1. Packages
  2. Azure Active Directory (Azure AD)
  3. API Docs
  4. ApplicationCertificate
Azure Active Directory (Azure AD) v5.47.2 published on Tuesday, Feb 27, 2024 by Pulumi

azuread.ApplicationCertificate

Explore with Pulumi AI

azuread logo
Azure Active Directory (Azure AD) v5.47.2 published on Tuesday, Feb 27, 2024 by Pulumi

    Import

    Certificates can be imported using the object ID of the associated application and the key ID of the certificate credential, e.g.

    $ pulumi import azuread:index/applicationCertificate:ApplicationCertificate example 00000000-0000-0000-0000-000000000000/certificate/11111111-1111-1111-1111-111111111111
    

    -> This ID format is unique to Terraform and is composed of the application’s object ID, the string “certificate” and the certificate’s key ID in the format {ObjectId}/certificate/{CertificateKeyId}.

    Example Usage

    Using a PEM certificate

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureAD = Pulumi.AzureAD;
    using Std = Pulumi.Std;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new AzureAD.ApplicationRegistration("example", new()
        {
            DisplayName = "example",
        });
    
        var exampleApplicationCertificate = new AzureAD.ApplicationCertificate("example", new()
        {
            ApplicationId = example.Id,
            Type = "AsymmetricX509Cert",
            Value = Std.File.Invoke(new()
            {
                Input = "cert.pem",
            }).Apply(invoke => invoke.Result),
            EndDate = "2021-05-01T01:02:03Z",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
    	"github.com/pulumi/pulumi-std/sdk/go/std"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := azuread.NewApplicationRegistration(ctx, "example", &azuread.ApplicationRegistrationArgs{
    			DisplayName: pulumi.String("example"),
    		})
    		if err != nil {
    			return err
    		}
    		invokeFile, err := std.File(ctx, &std.FileArgs{
    			Input: "cert.pem",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = azuread.NewApplicationCertificate(ctx, "example", &azuread.ApplicationCertificateArgs{
    			ApplicationId: example.ID(),
    			Type:          pulumi.String("AsymmetricX509Cert"),
    			Value:         invokeFile.Result,
    			EndDate:       pulumi.String("2021-05-01T01:02:03Z"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azuread.ApplicationRegistration;
    import com.pulumi.azuread.ApplicationRegistrationArgs;
    import com.pulumi.azuread.ApplicationCertificate;
    import com.pulumi.azuread.ApplicationCertificateArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new ApplicationRegistration("example", ApplicationRegistrationArgs.builder()        
                .displayName("example")
                .build());
    
            var exampleApplicationCertificate = new ApplicationCertificate("exampleApplicationCertificate", ApplicationCertificateArgs.builder()        
                .applicationId(example.id())
                .type("AsymmetricX509Cert")
                .value(StdFunctions.file(FileArgs.builder()
                    .input("cert.pem")
                    .build()).result())
                .endDate("2021-05-01T01:02:03Z")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azuread as azuread
    import pulumi_std as std
    
    example = azuread.ApplicationRegistration("example", display_name="example")
    example_application_certificate = azuread.ApplicationCertificate("example",
        application_id=example.id,
        type="AsymmetricX509Cert",
        value=std.file(input="cert.pem").result,
        end_date="2021-05-01T01:02:03Z")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azuread from "@pulumi/azuread";
    import * as std from "@pulumi/std";
    
    const example = new azuread.ApplicationRegistration("example", {displayName: "example"});
    const exampleApplicationCertificate = new azuread.ApplicationCertificate("example", {
        applicationId: example.id,
        type: "AsymmetricX509Cert",
        value: std.file({
            input: "cert.pem",
        }).then(invoke => invoke.result),
        endDate: "2021-05-01T01:02:03Z",
    });
    
    resources:
      example:
        type: azuread:ApplicationRegistration
        properties:
          displayName: example
      exampleApplicationCertificate:
        type: azuread:ApplicationCertificate
        name: example
        properties:
          applicationId: ${example.id}
          type: AsymmetricX509Cert
          value:
            fn::invoke:
              Function: std:file
              Arguments:
                input: cert.pem
              Return: result
          endDate: 2021-05-01T01:02:03Z
    

