Package pulumi_tls

Pulumi TLS

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-tls repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-tls repo.
class pulumi_tls.AwaitableGetPublicKeyResult(algorithm=None, private_key_pem=None, public_key_fingerprint_md5=None, public_key_openssh=None, public_key_pem=None, id=None)
class pulumi_tls.CertRequest(resource_name, opts=None, dns_names=None, ip_addresses=None, key_algorithm=None, private_key_pem=None, subjects=None, __props__=None, __name__=None, __opts__=None)

Create a CertRequest resource with the given unique name, props, and options.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • dns_names (pulumi.Input[list]) – List of DNS names for which a certificate is being requested.
  • ip_addresses (pulumi.Input[list]) – List of IP addresses for which a certificate is being requested.
  • key_algorithm (pulumi.Input[str]) – The name of the algorithm for the key provided in private_key_pem.
  • subjects (pulumi.Input[list]) – The subject for which a certificate is being requested. This is a nested configuration block whose structure is described below.
cert_request_pem = None

The certificate request data in PEM format.

dns_names = None

List of DNS names for which a certificate is being requested.

ip_addresses = None

List of IP addresses for which a certificate is being requested.

key_algorithm = None

The name of the algorithm for the key provided in private_key_pem.

subjects = None

The subject for which a certificate is being requested. This is a nested configuration block whose structure is described below.

static get(resource_name, id, opts=None, cert_request_pem=None, dns_names=None, ip_addresses=None, key_algorithm=None, private_key_pem=None, subjects=None)

Get an existing CertRequest resource’s state with the given name, id, and optional extra properties used to qualify the lookup. :param str resource_name: The unique name of the resulting resource. :param str id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] cert_request_pem: The certificate request data in PEM format. :param pulumi.Input[list] dns_names: List of DNS names for which a certificate is being requested. :param pulumi.Input[list] ip_addresses: List of IP addresses for which a certificate is being requested. :param pulumi.Input[str] key_algorithm: The name of the algorithm for the key provided

in private_key_pem.
Parameters:subjects (pulumi.Input[list]) – The subject for which a certificate is being requested. This is a nested configuration block whose structure is described below.
translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_tls.GetPublicKeyResult(algorithm=None, private_key_pem=None, public_key_fingerprint_md5=None, public_key_openssh=None, public_key_pem=None, id=None)

A collection of values returned by getPublicKey.

private_key_pem = None

The private key data in PEM format.

public_key_fingerprint_md5 = None

The md5 hash of the public key data in OpenSSH MD5 hash format, e.g. aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules for public_key_openssh.

public_key_openssh = None

The public key data in OpenSSH authorized_keys format, if the selected private key format is compatible. All RSA keys are supported, and ECDSA keys with curves “P256”, “P384” and “P521” are supported. This attribute is empty if an incompatible ECDSA curve is selected.

public_key_pem = None

The public key data in PEM format.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_tls.LocallySignedCert(resource_name, opts=None, allowed_uses=None, ca_cert_pem=None, ca_key_algorithm=None, ca_private_key_pem=None, cert_request_pem=None, early_renewal_hours=None, is_ca_certificate=None, validity_period_hours=None, __props__=None, __name__=None, __opts__=None)

Create a LocallySignedCert resource with the given unique name, props, and options.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • allowed_uses (pulumi.Input[list]) – List of keywords each describing a use that is permitted for the issued certificate. The valid keywords are listed below.
  • ca_cert_pem (pulumi.Input[str]) – PEM-encoded certificate data for the CA.
  • ca_key_algorithm (pulumi.Input[str]) – The name of the algorithm for the key provided in ca_private_key_pem.
  • ca_private_key_pem (pulumi.Input[str]) – PEM-encoded private key data for the CA. This can be read from a separate file using the file interpolation function.
  • cert_request_pem (pulumi.Input[str]) – PEM-encoded request certificate data.
  • is_ca_certificate (pulumi.Input[bool]) – Boolean controlling whether the CA flag will be set in the generated certificate. Defaults to false, meaning that the certificate does not represent a certificate authority.
  • validity_period_hours (pulumi.Input[float]) – The number of hours after initial issuing that the certificate will become invalid.
allowed_uses = None

List of keywords each describing a use that is permitted for the issued certificate. The valid keywords are listed below.

ca_cert_pem = None

PEM-encoded certificate data for the CA.

ca_key_algorithm = None

The name of the algorithm for the key provided in ca_private_key_pem.

ca_private_key_pem = None

PEM-encoded private key data for the CA. This can be read from a separate file using the file interpolation function.

cert_pem = None

The certificate data in PEM format.

cert_request_pem = None

PEM-encoded request certificate data.

is_ca_certificate = None

Boolean controlling whether the CA flag will be set in the generated certificate. Defaults to false, meaning that the certificate does not represent a certificate authority.

