We recommend using Azure Native.
Azure v6.31.0 published on Monday, Dec 29, 2025 by Pulumi
Manages a Container App Environment Certificate.
Example Usage
Certificate from .pfx file
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as std from "@pulumi/std";
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleAnalyticsWorkspace = new azure.operationalinsights.AnalyticsWorkspace("example", {
name: "acctest-01",
location: example.location,
resourceGroupName: example.name,
sku: "PerGB2018",
retentionInDays: 30,
});
const exampleEnvironment = new azure.containerapp.Environment("example", {
name: "myEnvironment",
location: example.location,
resourceGroupName: example.name,
logAnalyticsWorkspaceId: exampleAnalyticsWorkspace.id,
});
const exampleEnvironmentCertificate = new azure.containerapp.EnvironmentCertificate("example", {
name: "myfriendlyname",
containerAppEnvironmentId: exampleEnvironment.id,
certificateBlobBase64: std.filebase64({
input: "path/to/certificate_file.pfx",
}).then(invoke => invoke.result),
certificatePassword: "$3cretSqu1rreL",
});
import pulumi
import pulumi_azure as azure
import pulumi_std as std
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_analytics_workspace = azure.operationalinsights.AnalyticsWorkspace("example",
name="acctest-01",
location=example.location,
resource_group_name=example.name,
sku="PerGB2018",
retention_in_days=30)
example_environment = azure.containerapp.Environment("example",
name="myEnvironment",
location=example.location,
resource_group_name=example.name,
log_analytics_workspace_id=example_analytics_workspace.id)
example_environment_certificate = azure.containerapp.EnvironmentCertificate("example",
name="myfriendlyname",
container_app_environment_id=example_environment.id,
certificate_blob_base64=std.filebase64(input="path/to/certificate_file.pfx").result,
certificate_password="$3cretSqu1rreL")
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/containerapp"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/operationalinsights"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
Name: pulumi.String("acctest-01"),
Location: example.Location,
ResourceGroupName: example.Name,
Sku: pulumi.String("PerGB2018"),
RetentionInDays: pulumi.Int(30),
})
if err != nil {
return err
}
exampleEnvironment, err := containerapp.NewEnvironment(ctx, "example", &containerapp.EnvironmentArgs{
Name: pulumi.String("myEnvironment"),
Location: example.Location,
ResourceGroupName: example.Name,
LogAnalyticsWorkspaceId: exampleAnalyticsWorkspace.ID(),
})
if err != nil {
return err
}
invokeFilebase64, err := std.Filebase64(ctx, &std.Filebase64Args{
Input: "path/to/certificate_file.pfx",
}, nil)
if err != nil {
return err
}
_, err = containerapp.NewEnvironmentCertificate(ctx, "example", &containerapp.EnvironmentCertificateArgs{
Name: pulumi.String("myfriendlyname"),
ContainerAppEnvironmentId: exampleEnvironment.ID(),
CertificateBlobBase64: pulumi.String(invokeFilebase64.Result),
CertificatePassword: pulumi.String("$3cretSqu1rreL"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleAnalyticsWorkspace = new Azure.OperationalInsights.AnalyticsWorkspace("example", new()
{
Name = "acctest-01",
Location = example.Location,
ResourceGroupName = example.Name,
Sku = "PerGB2018",
RetentionInDays = 30,
});
var exampleEnvironment = new Azure.ContainerApp.Environment("example", new()
{
Name = "myEnvironment",
Location = example.Location,
ResourceGroupName = example.Name,
LogAnalyticsWorkspaceId = exampleAnalyticsWorkspace.Id,
});
var exampleEnvironmentCertificate = new Azure.ContainerApp.EnvironmentCertificate("example", new()
{
Name = "myfriendlyname",
ContainerAppEnvironmentId = exampleEnvironment.Id,
CertificateBlobBase64 = Std.Filebase64.Invoke(new()
{
Input = "path/to/certificate_file.pfx",
}).Apply(invoke => invoke.Result),
CertificatePassword = "$3cretSqu1rreL",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspace;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspaceArgs;
import com.pulumi.azure.containerapp.Environment;
import com.pulumi.azure.containerapp.EnvironmentArgs;
import com.pulumi.azure.containerapp.EnvironmentCertificate;
import com.pulumi.azure.containerapp.EnvironmentCertificateArgs;
import com.pulumi.std.StdFunctions;
import com.pulumi.std.inputs.Filebase64Args;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleAnalyticsWorkspace = new AnalyticsWorkspace("exampleAnalyticsWorkspace", AnalyticsWorkspaceArgs.builder()
.name("acctest-01")
.location(example.location())
.resourceGroupName(example.name())
.sku("PerGB2018")
.retentionInDays(30)
.build());
var exampleEnvironment = new Environment("exampleEnvironment", EnvironmentArgs.builder()