    Using a DER certificate

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureAD = Pulumi.AzureAD;
    using Std = Pulumi.Std;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new AzureAD.ApplicationRegistration("example", new()
        {
            DisplayName = "example",
        });
    
        var exampleApplicationCertificate = new AzureAD.ApplicationCertificate("example", new()
        {
            ApplicationId = example.Id,
            Type = "AsymmetricX509Cert",
            Encoding = "base64",
            Value = Std.File.Invoke(new()
            {
                Input = "cert.der",
            }).Apply(invoke => Std.Base64encode.Invoke(new()
            {
                Input = invoke.Result,
            })).Apply(invoke => invoke.Result),
            EndDate = "2021-05-01T01:02:03Z",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
    	"github.com/pulumi/pulumi-std/sdk/go/std"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
    example, err := azuread.NewApplicationRegistration(ctx, "example", &azuread.ApplicationRegistrationArgs{
    DisplayName: pulumi.String("example"),
    })
    if err != nil {
    return err
    }
    invokeBase64encode, err := std.Base64encode(ctx, invokeFile1, err := std.File(ctx, &std.FileArgs{
    Input: "cert.der",
    }, nil)
    if err != nil {
    return err
    }
    &std.Base64encodeArgs{
    Input: invokeFile1.Result,
    }, nil)
    if err != nil {
    return err
    }
    _, err = azuread.NewApplicationCertificate(ctx, "example", &azuread.ApplicationCertificateArgs{
    ApplicationId: example.ID(),
    Type: pulumi.String("AsymmetricX509Cert"),
    Encoding: pulumi.String("base64"),
    Value: invokeBase64encode.Result,
    EndDate: pulumi.String("2021-05-01T01:02:03Z"),
    })
    if err != nil {
    return err
    }
    return nil
    })
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azuread.ApplicationRegistration;
    import com.pulumi.azuread.ApplicationRegistrationArgs;
    import com.pulumi.azuread.ApplicationCertificate;
    import com.pulumi.azuread.ApplicationCertificateArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new ApplicationRegistration("example", ApplicationRegistrationArgs.builder()        
                .displayName("example")
                .build());
    
            var exampleApplicationCertificate = new ApplicationCertificate("exampleApplicationCertificate", ApplicationCertificateArgs.builder()        
                .applicationId(example.id())
                .type("AsymmetricX509Cert")
                .encoding("base64")
                .value(StdFunctions.base64encode(Base64encodeArgs.builder()
                    .input(StdFunctions.file(FileArgs.builder()
                        .input("cert.der")
                        .build()).result())
                    .build()).result())
                .endDate("2021-05-01T01:02:03Z")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azuread as azuread
    import pulumi_std as std
    
    example = azuread.ApplicationRegistration("example", display_name="example")
    example_application_certificate = azuread.ApplicationCertificate("example",
        application_id=example.id,
        type="AsymmetricX509Cert",
        encoding="base64",
        value=std.base64encode(input=std.file(input="cert.der").result).result,
        end_date="2021-05-01T01:02:03Z")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azuread from "@pulumi/azuread";
    import * as std from "@pulumi/std";
    
    const example = new azuread.ApplicationRegistration("example", {displayName: "example"});
    const exampleApplicationCertificate = new azuread.ApplicationCertificate("example", {
        applicationId: example.id,
        type: "AsymmetricX509Cert",
        encoding: "base64",
        value: std.file({
            input: "cert.der",
        }).then(invoke => std.base64encode({
            input: invoke.result,
        })).then(invoke => invoke.result),
        endDate: "2021-05-01T01:02:03Z",
    });
    
    resources:
      example:
        type: azuread:ApplicationRegistration
        properties:
          displayName: example
      exampleApplicationCertificate:
        type: azuread:ApplicationCertificate
        name: example
        properties:
          applicationId: ${example.id}
          type: AsymmetricX509Cert
          encoding: base64
          value:
            fn::invoke:
              Function: std:base64encode
              Arguments:
                input:
                  fn::invoke:
                    Function: std:file
                    Arguments:
                      input: cert.der
                    Return: result
              Return: result
          endDate: 2021-05-01T01:02:03Z
    