validity_end_time = None

The time until which the certificate is invalid, as an RFC3339 timestamp.

validity_period_hours = None

The number of hours after initial issuing that the certificate will become invalid.

validity_start_time = None

The time after which the certificate is valid, as an RFC3339 timestamp.

static get(resource_name, id, opts=None, allowed_uses=None, ca_cert_pem=None, ca_key_algorithm=None, ca_private_key_pem=None, cert_pem=None, cert_request_pem=None, early_renewal_hours=None, is_ca_certificate=None, validity_end_time=None, validity_period_hours=None, validity_start_time=None)

Get an existing LocallySignedCert resource’s state with the given name, id, and optional extra properties used to qualify the lookup. :param str resource_name: The unique name of the resulting resource. :param str id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[list] allowed_uses: List of keywords each describing a use that is permitted

for the issued certificate. The valid keywords are listed below.
Parameters:
  • ca_cert_pem (pulumi.Input[str]) – PEM-encoded certificate data for the CA.
  • ca_key_algorithm (pulumi.Input[str]) – The name of the algorithm for the key provided in ca_private_key_pem.
  • ca_private_key_pem (pulumi.Input[str]) – PEM-encoded private key data for the CA. This can be read from a separate file using the file interpolation function.
  • cert_pem (pulumi.Input[str]) – The certificate data in PEM format.
  • cert_request_pem (pulumi.Input[str]) – PEM-encoded request certificate data.
  • is_ca_certificate (pulumi.Input[bool]) – Boolean controlling whether the CA flag will be set in the generated certificate. Defaults to false, meaning that the certificate does not represent a certificate authority.
  • validity_end_time (pulumi.Input[str]) –

    The time until which the certificate is invalid, as an RFC3339 timestamp.

  • validity_period_hours (pulumi.Input[float]) – The number of hours after initial issuing that the certificate will become invalid.
  • validity_start_time (pulumi.Input[str]) –

    The time after which the certificate is valid, as an RFC3339 timestamp.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_tls.PrivateKey(resource_name, opts=None, algorithm=None, ecdsa_curve=None, rsa_bits=None, __props__=None, __name__=None, __opts__=None)

Create a PrivateKey resource with the given unique name, props, and options.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • algorithm (pulumi.Input[str]) – The name of the algorithm to use for the key. Currently-supported values are “RSA” and “ECDSA”.
  • ecdsa_curve (pulumi.Input[str]) – When algorithm is “ECDSA”, the name of the elliptic curve to use. May be any one of “P224”, “P256”, “P384” or “P521”, with “P224” as the default.
  • rsa_bits (pulumi.Input[float]) – When algorithm is “RSA”, the size of the generated RSA key in bits. Defaults to 2048.
algorithm = None

The name of the algorithm to use for the key. Currently-supported values are “RSA” and “ECDSA”.

ecdsa_curve = None

When algorithm is “ECDSA”, the name of the elliptic curve to use. May be any one of “P224”, “P256”, “P384” or “P521”, with “P224” as the default.

private_key_pem = None

The private key data in PEM format.

public_key_fingerprint_md5 = None

The md5 hash of the public key data in OpenSSH MD5 hash format, e.g. aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules for public_key_openssh.

public_key_openssh = None

The public key data in OpenSSH authorized_keys format, if the selected private key format is compatible. All RSA keys are supported, and ECDSA keys with curves “P256”, “P384” and “P521” are supported. This attribute is empty if an incompatible ECDSA curve is selected.

public_key_pem = None

The public key data in PEM format.

rsa_bits = None

When algorithm is “RSA”, the size of the generated RSA key in bits. Defaults to 2048.

static get(resource_name, id, opts=None, algorithm=None, ecdsa_curve=None, private_key_pem=None, public_key_fingerprint_md5=None, public_key_openssh=None, public_key_pem=None, rsa_bits=None)

Get an existing PrivateKey resource’s state with the given name, id, and optional extra properties used to qualify the lookup. :param str resource_name: The unique name of the resulting resource. :param str id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] algorithm: The name of the algorithm to use for

the key. Currently-supported values are “RSA” and “ECDSA”.
Parameters:
  • ecdsa_curve (pulumi.Input[str]) – When algorithm is “ECDSA”, the name of the elliptic curve to use. May be any one of “P224”, “P256”, “P384” or “P521”, with “P224” as the default.
  • private_key_pem (pulumi.Input[str]) – The private key data in PEM format.
  • public_key_fingerprint_md5 (pulumi.Input[str]) – The md5 hash of the public key data in OpenSSH MD5 hash format, e.g. aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules for public_key_openssh.
  • public_key_openssh (pulumi.Input[str]) – The public key data in OpenSSH authorized_keys format, if the selected private key format is compatible. All RSA keys are supported, and ECDSA keys with curves “P256”, “P384” and “P521” are supported. This attribute is empty if an incompatible ECDSA curve is selected.
  • public_key_pem (pulumi.Input[str]) – The public key data in PEM format.
  • rsa_bits (pulumi.Input[float]) – When algorithm is “RSA”, the size of the generated RSA key in bits. Defaults to 2048.
translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_tls.Provider(resource_name, opts=None, __props__=None, __name__=None, __opts__=None)

