akeyless 1.9.0, Apr 14 25

akeyless 1.9.0 published on Monday, Apr 14, 2025 by akeyless-community

akeyless-community/terraform-provider-akeyless

akeyless.PkiCertIssuer

Explore with Pulumi AI

akeyless 1.9.0 published on Monday, Apr 14, 2025 by akeyless-community

akeyless-community/terraform-provider-akeyless

Create PkiCertIssuer Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new PkiCertIssuer(name: string, args: PkiCertIssuerArgs, opts?: CustomResourceOptions);

@overload
def PkiCertIssuer(resource_name: str,
                  args: PkiCertIssuerArgs,
                  opts: Optional[ResourceOptions] = None)

@overload
def PkiCertIssuer(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  ttl: Optional[str] = None,
                  expiration_event_ins: Optional[Sequence[str]] = None,
                  is_ca: Optional[bool] = None,
                  allowed_domains: Optional[str] = None,
                  allowed_extra_extensions: Optional[str] = None,
                  allowed_uri_sans: Optional[str] = None,
                  key_usage: Optional[str] = None,
                  ca_target: Optional[str] = None,
                  client_flag: Optional[bool] = None,
                  code_signing_flag: Optional[bool] = None,
                  country: Optional[str] = None,
                  create_private_crl: Optional[bool] = None,
                  create_public_crl: Optional[bool] = None,
                  critical_key_usage: Optional[str] = None,
                  delete_protection: Optional[bool] = None,
                  description: Optional[str] = None,
                  destination_path: Optional[str] = None,
                  enable_acme: Optional[bool] = None,
                  allow_any_name: Optional[bool] = None,
                  allow_subdomains: Optional[bool] = None,
                  gw_cluster_url: Optional[str] = None,
                  auto_renew: Optional[bool] = None,
                  locality: Optional[str] = None,
                  name: Optional[str] = None,
                  not_enforce_hostnames: Optional[bool] = None,
                  not_require_cn: Optional[bool] = None,
                  organizational_units: Optional[str] = None,
                  organizations: Optional[str] = None,
                  pki_cert_issuer_id: Optional[str] = None,
                  postal_code: Optional[str] = None,
                  protect_certificates: Optional[bool] = None,
                  province: Optional[str] = None,
                  scheduled_renew: Optional[float] = None,
                  server_flag: Optional[bool] = None,
                  signer_key_name: Optional[str] = None,
                  street_address: Optional[str] = None,
                  tags: Optional[Sequence[str]] = None,
                  allow_copy_ext_from_csr: Optional[bool] = None)

func NewPkiCertIssuer(ctx *Context, name string, args PkiCertIssuerArgs, opts ...ResourceOption) (*PkiCertIssuer, error)

public PkiCertIssuer(string name, PkiCertIssuerArgs args, CustomResourceOptions? opts = null)

public PkiCertIssuer(String name, PkiCertIssuerArgs args)
public PkiCertIssuer(String name, PkiCertIssuerArgs args, CustomResourceOptions options)

type: akeyless:PkiCertIssuer
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args PkiCertIssuerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args PkiCertIssuerArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PkiCertIssuerArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PkiCertIssuerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args PkiCertIssuerArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var pkiCertIssuerResource = new Akeyless.PkiCertIssuer("pkiCertIssuerResource", new()
{
    Ttl = "string",
    ExpirationEventIns = new[]
    {
        "string",
    },
    IsCa = false,
    AllowedDomains = "string",
    AllowedExtraExtensions = "string",
    AllowedUriSans = "string",
    KeyUsage = "string",
    CaTarget = "string",
    ClientFlag = false,
    CodeSigningFlag = false,
    Country = "string",
    CreatePrivateCrl = false,
    CreatePublicCrl = false,
    CriticalKeyUsage = "string",
    DeleteProtection = false,
    Description = "string",
    DestinationPath = "string",
    EnableAcme = false,
    AllowAnyName = false,
    AllowSubdomains = false,
    GwClusterUrl = "string",
    AutoRenew = false,
    Locality = "string",
    Name = "string",
    NotEnforceHostnames = false,
    NotRequireCn = false,
    OrganizationalUnits = "string",
    Organizations = "string",
    PkiCertIssuerId = "string",
    PostalCode = "string",
    ProtectCertificates = false,
    Province = "string",
    ScheduledRenew = 0,
    ServerFlag = false,
    SignerKeyName = "string",
    StreetAddress = "string",
    Tags = new[]
    {
        "string",
    },
    AllowCopyExtFromCsr = false,
});

example, err := akeyless.NewPkiCertIssuer(ctx, "pkiCertIssuerResource", &akeyless.PkiCertIssuerArgs{
	Ttl: pulumi.String("string"),
	ExpirationEventIns: pulumi.StringArray{
		pulumi.String("string"),
	},
	IsCa:                   pulumi.Bool(false),
	AllowedDomains:         pulumi.String("string"),
	AllowedExtraExtensions: pulumi.String("string"),
	AllowedUriSans:         pulumi.String("string"),
	KeyUsage:               pulumi.String("string"),
	CaTarget:               pulumi.String("string"),
	ClientFlag:             pulumi.Bool(false),
	CodeSigningFlag:        pulumi.Bool(false),
	Country:                pulumi.String("string"),
	CreatePrivateCrl:       pulumi.Bool(false),
	CreatePublicCrl:        pulumi.Bool(false),
	CriticalKeyUsage:       pulumi.String("string"),
	DeleteProtection:       pulumi.Bool(false),
	Description:            pulumi.String("string"),
	DestinationPath:        pulumi.String("string"),
	EnableAcme:             pulumi.Bool(false),
	AllowAnyName:           pulumi.Bool(false),
	AllowSubdomains:        pulumi.Bool(false),
	GwClusterUrl:           pulumi.String("string"),
	AutoRenew:              pulumi.Bool(false),
	Locality:               pulumi.String("string"),
	Name:                   pulumi.String("string"),
	NotEnforceHostnames:    pulumi.Bool(false),
	NotRequireCn:           pulumi.Bool(false),
	OrganizationalUnits:    pulumi.String("string"),
	Organizations:          pulumi.String("string"),
	PkiCertIssuerId:        pulumi.String("string"),
	PostalCode:             pulumi.String("string"),
	ProtectCertificates:    pulumi.Bool(false),
	Province:               pulumi.String("string"),
	ScheduledRenew:         pulumi.Float64(0),
	ServerFlag:             pulumi.Bool(false),
	SignerKeyName:          pulumi.String("string"),
	StreetAddress:          pulumi.String("string"),
	Tags: pulumi.StringArray{
		pulumi.String("string"),
	},
	AllowCopyExtFromCsr: pulumi.Bool(false),
})