    Using a certificate from Azure Key Vault

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    using AzureAD = Pulumi.AzureAD;
    
    return await Deployment.RunAsync(() => 
    {
        var exampleApplication = new AzureAD.Application("example", new()
        {
            DisplayName = "example",
        });
    
        var example = new Azure.KeyVault.Certificate("example", new()
        {
            Name = "generated-cert",
            KeyVaultId = exampleAzurermKeyVault.Id,
            CertificatePolicy = new Azure.KeyVault.Inputs.CertificateCertificatePolicyArgs
            {
                IssuerParameters = new Azure.KeyVault.Inputs.CertificateCertificatePolicyIssuerParametersArgs
                {
                    Name = "Self",
                },
                KeyProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicyKeyPropertiesArgs
                {
                    Exportable = true,
                    KeySize = 2048,
                    KeyType = "RSA",
                    ReuseKey = true,
                },
                LifetimeActions = new[]
                {
                    new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionArgs
                    {
                        Action = new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionActionArgs
                        {
                            ActionType = "AutoRenew",
                        },
                        Trigger = new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionTriggerArgs
                        {
                            DaysBeforeExpiry = 30,
                        },
                    },
                },
                SecretProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicySecretPropertiesArgs
                {
                    ContentType = "application/x-pkcs12",
                },
                X509CertificateProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicyX509CertificatePropertiesArgs
                {
                    ExtendedKeyUsages = new[]
                    {
                        "1.3.6.1.5.5.7.3.2",
                    },
                    KeyUsages = new[]
                    {
                        "dataEncipherment",
                        "digitalSignature",
                        "keyCertSign",
                        "keyEncipherment",
                    },
                    SubjectAlternativeNames = new Azure.KeyVault.Inputs.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs
                    {
                        DnsNames = new[]
                        {
                            "internal.contoso.com",
                            "domain.hello.world",
                        },
                    },
                    Subject = $"CN={exampleApplication.Name}",
                    ValidityInMonths = 12,
                },
            },
        });
    
        var exampleApplicationCertificate = new AzureAD.ApplicationCertificate("example", new()
        {
            ApplicationId = exampleApplication.Id,
            Type = "AsymmetricX509Cert",
            Encoding = "hex",
            Value = example.CertificateData,
            EndDate = example.CertificateAttributes.Apply(certificateAttributes => certificateAttributes[0].Expires),
            StartDate = example.CertificateAttributes.Apply(certificateAttributes => certificateAttributes[0].NotBefore),
        });
    
