of the role to create the certificate against
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - other_
sans Sequence[str] - List of other SANs
- renew_
pending bool true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- serial_
number str - The certificate's serial number, hex formatted.
- ttl str
- Time to live
- uri_
sans Sequence[str] - List of alternative URIs
- alt
Names List<String> - List of alternative names
- auto
Renew Boolean - If set to
true
, certs will be renewed if the expiration is withinmin_seconds_remaining
. Defaultfalse
- backend String
- The PKI secret backend the resource belongs to.
- ca
Chains List<String> - The CA chain
- certificate String
- The certificate
- common
Name String - CN of certificate to create
- csr String
- The CSR
- exclude
Cn BooleanFrom Sans - Flag to exclude CN from SANs
- expiration Number
- The expiration date of the certificate in unix epoch format
- format String
- The format of data
- ip
Sans List<String> - List of alternative IPs
- issuer
Ref String - Specifies the default issuer of this request. Can
be the value
default
, a name, or an issuer ID. Use ACLs to prevent access to the/pki/issuer/:issuer_ref/{issue,sign}/:name
paths to prevent users overriding the role'sissuer_ref
value. - issuing
Ca String - The issuing CA
- min
Seconds NumberRemaining - Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
- name String
- Name of the role to create the certificate against
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - other
Sans List<String> - List of other SANs
- renew
Pending Boolean true
if the current time (during refresh) is after the start of the early renewal window declared bymin_seconds_remaining
, andfalse
otherwise; ifauto_renew
is set totrue
then the provider will plan to replace the certificate once renewal is pending.- serial
Number String - The certificate's serial number, hex formatted.
- ttl String
- Time to live
- uri
Sans List<String> - List of alternative URIs
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vault
Terraform Provider.