var pkiCertIssuerResource = new PkiCertIssuer("pkiCertIssuerResource", PkiCertIssuerArgs.builder()
    .ttl("string")
    .expirationEventIns("string")
    .isCa(false)
    .allowedDomains("string")
    .allowedExtraExtensions("string")
    .allowedUriSans("string")
    .keyUsage("string")
    .caTarget("string")
    .clientFlag(false)
    .codeSigningFlag(false)
    .country("string")
    .createPrivateCrl(false)
    .createPublicCrl(false)
    .criticalKeyUsage("string")
    .deleteProtection(false)
    .description("string")
    .destinationPath("string")
    .enableAcme(false)
    .allowAnyName(false)
    .allowSubdomains(false)
    .gwClusterUrl("string")
    .autoRenew(false)
    .locality("string")
    .name("string")
    .notEnforceHostnames(false)
    .notRequireCn(false)
    .organizationalUnits("string")
    .organizations("string")
    .pkiCertIssuerId("string")
    .postalCode("string")
    .protectCertificates(false)
    .province("string")
    .scheduledRenew(0)
    .serverFlag(false)
    .signerKeyName("string")
    .streetAddress("string")
    .tags("string")
    .allowCopyExtFromCsr(false)
    .build());

pki_cert_issuer_resource = akeyless.PkiCertIssuer("pkiCertIssuerResource",
    ttl="string",
    expiration_event_ins=["string"],
    is_ca=False,
    allowed_domains="string",
    allowed_extra_extensions="string",
    allowed_uri_sans="string",
    key_usage="string",
    ca_target="string",
    client_flag=False,
    code_signing_flag=False,
    country="string",
    create_private_crl=False,
    create_public_crl=False,
    critical_key_usage="string",
    delete_protection=False,
    description="string",
    destination_path="string",
    enable_acme=False,
    allow_any_name=False,
    allow_subdomains=False,
    gw_cluster_url="string",
    auto_renew=False,
    locality="string",
    name="string",
    not_enforce_hostnames=False,
    not_require_cn=False,
    organizational_units="string",
    organizations="string",
    pki_cert_issuer_id="string",
    postal_code="string",
    protect_certificates=False,
    province="string",
    scheduled_renew=0,
    server_flag=False,
    signer_key_name="string",
    street_address="string",
    tags=["string"],
    allow_copy_ext_from_csr=False)

const pkiCertIssuerResource = new akeyless.PkiCertIssuer("pkiCertIssuerResource", {
    ttl: "string",
    expirationEventIns: ["string"],
    isCa: false,
    allowedDomains: "string",
    allowedExtraExtensions: "string",
    allowedUriSans: "string",
    keyUsage: "string",
    caTarget: "string",
    clientFlag: false,
    codeSigningFlag: false,
    country: "string",
    createPrivateCrl: false,
    createPublicCrl: false,
    criticalKeyUsage: "string",
    deleteProtection: false,
    description: "string",
    destinationPath: "string",
    enableAcme: false,
    allowAnyName: false,
    allowSubdomains: false,
    gwClusterUrl: "string",
    autoRenew: false,
    locality: "string",
    name: "string",
    notEnforceHostnames: false,
    notRequireCn: false,
    organizationalUnits: "string",
    organizations: "string",
    pkiCertIssuerId: "string",
    postalCode: "string",
    protectCertificates: false,
    province: "string",
    scheduledRenew: 0,
    serverFlag: false,
    signerKeyName: "string",
    streetAddress: "string",
    tags: ["string"],
    allowCopyExtFromCsr: false,
});

type: akeyless:PkiCertIssuer
properties:
    allowAnyName: false
    allowCopyExtFromCsr: false
    allowSubdomains: false
    allowedDomains: string
    allowedExtraExtensions: string
    allowedUriSans: string
    autoRenew: false
    caTarget: string
    clientFlag: false
    codeSigningFlag: false
    country: string
    createPrivateCrl: false
    createPublicCrl: false
    criticalKeyUsage: string
    deleteProtection: false
    description: string
    destinationPath: string
    enableAcme: false
    expirationEventIns:
        - string
    gwClusterUrl: string
    isCa: false
    keyUsage: string
    locality: string
    name: string
    notEnforceHostnames: false
    notRequireCn: false
    organizationalUnits: string
    organizations: string
    pkiCertIssuerId: string
    postalCode: string
    protectCertificates: false
    province: string
    scheduledRenew: 0
    serverFlag: false
    signerKeyName: string
    streetAddress: string
    tags:
        - string
    ttl: string

PkiCertIssuer Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The PkiCertIssuer resource accepts the following input properties:

Ttl string: The maximum requested Time To Live for issued certificate by default in seconds, supported formats are s,m,h,d. In case of Public CA, this is based on the CA target's supported maximum TTLs
AllowAnyName bool: If set, clients can request certificates for any CN
AllowCopyExtFromCsr bool: If set, will allow copying the extra extensions from the csr file (if given)
AllowSubdomains bool: If set, clients can request certificates for subdomains and wildcard subdomains of the allowed domains
AllowedDomains string: A list of the allowed domains that clients can request to be included in the certificate (in a comma-delimited list)
AllowedExtraExtensions string: A json string that defines the allowed extra extensions for the pki cert issuer
AllowedUriSans string: A list of the allowed URIs that clients can request to be included in the certificate as part of the URI Subject Alternative Names (in a comma-delimited list)
AutoRenew bool: Automatically renew certificates before expiration
CaTarget string: The name of an existing CA target to attach this PKI Certificate Issuer to, required in Public CA mode
ClientFlag bool: If set, certificates will be flagged for client auth use
CodeSigningFlag bool: If set, certificates will be flagged for code signing use
Country string: A comma-separated list of countries that will be set in the issued certificate
CreatePrivateCrl bool: Set this to allow the issuer will expose a CRL endpoint in the Gateway
CreatePublicCrl bool: Set this to allow the cert issuer will expose a public CRL endpoint
CriticalKeyUsage string: Mark key usage as critical [true/false]
DeleteProtection bool: Protection from accidental deletion of this item, [true/false]
Description string: Description of the object
DestinationPath string: A path in Akeyless which to save generated certificates
EnableAcme bool: If set, the cert issuer will support the acme protocol
ExpirationEventIns List<string>: How many days before the expiration of the certificate would you like to be notified
GwClusterUrl string: The GW cluster URL to issue the certificate from, required in Public CA mode
IsCa bool: If set, the basic constraints extension will be added to certificate
KeyUsage string: A comma-separated string or list of key usages
Locality string: A comma-separated list of localities that will be set in the issued certificate
Name string: PKI certificate issuer name
NotEnforceHostnames bool: If set, any names are allowed for CN and SANs in the certificate and not only a valid host name
NotRequireCn bool: If set, clients can request certificates without a CN
OrganizationalUnits string: A comma-separated list of organizational units (OU) that will be set in the issued certificate
Organizations string: A comma-separated list of organizations (O) that will be set in the issued certificate
PkiCertIssuerId string: The ID of this resource.
PostalCode string: A comma-separated list of postal codes that will be set in the issued certificate
ProtectCertificates bool: Whether to protect generated certificates from deletion
Province string: A comma-separated list of provinces that will be set in the issued certificate
ScheduledRenew double: Number of days before expiration to renew certificates
ServerFlag bool: If set, certificates will be flagged for server auth use
SignerKeyName string: A key to sign the certificate with, required in Private CA mode
StreetAddress string: A comma-separated list of street addresses that will be set in the issued certificate
Tags List<string>: List of the tags attached to this key

Ttl string: The maximum requested Time To Live for issued certificate by default in seconds, supported formats are s,m,h,d. In case of Public CA, this is based on the CA target's supported maximum TTLs
AllowAnyName bool: If set, clients can request certificates for any CN
AllowCopyExtFromCsr bool: If set, will allow copying the extra extensions from the csr file (if given)
AllowSubdomains bool: If set, clients can request certificates for subdomains and wildcard subdomains of the allowed domains
AllowedDomains string: A list of the allowed domains that clients can request to be included in the certificate (in a comma-delimited list)
AllowedExtraExtensions string: A json string that defines the allowed extra extensions for the pki cert issuer
AllowedUriSans string: A list of the allowed URIs that clients can request to be included in the certificate as part of the URI Subject Alternative Names (in a comma-delimited list)
AutoRenew bool: Automatically renew certificates before expiration
CaTarget string: The name of an existing CA target to attach this PKI Certificate Issuer to, required in Public CA mode
ClientFlag bool: If set, certificates will be flagged for client auth use
CodeSigningFlag bool: If set, certificates will be flagged for code signing use
Country string: A comma-separated list of countries that will be set in the issued certificate
CreatePrivateCrl bool: Set this to allow the issuer will expose a CRL endpoint in the Gateway
CreatePublicCrl bool: Set this to allow the cert issuer will expose a public CRL endpoint
CriticalKeyUsage string: Mark key usage as critical [true/false]
DeleteProtection bool: Protection from accidental deletion of this item, [true/false]
Description string: Description of the object
DestinationPath string: A path in Akeyless which to save generated certificates
EnableAcme bool: If set, the cert issuer will support the acme protocol
ExpirationEventIns []string: How many days before the expiration of the certificate would you like to be notified
GwClusterUrl string: The GW cluster URL to issue the certificate from, required in Public CA mode
IsCa bool: If set, the basic constraints extension will be added to certificate
KeyUsage string: A comma-separated string or list of key usages
Locality string: A comma-separated list of localities that will be set in the issued certificate
Name string: PKI certificate issuer name
NotEnforceHostnames bool: If set, any names are allowed for CN and SANs in the certificate and not only a valid host name
NotRequireCn bool: If set, clients can request certificates without a CN
OrganizationalUnits string: A comma-separated list of organizational units (OU) that will be set in the issued certificate
Organizations string: A comma-separated list of organizations (O) that will be set in the issued certificate
PkiCertIssuerId string: The ID of this resource.
PostalCode string: A comma-separated list of postal codes that will be set in the issued certificate
ProtectCertificates bool: Whether to protect generated certificates from deletion
Province string: A comma-separated list of provinces that will be set in the issued certificate
ScheduledRenew float64: Number of days before expiration to renew certificates
ServerFlag bool: If set, certificates will be flagged for server auth use
SignerKeyName string: A key to sign the certificate with, required in Private CA mode
StreetAddress string: A comma-separated list of street addresses that will be set in the issued certificate
Tags []string: List of the tags attached to this key