    });
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
    	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		exampleApplication, err := azuread.NewApplication(ctx, "example", &azuread.ApplicationArgs{
    			DisplayName: pulumi.String("example"),
    		})
    		if err != nil {
    			return err
    		}
    		example, err := keyvault.NewCertificate(ctx, "example", &keyvault.CertificateArgs{
    			Name:       pulumi.String("generated-cert"),
    			KeyVaultId: pulumi.Any(exampleAzurermKeyVault.Id),
    			CertificatePolicy: &keyvault.CertificateCertificatePolicyArgs{
    				IssuerParameters: &keyvault.CertificateCertificatePolicyIssuerParametersArgs{
    					Name: pulumi.String("Self"),
    				},
    				KeyProperties: &keyvault.CertificateCertificatePolicyKeyPropertiesArgs{
    					Exportable: pulumi.Bool(true),
    					KeySize:    pulumi.Int(2048),
    					KeyType:    pulumi.String("RSA"),
    					ReuseKey:   pulumi.Bool(true),
    				},
    				LifetimeActions: keyvault.CertificateCertificatePolicyLifetimeActionArray{
    					&keyvault.CertificateCertificatePolicyLifetimeActionArgs{
    						Action: &keyvault.CertificateCertificatePolicyLifetimeActionActionArgs{
    							ActionType: pulumi.String("AutoRenew"),
    						},
    						Trigger: &keyvault.CertificateCertificatePolicyLifetimeActionTriggerArgs{
    							DaysBeforeExpiry: pulumi.Int(30),
    						},
    					},
    				},
    				SecretProperties: &keyvault.CertificateCertificatePolicySecretPropertiesArgs{
    					ContentType: pulumi.String("application/x-pkcs12"),
    				},
    				X509CertificateProperties: &keyvault.CertificateCertificatePolicyX509CertificatePropertiesArgs{
    					ExtendedKeyUsages: pulumi.StringArray{
    						pulumi.String("1.3.6.1.5.5.7.3.2"),
    					},
    					KeyUsages: pulumi.StringArray{
    						pulumi.String("dataEncipherment"),
    						pulumi.String("digitalSignature"),
    						pulumi.String("keyCertSign"),
    						pulumi.String("keyEncipherment"),
    					},
    					SubjectAlternativeNames: &keyvault.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs{
    						DnsNames: pulumi.StringArray{
    							pulumi.String("internal.contoso.com"),
    							pulumi.String("domain.hello.world"),
    						},
    					},
    					Subject:          pulumi.String(fmt.Sprintf("CN=%v", exampleApplication.Name)),
    					ValidityInMonths: pulumi.Int(12),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = azuread.NewApplicationCertificate(ctx, "example", &azuread.ApplicationCertificateArgs{
    			ApplicationId: exampleApplication.ID(),
    			Type:          pulumi.String("AsymmetricX509Cert"),
    			Encoding:      pulumi.String("hex"),
    			Value:         example.CertificateData,
    			EndDate: example.CertificateAttributes.ApplyT(func(certificateAttributes []keyvault.CertificateCertificateAttribute) (*string, error) {
    				return &certificateAttributes[0].Expires, nil
    			}).(pulumi.StringPtrOutput),
    			StartDate: example.CertificateAttributes.ApplyT(func(certificateAttributes []keyvault.CertificateCertificateAttribute) (*string, error) {
    				return &certificateAttributes[0].NotBefore, nil
    			}).(pulumi.StringPtrOutput),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azuread.Application;
    import com.pulumi.azuread.ApplicationArgs;
    import com.pulumi.azure.keyvault.Certificate;
    import com.pulumi.azure.keyvault.CertificateArgs;
    import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyArgs;
    import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyIssuerParametersArgs;
    import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyKeyPropertiesArgs;
    import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicySecretPropertiesArgs;
    import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyX509CertificatePropertiesArgs;
    import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs;
    import com.pulumi.azuread.ApplicationCertificate;
    import com.pulumi.azuread.ApplicationCertificateArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var exampleApplication = new Application("exampleApplication", ApplicationArgs.builder()        
                .displayName("example")
                .build());
    
            var example = new Certificate("example", CertificateArgs.builder()        
                .name("generated-cert")
                .keyVaultId(exampleAzurermKeyVault.id())
                .certificatePolicy(CertificateCertificatePolicyArgs.builder()
                    .issuerParameters(CertificateCertificatePolicyIssuerParametersArgs.builder()
                        .name("Self")
                        .build())
                    .keyProperties(CertificateCertificatePolicyKeyPropertiesArgs.builder()
                        .exportable(true)
                        .keySize(2048)
                        .keyType("RSA")
                        .reuseKey(true)
                        .build())
                    .lifetimeActions(CertificateCertificatePolicyLifetimeActionArgs.builder()
                        .action(CertificateCertificatePolicyLifetimeActionActionArgs.builder()
                            .actionType("AutoRenew")
                            .build())
                        .trigger(CertificateCertificatePolicyLifetimeActionTriggerArgs.builder()
                            .daysBeforeExpiry(30)
                            .build())
                        .build())
                    .secretProperties(CertificateCertificatePolicySecretPropertiesArgs.builder()
                        .contentType("application/x-pkcs12")
                        .build())
                    .x509CertificateProperties(CertificateCertificatePolicyX509CertificatePropertiesArgs.builder()
                        .extendedKeyUsages("1.3.6.1.5.5.7.3.2")
                        .keyUsages(                    
                            "dataEncipherment",
                            "digitalSignature",
                            "keyCertSign",
                            "keyEncipherment")
                        .subjectAlternativeNames(CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs.builder()
                            .dnsNames(                        
                                "internal.contoso.com",
                                "domain.hello.world")
                            .build())
                        .subject(String.format("CN=%s", exampleApplication.name()))
                        .validityInMonths(12)
                        .build())
                    .build())
                .build());
    