The provider type for the tls package. By default, resources use package-wide configuration settings, however an explicit Provider instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the documentation for more information.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
static get(resource_name, id, opts=None)

Get an existing Provider resource’s state with the given name, id, and optional extra properties used to qualify the lookup. :param str resource_name: The unique name of the resulting resource. :param str id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_tls.SelfSignedCert(resource_name, opts=None, allowed_uses=None, dns_names=None, early_renewal_hours=None, ip_addresses=None, is_ca_certificate=None, key_algorithm=None, private_key_pem=None, subjects=None, validity_period_hours=None, __props__=None, __name__=None, __opts__=None)

Create a SelfSignedCert resource with the given unique name, props, and options.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • allowed_uses (pulumi.Input[list]) – List of keywords each describing a use that is permitted for the issued certificate. The valid keywords are listed below.
  • dns_names (pulumi.Input[list]) – List of DNS names for which a certificate is being requested.
  • ip_addresses (pulumi.Input[list]) – List of IP addresses for which a certificate is being requested.
  • is_ca_certificate (pulumi.Input[bool]) – Boolean controlling whether the CA flag will be set in the generated certificate. Defaults to false, meaning that the certificate does not represent a certificate authority.
  • key_algorithm (pulumi.Input[str]) – The name of the algorithm for the key provided in private_key_pem.
  • subjects (pulumi.Input[list]) – The subject for which a certificate is being requested. This is a nested configuration block whose structure matches the corresponding block for .CertRequest.
  • validity_period_hours (pulumi.Input[float]) – The number of hours after initial issuing that the certificate will become invalid.
allowed_uses = None

List of keywords each describing a use that is permitted for the issued certificate. The valid keywords are listed below.

cert_pem = None

The certificate data in PEM format.

dns_names = None

List of DNS names for which a certificate is being requested.

ip_addresses = None

List of IP addresses for which a certificate is being requested.

is_ca_certificate = None

Boolean controlling whether the CA flag will be set in the generated certificate. Defaults to false, meaning that the certificate does not represent a certificate authority.

key_algorithm = None

The name of the algorithm for the key provided in private_key_pem.

subjects = None

The subject for which a certificate is being requested. This is a nested configuration block whose structure matches the corresponding block for .CertRequest.

validity_end_time = None

The time until which the certificate is invalid, as an RFC3339 timestamp.

validity_period_hours = None

The number of hours after initial issuing that the certificate will become invalid.

validity_start_time = None

The time after which the certificate is valid, as an RFC3339 timestamp.

static get(resource_name, id, opts=None, allowed_uses=None, cert_pem=None, dns_names=None, early_renewal_hours=None, ip_addresses=None, is_ca_certificate=None, key_algorithm=None, private_key_pem=None, subjects=None, validity_end_time=None, validity_period_hours=None, validity_start_time=None)

Get an existing SelfSignedCert resource’s state with the given name, id, and optional extra properties used to qualify the lookup. :param str resource_name: The unique name of the resulting resource. :param str id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[list] allowed_uses: List of keywords each describing a use that is permitted

for the issued certificate. The valid keywords are listed below.
Parameters:
  • cert_pem (pulumi.Input[str]) – The certificate data in PEM format.
  • dns_names (pulumi.Input[list]) – List of DNS names for which a certificate is being requested.
  • ip_addresses (pulumi.Input[list]) – List of IP addresses for which a certificate is being requested.
  • is_ca_certificate (pulumi.Input[bool]) – Boolean controlling whether the CA flag will be set in the generated certificate. Defaults to false, meaning that the certificate does not represent a certificate authority.
  • key_algorithm (pulumi.Input[str]) – The name of the algorithm for the key provided in private_key_pem.
  • subjects (pulumi.Input[list]) – The subject for which a certificate is being requested. This is a nested configuration block whose structure matches the corresponding block for .CertRequest.
  • validity_end_time (pulumi.Input[str]) –

    The time until which the certificate is invalid, as an RFC3339 timestamp.

  • validity_period_hours (pulumi.Input[float]) – The number of hours after initial issuing that the certificate will become invalid.
  • validity_start_time (pulumi.Input[str]) –

    The time after which the certificate is valid, as an RFC3339 timestamp.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
pulumi_tls.get_public_key(private_key_pem=None, opts=None)

Use this data source to get the public key from a PEM-encoded private key for use in other resources.