ttl String: The maximum requested Time To Live for issued certificate by default in seconds, supported formats are s,m,h,d. In case of Public CA, this is based on the CA target's supported maximum TTLs
allowAnyName Boolean: If set, clients can request certificates for any CN
allowCopyExtFromCsr Boolean: If set, will allow copying the extra extensions from the csr file (if given)
allowSubdomains Boolean: If set, clients can request certificates for subdomains and wildcard subdomains of the allowed domains
allowedDomains String: A list of the allowed domains that clients can request to be included in the certificate (in a comma-delimited list)
allowedExtraExtensions String: A json string that defines the allowed extra extensions for the pki cert issuer
allowedUriSans String: A list of the allowed URIs that clients can request to be included in the certificate as part of the URI Subject Alternative Names (in a comma-delimited list)
autoRenew Boolean: Automatically renew certificates before expiration
caTarget String: The name of an existing CA target to attach this PKI Certificate Issuer to, required in Public CA mode
clientFlag Boolean: If set, certificates will be flagged for client auth use
codeSigningFlag Boolean: If set, certificates will be flagged for code signing use
country String: A comma-separated list of countries that will be set in the issued certificate
createPrivateCrl Boolean: Set this to allow the issuer will expose a CRL endpoint in the Gateway
createPublicCrl Boolean: Set this to allow the cert issuer will expose a public CRL endpoint
criticalKeyUsage String: Mark key usage as critical [true/false]
deleteProtection Boolean: Protection from accidental deletion of this item, [true/false]
description String: Description of the object
destinationPath String: A path in Akeyless which to save generated certificates
enableAcme Boolean: If set, the cert issuer will support the acme protocol
expirationEventIns List<String>: How many days before the expiration of the certificate would you like to be notified
gwClusterUrl String: The GW cluster URL to issue the certificate from, required in Public CA mode
isCa Boolean: If set, the basic constraints extension will be added to certificate
keyUsage String: A comma-separated string or list of key usages
locality String: A comma-separated list of localities that will be set in the issued certificate
name String: PKI certificate issuer name
notEnforceHostnames Boolean: If set, any names are allowed for CN and SANs in the certificate and not only a valid host name
notRequireCn Boolean: If set, clients can request certificates without a CN
organizationalUnits String: A comma-separated list of organizational units (OU) that will be set in the issued certificate
organizations String: A comma-separated list of organizations (O) that will be set in the issued certificate
pkiCertIssuerId String: The ID of this resource.
postalCode String: A comma-separated list of postal codes that will be set in the issued certificate
protectCertificates Boolean: Whether to protect generated certificates from deletion
province String: A comma-separated list of provinces that will be set in the issued certificate
scheduledRenew Double: Number of days before expiration to renew certificates
serverFlag Boolean: If set, certificates will be flagged for server auth use
signerKeyName String: A key to sign the certificate with, required in Private CA mode
streetAddress String: A comma-separated list of street addresses that will be set in the issued certificate
tags List<String>: List of the tags attached to this key

ttl string: The maximum requested Time To Live for issued certificate by default in seconds, supported formats are s,m,h,d. In case of Public CA, this is based on the CA target's supported maximum TTLs
allowAnyName boolean: If set, clients can request certificates for any CN
allowCopyExtFromCsr boolean: If set, will allow copying the extra extensions from the csr file (if given)
allowSubdomains boolean: If set, clients can request certificates for subdomains and wildcard subdomains of the allowed domains
allowedDomains string: A list of the allowed domains that clients can request to be included in the certificate (in a comma-delimited list)
allowedExtraExtensions string: A json string that defines the allowed extra extensions for the pki cert issuer
allowedUriSans string: A list of the allowed URIs that clients can request to be included in the certificate as part of the URI Subject Alternative Names (in a comma-delimited list)
autoRenew boolean: Automatically renew certificates before expiration
caTarget string: The name of an existing CA target to attach this PKI Certificate Issuer to, required in Public CA mode
clientFlag boolean: If set, certificates will be flagged for client auth use
codeSigningFlag boolean: If set, certificates will be flagged for code signing use
country string: A comma-separated list of countries that will be set in the issued certificate
createPrivateCrl boolean: Set this to allow the issuer will expose a CRL endpoint in the Gateway
createPublicCrl boolean: Set this to allow the cert issuer will expose a public CRL endpoint
criticalKeyUsage string: Mark key usage as critical [true/false]
deleteProtection boolean: Protection from accidental deletion of this item, [true/false]
description string: Description of the object
destinationPath string: A path in Akeyless which to save generated certificates
enableAcme boolean: If set, the cert issuer will support the acme protocol
expirationEventIns string[]: How many days before the expiration of the certificate would you like to be notified
gwClusterUrl string: The GW cluster URL to issue the certificate from, required in Public CA mode
isCa boolean: If set, the basic constraints extension will be added to certificate
keyUsage string: A comma-separated string or list of key usages
locality string: A comma-separated list of localities that will be set in the issued certificate
name string: PKI certificate issuer name
notEnforceHostnames boolean: If set, any names are allowed for CN and SANs in the certificate and not only a valid host name
notRequireCn boolean: If set, clients can request certificates without a CN
organizationalUnits string: A comma-separated list of organizational units (OU) that will be set in the issued certificate
organizations string: A comma-separated list of organizations (O) that will be set in the issued certificate
pkiCertIssuerId string: The ID of this resource.
postalCode string: A comma-separated list of postal codes that will be set in the issued certificate
protectCertificates boolean: Whether to protect generated certificates from deletion
province string: A comma-separated list of provinces that will be set in the issued certificate
scheduledRenew number: Number of days before expiration to renew certificates
serverFlag boolean: If set, certificates will be flagged for server auth use
signerKeyName string: A key to sign the certificate with, required in Private CA mode
streetAddress string: A comma-separated list of street addresses that will be set in the issued certificate
tags string[]: List of the tags attached to this key

ttl str: The maximum requested Time To Live for issued certificate by default in seconds, supported formats are s,m,h,d. In case of Public CA, this is based on the CA target's supported maximum TTLs
allow_any_name bool: If set, clients can request certificates for any CN
allow_copy_ext_from_csr bool: If set, will allow copying the extra extensions from the csr file (if given)
allow_subdomains bool: If set, clients can request certificates for subdomains and wildcard subdomains of the allowed domains
allowed_domains str: A list of the allowed domains that clients can request to be included in the certificate (in a comma-delimited list)
allowed_extra_extensions str: A json string that defines the allowed extra extensions for the pki cert issuer
allowed_uri_sans str: A list of the allowed URIs that clients can request to be included in the certificate as part of the URI Subject Alternative Names (in a comma-delimited list)
auto_renew bool: Automatically renew certificates before expiration
ca_target str: The name of an existing CA target to attach this PKI Certificate Issuer to, required in Public CA mode
client_flag bool: If set, certificates will be flagged for client auth use
code_signing_flag bool: If set, certificates will be flagged for code signing use
country str: A comma-separated list of countries that will be set in the issued certificate
create_private_crl bool: Set this to allow the issuer will expose a CRL endpoint in the Gateway
create_public_crl bool: Set this to allow the cert issuer will expose a public CRL endpoint
critical_key_usage str: Mark key usage as critical [true/false]
delete_protection bool: Protection from accidental deletion of this item, [true/false]
description str: Description of the object
destination_path str: A path in Akeyless which to save generated certificates
enable_acme bool: If set, the cert issuer will support the acme protocol
expiration_event_ins Sequence[str]: How many days before the expiration of the certificate would you like to be notified
gw_cluster_url str: The GW cluster URL to issue the certificate from, required in Public CA mode
is_ca bool: If set, the basic constraints extension will be added to certificate
key_usage str: A comma-separated string or list of key usages
locality str: A comma-separated list of localities that will be set in the issued certificate
name str: PKI certificate issuer name
not_enforce_hostnames bool: If set, any names are allowed for CN and SANs in the certificate and not only a valid host name
not_require_cn bool: If set, clients can request certificates without a CN
organizational_units str: A comma-separated list of organizational units (OU) that will be set in the issued certificate
organizations str: A comma-separated list of organizations (O) that will be set in the issued certificate
pki_cert_issuer_id str: The ID of this resource.
postal_code str: A comma-separated list of postal codes that will be set in the issued certificate
protect_certificates bool: Whether to protect generated certificates from deletion
province str: A comma-separated list of provinces that will be set in the issued certificate
scheduled_renew float: Number of days before expiration to renew certificates
server_flag bool: If set, certificates will be flagged for server auth use
signer_key_name str: A key to sign the certificate with, required in Private CA mode
street_address str: A comma-separated list of street addresses that will be set in the issued certificate
tags Sequence[str]: List of the tags attached to this key