            var exampleApplicationCertificate = new ApplicationCertificate("exampleApplicationCertificate", ApplicationCertificateArgs.builder()        
                .applicationId(exampleApplication.id())
                .type("AsymmetricX509Cert")
                .encoding("hex")
                .value(example.certificateData())
                .endDate(example.certificateAttributes().applyValue(certificateAttributes -> certificateAttributes[0].expires()))
                .startDate(example.certificateAttributes().applyValue(certificateAttributes -> certificateAttributes[0].notBefore()))
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure as azure
    import pulumi_azuread as azuread
    
    example_application = azuread.Application("example", display_name="example")
    example = azure.keyvault.Certificate("example",
        name="generated-cert",
        key_vault_id=example_azurerm_key_vault["id"],
        certificate_policy=azure.keyvault.CertificateCertificatePolicyArgs(
            issuer_parameters=azure.keyvault.CertificateCertificatePolicyIssuerParametersArgs(
                name="Self",
            ),
            key_properties=azure.keyvault.CertificateCertificatePolicyKeyPropertiesArgs(
                exportable=True,
                key_size=2048,
                key_type="RSA",
                reuse_key=True,
            ),
            lifetime_actions=[azure.keyvault.CertificateCertificatePolicyLifetimeActionArgs(
                action=azure.keyvault.CertificateCertificatePolicyLifetimeActionActionArgs(
                    action_type="AutoRenew",
                ),
                trigger=azure.keyvault.CertificateCertificatePolicyLifetimeActionTriggerArgs(
                    days_before_expiry=30,
                ),
            )],
            secret_properties=azure.keyvault.CertificateCertificatePolicySecretPropertiesArgs(
                content_type="application/x-pkcs12",
            ),
            x509_certificate_properties=azure.keyvault.CertificateCertificatePolicyX509CertificatePropertiesArgs(
                extended_key_usages=["1.3.6.1.5.5.7.3.2"],
                key_usages=[
                    "dataEncipherment",
                    "digitalSignature",
                    "keyCertSign",
                    "keyEncipherment",
                ],
                subject_alternative_names=azure.keyvault.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs(
                    dns_names=[
                        "internal.contoso.com",
                        "domain.hello.world",
                    ],
                ),
                subject=f"CN={example_application.name}",
                validity_in_months=12,
            ),
        ))
    example_application_certificate = azuread.ApplicationCertificate("example",
        application_id=example_application.id,
        type="AsymmetricX509Cert",
        encoding="hex",
        value=example.certificate_data,
        end_date=example.certificate_attributes[0].expires,
        start_date=example.certificate_attributes[0].not_before)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    import * as azuread from "@pulumi/azuread";
    
    const exampleApplication = new azuread.Application("example", {displayName: "example"});
    const example = new azure.keyvault.Certificate("example", {
        name: "generated-cert",
        keyVaultId: exampleAzurermKeyVault.id,
        certificatePolicy: {
            issuerParameters: {
                name: "Self",
            },
            keyProperties: {
                exportable: true,
                keySize: 2048,
                keyType: "RSA",
                reuseKey: true,
            },
            lifetimeActions: [{
                action: {
                    actionType: "AutoRenew",
                },
                trigger: {
                    daysBeforeExpiry: 30,
                },
            }],
            secretProperties: {
                contentType: "application/x-pkcs12",
            },
            x509CertificateProperties: {
                extendedKeyUsages: ["1.3.6.1.5.5.7.3.2"],
                keyUsages: [
                    "dataEncipherment",
                    "digitalSignature",
                    "keyCertSign",
                    "keyEncipherment",
                ],
                subjectAlternativeNames: {
                    dnsNames: [
                        "internal.contoso.com",
                        "domain.hello.world",
                    ],
                },
                subject: `CN=${exampleApplication.name}`,
                validityInMonths: 12,
            },
        },
    });
    const exampleApplicationCertificate = new azuread.ApplicationCertificate("example", {
        applicationId: exampleApplication.id,
        type: "AsymmetricX509Cert",
        encoding: "hex",
        value: example.certificateData,
        endDate: example.certificateAttributes.apply(certificateAttributes => certificateAttributes[0].expires),
        startDate: example.certificateAttributes.apply(certificateAttributes => certificateAttributes[0].notBefore),
    });
    
    resources:
      example:
        type: azure:keyvault:Certificate
        properties:
          name: generated-cert
          keyVaultId: ${exampleAzurermKeyVault.id}
          certificatePolicy:
            issuerParameters:
              name: Self
            keyProperties:
              exportable: true
              keySize: 2048
              keyType: RSA
              reuseKey: true
            lifetimeActions:
              - action:
                  actionType: AutoRenew
                trigger:
                  daysBeforeExpiry: 30
            secretProperties:
              contentType: application/x-pkcs12
            x509CertificateProperties:
              extendedKeyUsages:
                - 1.3.6.1.5.5.7.3.2
              keyUsages:
                - dataEncipherment
                - digitalSignature
                - keyCertSign
                - keyEncipherment
              subjectAlternativeNames:
                dnsNames:
                  - internal.contoso.com
                  - domain.hello.world
              subject: CN=${exampleApplication.name}
              validityInMonths: 12
      exampleApplication:
        type: azuread:Application
        name: example
        properties:
          displayName: example
      exampleApplicationCertificate:
        type: azuread:ApplicationCertificate
        name: example
        properties:
          applicationId: ${exampleApplication.id}
          type: AsymmetricX509Cert
          encoding: hex
          value: ${example.certificateData}
          endDate: ${example.certificateAttributes[0].expires}
          startDate: ${example.certificateAttributes[0].notBefore}
    

    Create ApplicationCertificate Resource

    new ApplicationCertificate(name: string, args: ApplicationCertificateArgs, opts?: CustomResourceOptions);
    @overload
    def ApplicationCertificate(resource_name: str,
                               opts: Optional[ResourceOptions] = None,
                               application_id: Optional[str] = None,
                               application_object_id: Optional[str] = None,
                               encoding: Optional[str] = None,
                               end_date: Optional[str] = None,
                               end_date_relative: Optional[str] = None,
                               key_id: Optional[str] = None,
                               start_date: Optional[str] = None,
                               type: Optional[str] = None,
                               value: Optional[str] = None)
    @overload
    def ApplicationCertificate(resource_name: str,
                               args: ApplicationCertificateArgs,
                               opts: Optional[ResourceOptions] = None)
    func NewApplicationCertificate(ctx *Context, name string, args ApplicationCertificateArgs, opts ...ResourceOption) (*ApplicationCertificate, error)
    public ApplicationCertificate(string name, ApplicationCertificateArgs args, CustomResourceOptions? opts = null)
    public ApplicationCertificate(String name, ApplicationCertificateArgs args)
    public ApplicationCertificate(String name, ApplicationCertificateArgs args, CustomResourceOptions options)
    
    type: azuread:ApplicationCertificate
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args ApplicationCertificateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ApplicationCertificateArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ApplicationCertificateArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ApplicationCertificateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ApplicationCertificateArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    ApplicationCertificate Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The ApplicationCertificate resource accepts the following input properties:

    Value string
    The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the encoding argument.
    ApplicationId string
    The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
    ApplicationObjectId string
    The object ID of the application for which this certificate should be created

    Deprecated:The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    Encoding string

    Specifies the encoding used for the supplied certificate data. Must be one of pem, base64 or hex. Defaults to pem.

    Tip for Azure Key Vault The hex encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.

    EndDate string
    The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
    EndDateRelative string

    A relative duration for which the certificate is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

    One of end_date or end_date_relative must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.

    KeyId string
    A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
    StartDate string
    The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
    Type string
    The type of key/certificate. Must be one of AsymmetricX509Cert or Symmetric. Changing this fields forces a new resource to be created.
    Value string
    The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the encoding argument.
    ApplicationId string
    The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
    ApplicationObjectId string
    The object ID of the application for which this certificate should be created

    Deprecated:The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    Encoding string

    Specifies the encoding used for the supplied certificate data. Must be one of pem, base64 or hex. Defaults to pem.