ttl String: The maximum requested Time To Live for issued certificate by default in seconds, supported formats are s,m,h,d. In case of Public CA, this is based on the CA target's supported maximum TTLs
allowAnyName Boolean: If set, clients can request certificates for any CN
allowCopyExtFromCsr Boolean: If set, will allow copying the extra extensions from the csr file (if given)
allowSubdomains Boolean: If set, clients can request certificates for subdomains and wildcard subdomains of the allowed domains
allowedDomains String: A list of the allowed domains that clients can request to be included in the certificate (in a comma-delimited list)
allowedExtraExtensions String: A json string that defines the allowed extra extensions for the pki cert issuer
allowedUriSans String: A list of the allowed URIs that clients can request to be included in the certificate as part of the URI Subject Alternative Names (in a comma-delimited list)
autoRenew Boolean: Automatically renew certificates before expiration
caTarget String: The name of an existing CA target to attach this PKI Certificate Issuer to, required in Public CA mode
clientFlag Boolean: If set, certificates will be flagged for client auth use
codeSigningFlag Boolean: If set, certificates will be flagged for code signing use
country String: A comma-separated list of countries that will be set in the issued certificate
createPrivateCrl Boolean: Set this to allow the issuer will expose a CRL endpoint in the Gateway
createPublicCrl Boolean: Set this to allow the cert issuer will expose a public CRL endpoint
criticalKeyUsage String: Mark key usage as critical [true/false]
deleteProtection Boolean: Protection from accidental deletion of this item, [true/false]
description String: Description of the object
destinationPath String: A path in Akeyless which to save generated certificates
enableAcme Boolean: If set, the cert issuer will support the acme protocol
expirationEventIns List<String>: How many days before the expiration of the certificate would you like to be notified
gwClusterUrl String: The GW cluster URL to issue the certificate from, required in Public CA mode
isCa Boolean: If set, the basic constraints extension will be added to certificate
keyUsage String: A comma-separated string or list of key usages
locality String: A comma-separated list of localities that will be set in the issued certificate
name String: PKI certificate issuer name
notEnforceHostnames Boolean: If set, any names are allowed for CN and SANs in the certificate and not only a valid host name
notRequireCn Boolean: If set, clients can request certificates without a CN
organizationalUnits String: A comma-separated list of organizational units (OU) that will be set in the issued certificate
organizations String: A comma-separated list of organizations (O) that will be set in the issued certificate
pkiCertIssuerId String: The ID of this resource.
postalCode String: A comma-separated list of postal codes that will be set in the issued certificate
protectCertificates Boolean: Whether to protect generated certificates from deletion
province String: A comma-separated list of provinces that will be set in the issued certificate
scheduledRenew Number: Number of days before expiration to renew certificates
serverFlag Boolean: If set, certificates will be flagged for server auth use
signerKeyName String: A key to sign the certificate with, required in Private CA mode
streetAddress String: A comma-separated list of street addresses that will be set in the issued certificate
tags List<String>: List of the tags attached to this key

Outputs

All input properties are implicitly available as output properties. Additionally, the PkiCertIssuer resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing PkiCertIssuer Resource

Get an existing PkiCertIssuer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PkiCertIssuerState, opts?: CustomResourceOptions): PkiCertIssuer

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allow_any_name: Optional[bool] = None,
        allow_copy_ext_from_csr: Optional[bool] = None,
        allow_subdomains: Optional[bool] = None,
        allowed_domains: Optional[str] = None,
        allowed_extra_extensions: Optional[str] = None,
        allowed_uri_sans: Optional[str] = None,
        auto_renew: Optional[bool] = None,
        ca_target: Optional[str] = None,
        client_flag: Optional[bool] = None,
        code_signing_flag: Optional[bool] = None,
        country: Optional[str] = None,
        create_private_crl: Optional[bool] = None,
        create_public_crl: Optional[bool] = None,
        critical_key_usage: Optional[str] = None,
        delete_protection: Optional[bool] = None,
        description: Optional[str] = None,
        destination_path: Optional[str] = None,
        enable_acme: Optional[bool] = None,
        expiration_event_ins: Optional[Sequence[str]] = None,
        gw_cluster_url: Optional[str] = None,
        is_ca: Optional[bool] = None,
        key_usage: Optional[str] = None,
        locality: Optional[str] = None,
        name: Optional[str] = None,
        not_enforce_hostnames: Optional[bool] = None,
        not_require_cn: Optional[bool] = None,
        organizational_units: Optional[str] = None,
        organizations: Optional[str] = None,
        pki_cert_issuer_id: Optional[str] = None,
        postal_code: Optional[str] = None,
        protect_certificates: Optional[bool] = None,
        province: Optional[str] = None,
        scheduled_renew: Optional[float] = None,
        server_flag: Optional[bool] = None,
        signer_key_name: Optional[str] = None,
        street_address: Optional[str] = None,
        tags: Optional[Sequence[str]] = None,
        ttl: Optional[str] = None) -> PkiCertIssuer

func GetPkiCertIssuer(ctx *Context, name string, id IDInput, state *PkiCertIssuerState, opts ...ResourceOption) (*PkiCertIssuer, error)

public static PkiCertIssuer Get(string name, Input<string> id, PkiCertIssuerState? state, CustomResourceOptions? opts = null)

public static PkiCertIssuer get(String name, Output<String> id, PkiCertIssuerState state, CustomResourceOptions options)

resources:  _:    type: akeyless:PkiCertIssuer    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowAnyName bool: If set, clients can request certificates for any CN
AllowCopyExtFromCsr bool: If set, will allow copying the extra extensions from the csr file (if given)
AllowSubdomains bool: If set, clients can request certificates for subdomains and wildcard subdomains of the allowed domains
AllowedDomains string: A list of the allowed domains that clients can request to be included in the certificate (in a comma-delimited list)
AllowedExtraExtensions string: A json string that defines the allowed extra extensions for the pki cert issuer
AllowedUriSans string: A list of the allowed URIs that clients can request to be included in the certificate as part of the URI Subject Alternative Names (in a comma-delimited list)
AutoRenew bool: Automatically renew certificates before expiration
CaTarget string: The name of an existing CA target to attach this PKI Certificate Issuer to, required in Public CA mode
ClientFlag bool: If set, certificates will be flagged for client auth use
CodeSigningFlag bool: If set, certificates will be flagged for code signing use
Country string: A comma-separated list of countries that will be set in the issued certificate
CreatePrivateCrl bool: Set this to allow the issuer will expose a CRL endpoint in the Gateway
CreatePublicCrl bool: Set this to allow the cert issuer will expose a public CRL endpoint
CriticalKeyUsage string: Mark key usage as critical [true/false]
DeleteProtection bool: Protection from accidental deletion of this item, [true/false]
Description string: Description of the object
DestinationPath string: A path in Akeyless which to save generated certificates
EnableAcme bool: If set, the cert issuer will support the acme protocol
ExpirationEventIns List<string>: How many days before the expiration of the certificate would you like to be notified
GwClusterUrl string: The GW cluster URL to issue the certificate from, required in Public CA mode
IsCa bool: If set, the basic constraints extension will be added to certificate
KeyUsage string: A comma-separated string or list of key usages
Locality string: A comma-separated list of localities that will be set in the issued certificate
Name string: PKI certificate issuer name
NotEnforceHostnames bool: If set, any names are allowed for CN and SANs in the certificate and not only a valid host name
NotRequireCn bool: If set, clients can request certificates without a CN
OrganizationalUnits string: A comma-separated list of organizational units (OU) that will be set in the issued certificate
Organizations string: A comma-separated list of organizations (O) that will be set in the issued certificate
PkiCertIssuerId string: The ID of this resource.
PostalCode string: A comma-separated list of postal codes that will be set in the issued certificate
ProtectCertificates bool: Whether to protect generated certificates from deletion
Province string: A comma-separated list of provinces that will be set in the issued certificate
ScheduledRenew double: Number of days before expiration to renew certificates
ServerFlag bool: If set, certificates will be flagged for server auth use
SignerKeyName string: A key to sign the certificate with, required in Private CA mode
StreetAddress string: A comma-separated list of street addresses that will be set in the issued certificate
Tags List<string>: List of the tags attached to this key
Ttl string: The maximum requested Time To Live for issued certificate by default in seconds, supported formats are s,m,h,d. In case of Public CA, this is based on the CA target's supported maximum TTLs

AllowAnyName bool: If set, clients can request certificates for any CN
AllowCopyExtFromCsr bool: If set, will allow copying the extra extensions from the csr file (if given)
AllowSubdomains bool: If set, clients can request certificates for subdomains and wildcard subdomains of the allowed domains
AllowedDomains string: A list of the allowed domains that clients can request to be included in the certificate (in a comma-delimited list)
AllowedExtraExtensions string: A json string that defines the allowed extra extensions for the pki cert issuer
AllowedUriSans string: A list of the allowed URIs that clients can request to be included in the certificate as part of the URI Subject Alternative Names (in a comma-delimited list)
AutoRenew bool: Automatically renew certificates before expiration
CaTarget string: The name of an existing CA target to attach this PKI Certificate Issuer to, required in Public CA mode
ClientFlag bool: If set, certificates will be flagged for client auth use
CodeSigningFlag bool: If set, certificates will be flagged for code signing use
Country string: A comma-separated list of countries that will be set in the issued certificate
CreatePrivateCrl bool: Set this to allow the issuer will expose a CRL endpoint in the Gateway
CreatePublicCrl bool: Set this to allow the cert issuer will expose a public CRL endpoint
CriticalKeyUsage string: Mark key usage as critical [true/false]
DeleteProtection bool: Protection from accidental deletion of this item, [true/false]
Description string: Description of the object
DestinationPath string: A path in Akeyless which to save generated certificates
EnableAcme bool: If set, the cert issuer will support the acme protocol
ExpirationEventIns []string: How many days before the expiration of the certificate would you like to be notified
GwClusterUrl string: The GW cluster URL to issue the certificate from, required in Public CA mode
IsCa bool: If set, the basic constraints extension will be added to certificate
KeyUsage string: A comma-separated string or list of key usages
Locality string: A comma-separated list of localities that will be set in the issued certificate
Name string: PKI certificate issuer name
NotEnforceHostnames bool: If set, any names are allowed for CN and SANs in the certificate and not only a valid host name
NotRequireCn bool: If set, clients can request certificates without a CN
OrganizationalUnits string: A comma-separated list of organizational units (OU) that will be set in the issued certificate
Organizations string: A comma-separated list of organizations (O) that will be set in the issued certificate
PkiCertIssuerId string: The ID of this resource.
PostalCode string: A comma-separated list of postal codes that will be set in the issued certificate
ProtectCertificates bool: Whether to protect generated certificates from deletion
Province string: A comma-separated list of provinces that will be set in the issued certificate
ScheduledRenew float64: Number of days before expiration to renew certificates
ServerFlag bool: If set, certificates will be flagged for server auth use
SignerKeyName string: A key to sign the certificate with, required in Private CA mode
StreetAddress string: A comma-separated list of street addresses that will be set in the issued certificate
Tags []string: List of the tags attached to this key
Ttl string: The maximum requested Time To Live for issued certificate by default in seconds, supported formats are s,m,h,d. In case of Public CA, this is based on the CA target's supported maximum TTLs