    Tip for Azure Key Vault The hex encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.

    EndDate string
    The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
    EndDateRelative string

    A relative duration for which the certificate is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

    One of end_date or end_date_relative must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.

    KeyId string
    A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
    StartDate string
    The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
    Type string
    The type of key/certificate. Must be one of AsymmetricX509Cert or Symmetric. Changing this fields forces a new resource to be created.
    value String
    The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the encoding argument.
    applicationId String
    The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
    applicationObjectId String
    The object ID of the application for which this certificate should be created

    Deprecated:The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    encoding String

    Specifies the encoding used for the supplied certificate data. Must be one of pem, base64 or hex. Defaults to pem.

    Tip for Azure Key Vault The hex encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.

    endDate String
    The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
    endDateRelative String

    A relative duration for which the certificate is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

    One of end_date or end_date_relative must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.

    keyId String
    A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
    startDate String
    The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
    type String
    The type of key/certificate. Must be one of AsymmetricX509Cert or Symmetric. Changing this fields forces a new resource to be created.
    value string
    The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the encoding argument.
    applicationId string
    The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
    applicationObjectId string
    The object ID of the application for which this certificate should be created

    Deprecated:The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    encoding string

    Specifies the encoding used for the supplied certificate data. Must be one of pem, base64 or hex. Defaults to pem.

    Tip for Azure Key Vault The hex encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.

    endDate string
    The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
    endDateRelative string

    A relative duration for which the certificate is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

    One of end_date or end_date_relative must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.

    keyId string
    A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
    startDate string
    The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
    type string
    The type of key/certificate. Must be one of AsymmetricX509Cert or Symmetric. Changing this fields forces a new resource to be created.
    value str
    The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the encoding argument.
    application_id str
    The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
    application_object_id str
    The object ID of the application for which this certificate should be created

    Deprecated:The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    encoding str

    Specifies the encoding used for the supplied certificate data. Must be one of pem, base64 or hex. Defaults to pem.

    Tip for Azure Key Vault The hex encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.

    end_date str
    The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
    end_date_relative str

    A relative duration for which the certificate is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

    One of end_date or end_date_relative must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.

    key_id str
    A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
    start_date str
    The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
    type str
    The type of key/certificate. Must be one of AsymmetricX509Cert or Symmetric. Changing this fields forces a new resource to be created.
    value String
    The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the encoding argument.
    applicationId String
    The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
    applicationObjectId String
    The object ID of the application for which this certificate should be created

    Deprecated:The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    encoding String

    Specifies the encoding used for the supplied certificate data. Must be one of pem, base64 or hex. Defaults to pem.

    Tip for Azure Key Vault The hex encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.

    endDate String
    The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
    endDateRelative String

    A relative duration for which the certificate is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

    One of end_date or end_date_relative must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.

    keyId String
    A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
    startDate String
    The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
    type String
    The type of key/certificate. Must be one of AsymmetricX509Cert or Symmetric. Changing this fields forces a new resource to be created.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ApplicationCertificate resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing ApplicationCertificate Resource

    Get an existing ApplicationCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ApplicationCertificateState, opts?: CustomResourceOptions): ApplicationCertificate
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            application_id: Optional[str] = None,
            application_object_id: Optional[str] = None,
            encoding: Optional[str] = None,
            end_date: Optional[str] = None,
            end_date_relative: Optional[str] = None,
            key_id: Optional[str] = None,
            start_date: Optional[str] = None,
            type: Optional[str] = None,
            value: Optional[str] = None) -> ApplicationCertificate
    func GetApplicationCertificate(ctx *Context, name string, id IDInput, state *ApplicationCertificateState, opts ...ResourceOption) (*ApplicationCertificate, error)
    public static ApplicationCertificate Get(string name, Input<string> id, ApplicationCertificateState? state, CustomResourceOptions? opts = null)
    public static ApplicationCertificate get(String name, Output<String> id, ApplicationCertificateState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    ApplicationId string
    The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
    ApplicationObjectId string
    The object ID of the application for which this certificate should be created

    Deprecated:The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    Encoding string

    Specifies the encoding used for the supplied certificate data. Must be one of pem, base64 or hex. Defaults to pem.