allowAnyName Boolean: If set, clients can request certificates for any CN
allowCopyExtFromCsr Boolean: If set, will allow copying the extra extensions from the csr file (if given)
allowSubdomains Boolean: If set, clients can request certificates for subdomains and wildcard subdomains of the allowed domains
allowedDomains String: A list of the allowed domains that clients can request to be included in the certificate (in a comma-delimited list)
allowedExtraExtensions String: A json string that defines the allowed extra extensions for the pki cert issuer
allowedUriSans String: A list of the allowed URIs that clients can request to be included in the certificate as part of the URI Subject Alternative Names (in a comma-delimited list)
autoRenew Boolean: Automatically renew certificates before expiration
caTarget String: The name of an existing CA target to attach this PKI Certificate Issuer to, required in Public CA mode
clientFlag Boolean: If set, certificates will be flagged for client auth use
codeSigningFlag Boolean: If set, certificates will be flagged for code signing use
country String: A comma-separated list of countries that will be set in the issued certificate
createPrivateCrl Boolean: Set this to allow the issuer will expose a CRL endpoint in the Gateway
createPublicCrl Boolean: Set this to allow the cert issuer will expose a public CRL endpoint
criticalKeyUsage String: Mark key usage as critical [true/false]
deleteProtection Boolean: Protection from accidental deletion of this item, [true/false]
description String: Description of the object
destinationPath String: A path in Akeyless which to save generated certificates
enableAcme Boolean: If set, the cert issuer will support the acme protocol
expirationEventIns List<String>: How many days before the expiration of the certificate would you like to be notified
gwClusterUrl String: The GW cluster URL to issue the certificate from, required in Public CA mode
isCa Boolean: If set, the basic constraints extension will be added to certificate
keyUsage String: A comma-separated string or list of key usages
locality String: A comma-separated list of localities that will be set in the issued certificate
name String: PKI certificate issuer name
notEnforceHostnames Boolean: If set, any names are allowed for CN and SANs in the certificate and not only a valid host name
notRequireCn Boolean: If set, clients can request certificates without a CN
organizationalUnits String: A comma-separated list of organizational units (OU) that will be set in the issued certificate
organizations String: A comma-separated list of organizations (O) that will be set in the issued certificate
pkiCertIssuerId String: The ID of this resource.
postalCode String: A comma-separated list of postal codes that will be set in the issued certificate
protectCertificates Boolean: Whether to protect generated certificates from deletion
province String: A comma-separated list of provinces that will be set in the issued certificate
scheduledRenew Double: Number of days before expiration to renew certificates
serverFlag Boolean: If set, certificates will be flagged for server auth use
signerKeyName String: A key to sign the certificate with, required in Private CA mode
streetAddress String: A comma-separated list of street addresses that will be set in the issued certificate
tags List<String>: List of the tags attached to this key
ttl String: The maximum requested Time To Live for issued certificate by default in seconds, supported formats are s,m,h,d. In case of Public CA, this is based on the CA target's supported maximum TTLs

allowAnyName boolean: If set, clients can request certificates for any CN
allowCopyExtFromCsr boolean: If set, will allow copying the extra extensions from the csr file (if given)
allowSubdomains boolean: If set, clients can request certificates for subdomains and wildcard subdomains of the allowed domains
allowedDomains string: A list of the allowed domains that clients can request to be included in the certificate (in a comma-delimited list)
allowedExtraExtensions string: A json string that defines the allowed extra extensions for the pki cert issuer
allowedUriSans string: A list of the allowed URIs that clients can request to be included in the certificate as part of the URI Subject Alternative Names (in a comma-delimited list)
autoRenew boolean: Automatically renew certificates before expiration
caTarget string: The name of an existing CA target to attach this PKI Certificate Issuer to, required in Public CA mode
clientFlag boolean: If set, certificates will be flagged for client auth use
codeSigningFlag boolean: If set, certificates will be flagged for code signing use
country string: A comma-separated list of countries that will be set in the issued certificate
createPrivateCrl boolean: Set this to allow the issuer will expose a CRL endpoint in the Gateway
createPublicCrl boolean: Set this to allow the cert issuer will expose a public CRL endpoint
criticalKeyUsage string: Mark key usage as critical [true/false]
deleteProtection boolean: Protection from accidental deletion of this item, [true/false]
description string: Description of the object
destinationPath string: A path in Akeyless which to save generated certificates
enableAcme boolean: If set, the cert issuer will support the acme protocol
expirationEventIns string[]: How many days before the expiration of the certificate would you like to be notified
gwClusterUrl string: The GW cluster URL to issue the certificate from, required in Public CA mode
isCa boolean: If set, the basic constraints extension will be added to certificate
keyUsage string: A comma-separated string or list of key usages
locality string: A comma-separated list of localities that will be set in the issued certificate
name string: PKI certificate issuer name
notEnforceHostnames boolean: If set, any names are allowed for CN and SANs in the certificate and not only a valid host name
notRequireCn boolean: If set, clients can request certificates without a CN
organizationalUnits string: A comma-separated list of organizational units (OU) that will be set in the issued certificate
organizations string: A comma-separated list of organizations (O) that will be set in the issued certificate
pkiCertIssuerId string: The ID of this resource.
postalCode string: A comma-separated list of postal codes that will be set in the issued certificate
protectCertificates boolean: Whether to protect generated certificates from deletion
province string: A comma-separated list of provinces that will be set in the issued certificate
scheduledRenew number: Number of days before expiration to renew certificates
serverFlag boolean: If set, certificates will be flagged for server auth use
signerKeyName string: A key to sign the certificate with, required in Private CA mode
streetAddress string: A comma-separated list of street addresses that will be set in the issued certificate
tags string[]: List of the tags attached to this key
ttl string: The maximum requested Time To Live for issued certificate by default in seconds, supported formats are s,m,h,d. In case of Public CA, this is based on the CA target's supported maximum TTLs