    Tip for Azure Key Vault The hex encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.

    EndDate string
    The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
    EndDateRelative string

    A relative duration for which the certificate is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

    One of end_date or end_date_relative must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.

    KeyId string
    A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
    StartDate string
    The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
    Type string
    The type of key/certificate. Must be one of AsymmetricX509Cert or Symmetric. Changing this fields forces a new resource to be created.
    Value string
    The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the encoding argument.
    ApplicationId string
    The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
    ApplicationObjectId string
    The object ID of the application for which this certificate should be created

    Deprecated:The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    Encoding string

    Specifies the encoding used for the supplied certificate data. Must be one of pem, base64 or hex. Defaults to pem.

    Tip for Azure Key Vault The hex encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.

    EndDate string
    The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
    EndDateRelative string

    A relative duration for which the certificate is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

    One of end_date or end_date_relative must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.

    KeyId string
    A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
    StartDate string
    The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
    Type string
    The type of key/certificate. Must be one of AsymmetricX509Cert or Symmetric. Changing this fields forces a new resource to be created.
    Value string
    The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the encoding argument.
    applicationId String
    The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
    applicationObjectId String
    The object ID of the application for which this certificate should be created

    Deprecated:The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    encoding String

    Specifies the encoding used for the supplied certificate data. Must be one of pem, base64 or hex. Defaults to pem.

    Tip for Azure Key Vault The hex encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.

    endDate String
    The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
    endDateRelative String

    A relative duration for which the certificate is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

    One of end_date or end_date_relative must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.

    keyId String
    A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
    startDate String
    The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
    type String
    The type of key/certificate. Must be one of AsymmetricX509Cert or Symmetric. Changing this fields forces a new resource to be created.
    value String
    The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the encoding argument.
    applicationId string
    The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
    applicationObjectId string
    The object ID of the application for which this certificate should be created

    Deprecated:The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    encoding string

    Specifies the encoding used for the supplied certificate data. Must be one of pem, base64 or hex. Defaults to pem.

    Tip for Azure Key Vault The hex encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.

    endDate string
    The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
    endDateRelative string

    A relative duration for which the certificate is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

    One of end_date or end_date_relative must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.

    keyId string
    A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
    startDate string
    The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
    type string
    The type of key/certificate. Must be one of AsymmetricX509Cert or Symmetric. Changing this fields forces a new resource to be created.
    value string
    The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the encoding argument.
    application_id str
    The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
    application_object_id str
    The object ID of the application for which this certificate should be created

    Deprecated:The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    encoding str

    Specifies the encoding used for the supplied certificate data. Must be one of pem, base64 or hex. Defaults to pem.

    Tip for Azure Key Vault The hex encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.

    end_date str
    The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
    end_date_relative str

    A relative duration for which the certificate is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

    One of end_date or end_date_relative must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.

    key_id str
    A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
    start_date str
    The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
    type str
    The type of key/certificate. Must be one of AsymmetricX509Cert or Symmetric. Changing this fields forces a new resource to be created.
    value str
    The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the encoding argument.
    applicationId String
    The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
    applicationObjectId String
    The object ID of the application for which this certificate should be created

    Deprecated:The application_object_id property has been replaced with the application_id property and will be removed in version 3.0 of the AzureAD provider

    encoding String

    Specifies the encoding used for the supplied certificate data. Must be one of pem, base64 or hex. Defaults to pem.

    Tip for Azure Key Vault The hex encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.

    endDate String
    The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
    endDateRelative String

    A relative duration for which the certificate is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

    One of end_date or end_date_relative must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.

    keyId String
    A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
    startDate String
    The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
    type String
    The type of key/certificate. Must be one of AsymmetricX509Cert or Symmetric. Changing this fields forces a new resource to be created.
    value String
    The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the encoding argument.

    Package Details

    Repository
    Azure Active Directory (Azure AD) pulumi/pulumi-azuread
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azuread Terraform Provider.
    azuread logo
    Azure Active Directory (Azure AD) v5.47.2 published on Tuesday, Feb 27, 2024 by Pulumi