allow_any_name bool: If set, clients can request certificates for any CN
allow_copy_ext_from_csr bool: If set, will allow copying the extra extensions from the csr file (if given)
allow_subdomains bool: If set, clients can request certificates for subdomains and wildcard subdomains of the allowed domains
allowed_domains str: A list of the allowed domains that clients can request to be included in the certificate (in a comma-delimited list)
allowed_extra_extensions str: A json string that defines the allowed extra extensions for the pki cert issuer
allowed_uri_sans str: A list of the allowed URIs that clients can request to be included in the certificate as part of the URI Subject Alternative Names (in a comma-delimited list)
auto_renew bool: Automatically renew certificates before expiration
ca_target str: The name of an existing CA target to attach this PKI Certificate Issuer to, required in Public CA mode
client_flag bool: If set, certificates will be flagged for client auth use
code_signing_flag bool: If set, certificates will be flagged for code signing use
country str: A comma-separated list of countries that will be set in the issued certificate
create_private_crl bool: Set this to allow the issuer will expose a CRL endpoint in the Gateway
create_public_crl bool: Set this to allow the cert issuer will expose a public CRL endpoint
critical_key_usage str: Mark key usage as critical [true/false]
delete_protection bool: Protection from accidental deletion of this item, [true/false]
description str: Description of the object
destination_path str: A path in Akeyless which to save generated certificates
enable_acme bool: If set, the cert issuer will support the acme protocol
expiration_event_ins Sequence[str]: How many days before the expiration of the certificate would you like to be notified
gw_cluster_url str: The GW cluster URL to issue the certificate from, required in Public CA mode
is_ca bool: If set, the basic constraints extension will be added to certificate
key_usage str: A comma-separated string or list of key usages
locality str: A comma-separated list of localities that will be set in the issued certificate
name str: PKI certificate issuer name
not_enforce_hostnames bool: If set, any names are allowed for CN and SANs in the certificate and not only a valid host name
not_require_cn bool: If set, clients can request certificates without a CN
organizational_units str: A comma-separated list of organizational units (OU) that will be set in the issued certificate
organizations str: A comma-separated list of organizations (O) that will be set in the issued certificate
pki_cert_issuer_id str: The ID of this resource.
postal_code str: A comma-separated list of postal codes that will be set in the issued certificate
protect_certificates bool: Whether to protect generated certificates from deletion
province str: A comma-separated list of provinces that will be set in the issued certificate
scheduled_renew float: Number of days before expiration to renew certificates
server_flag bool: If set, certificates will be flagged for server auth use
signer_key_name str: A key to sign the certificate with, required in Private CA mode
street_address str: A comma-separated list of street addresses that will be set in the issued certificate
tags Sequence[str]: List of the tags attached to this key
ttl str: The maximum requested Time To Live for issued certificate by default in seconds, supported formats are s,m,h,d. In case of Public CA, this is based on the CA target's supported maximum TTLs

allowAnyName Boolean: If set, clients can request certificates for any CN
allowCopyExtFromCsr Boolean: If set, will allow copying the extra extensions from the csr file (if given)
allowSubdomains Boolean: If set, clients can request certificates for subdomains and wildcard subdomains of the allowed domains
allowedDomains String: A list of the allowed domains that clients can request to be included in the certificate (in a comma-delimited list)
allowedExtraExtensions String: A json string that defines the allowed extra extensions for the pki cert issuer
allowedUriSans String: A list of the allowed URIs that clients can request to be included in the certificate as part of the URI Subject Alternative Names (in a comma-delimited list)
autoRenew Boolean: Automatically renew certificates before expiration
caTarget String: The name of an existing CA target to attach this PKI Certificate Issuer to, required in Public CA mode
clientFlag Boolean: If set, certificates will be flagged for client auth use
codeSigningFlag Boolean: If set, certificates will be flagged for code signing use
country String: A comma-separated list of countries that will be set in the issued certificate
createPrivateCrl Boolean: Set this to allow the issuer will expose a CRL endpoint in the Gateway
createPublicCrl Boolean: Set this to allow the cert issuer will expose a public CRL endpoint
criticalKeyUsage String: Mark key usage as critical [true/false]
deleteProtection Boolean: Protection from accidental deletion of this item, [true/false]
description String: Description of the object
destinationPath String: A path in Akeyless which to save generated certificates
enableAcme Boolean: If set, the cert issuer will support the acme protocol
expirationEventIns List<String>: How many days before the expiration of the certificate would you like to be notified
gwClusterUrl String: The GW cluster URL to issue the certificate from, required in Public CA mode
isCa Boolean: If set, the basic constraints extension will be added to certificate
keyUsage String: A comma-separated string or list of key usages
locality String: A comma-separated list of localities that will be set in the issued certificate
name String: PKI certificate issuer name
notEnforceHostnames Boolean: If set, any names are allowed for CN and SANs in the certificate and not only a valid host name
notRequireCn Boolean: If set, clients can request certificates without a CN
organizationalUnits String: A comma-separated list of organizational units (OU) that will be set in the issued certificate
organizations String: A comma-separated list of organizations (O) that will be set in the issued certificate
pkiCertIssuerId String: The ID of this resource.
postalCode String: A comma-separated list of postal codes that will be set in the issued certificate
protectCertificates Boolean: Whether to protect generated certificates from deletion
province String: A comma-separated list of provinces that will be set in the issued certificate
scheduledRenew Number: Number of days before expiration to renew certificates
serverFlag Boolean: If set, certificates will be flagged for server auth use
signerKeyName String: A key to sign the certificate with, required in Private CA mode
streetAddress String: A comma-separated list of street addresses that will be set in the issued certificate
tags List<String>: List of the tags attached to this key
ttl String: The maximum requested Time To Live for issued certificate by default in seconds, supported formats are s,m,h,d. In case of Public CA, this is based on the CA target's supported maximum TTLs

Package Details

Repository: akeyless akeyless-community/terraform-provider-akeyless
License
Notes: This Pulumi package is based on the akeyless Terraform Provider.

akeyless 1.9.0 published on Monday, Apr 14, 2025 by akeyless-community

akeyless-community/terraform-provider-akeyless

akeyless.PkiCertIssuer

On this page

On this page

Create PkiCertIssuer Resource

Constructor syntax

Parameters

Constructor example

PkiCertIssuer Resource Properties

Inputs

Outputs

Look up Existing PkiCertIssuer Resource

Package Details

On this page

On this page