.name("myEnvironment")
.location(example.location())
.resourceGroupName(example.name())
.logAnalyticsWorkspaceId(exampleAnalyticsWorkspace.id())
.build());
var exampleEnvironmentCertificate = new EnvironmentCertificate("exampleEnvironmentCertificate", EnvironmentCertificateArgs.builder()
.name("myfriendlyname")
.containerAppEnvironmentId(exampleEnvironment.id())
.certificateBlobBase64(StdFunctions.filebase64(Filebase64Args.builder()
.input("path/to/certificate_file.pfx")
.build()).result())
.certificatePassword("$3cretSqu1rreL")
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleAnalyticsWorkspace:
type: azure:operationalinsights:AnalyticsWorkspace
name: example
properties:
name: acctest-01
location: ${example.location}
resourceGroupName: ${example.name}
sku: PerGB2018
retentionInDays: 30
exampleEnvironment:
type: azure:containerapp:Environment
name: example
properties:
name: myEnvironment
location: ${example.location}
resourceGroupName: ${example.name}
logAnalyticsWorkspaceId: ${exampleAnalyticsWorkspace.id}
exampleEnvironmentCertificate:
type: azure:containerapp:EnvironmentCertificate
name: example
properties:
name: myfriendlyname
containerAppEnvironmentId: ${exampleEnvironment.id}
certificateBlobBase64:
fn::invoke:
function: std:filebase64
arguments:
input: path/to/certificate_file.pfx
return: result
certificatePassword: $3cretSqu1rreL
Certificate from Key Vault
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as std from "@pulumi/std";
const current = azure.core.getClientConfig({});
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleAnalyticsWorkspace = new azure.operationalinsights.AnalyticsWorkspace("example", {
name: "example-workspace",
location: example.location,
resourceGroupName: example.name,
sku: "PerGB2018",
retentionInDays: 30,
});
const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", {
name: "example-identity",
resourceGroupName: example.name,
location: example.location,
});
const exampleEnvironment = new azure.containerapp.Environment("example", {
name: "example-environment",
location: example.location,
resourceGroupName: example.name,
logAnalyticsWorkspaceId: exampleAnalyticsWorkspace.id,
identity: {
type: "UserAssigned",
identityIds: [exampleUserAssignedIdentity.id],
},
});
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
name: "example-keyvault",
location: example.location,
resourceGroupName: example.name,
tenantId: current.then(current => current.tenantId),
skuName: "standard",
enableRbacAuthorization: true,
});
const userKeyvaultAdmin = new azure.authorization.Assignment("user_keyvault_admin", {
scope: exampleKeyVault.id,
roleDefinitionName: "Key Vault Administrator",
principalId: current.then(current => current.objectId),
});
const exampleAssignment = new azure.authorization.Assignment("example", {
scope: exampleKeyVault.id,
roleDefinitionName: "Key Vault Secrets User",
principalId: exampleEnvironment.identity.apply(identity => identity?.principalId),
});
const exampleCertificate = new azure.keyvault.Certificate("example", {
name: "example-certificate",
keyVaultId: exampleKeyVault.id,
certificate: {
contents: std.filebase64({
input: "path/to/certificate_file.pfx",
}).then(invoke => invoke.result),
password: "",
},
}, {
dependsOn: [
userKeyvaultAdmin,
exampleAssignment,
],
});
const exampleEnvironmentCertificate = new azure.containerapp.EnvironmentCertificate("example", {
name: "example-certificate",
containerAppEnvironmentId: exampleEnvironment.id,
certificateKeyVault: {
identity: exampleUserAssignedIdentity.id,
keyVaultSecretId: exampleCertificate.versionlessSecretId,
},
}, {
dependsOn: [exampleAssignment],
});
import pulumi
import pulumi_azure as azure
import pulumi_std as std
current = azure.core.get_client_config()
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_analytics_workspace = azure.operationalinsights.AnalyticsWorkspace("example",
name="example-workspace",
location=example.location,
resource_group_name=example.name,
sku="PerGB2018",
retention_in_days=30)
example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example",
name="example-identity",
resource_group_name=example.name,
location=example.location)
example_environment = azure.containerapp.Environment("example",
name="example-environment",
location=example.location,
resource_group_name=example.name,
log_analytics_workspace_id=example_analytics_workspace.id,
identity={
"type": "UserAssigned",
"identity_ids": [example_user_assigned_identity.id],
})
example_key_vault = azure.keyvault.KeyVault("example",
name="example-keyvault",
location=example.location,
resource_group_name=example.name,
tenant_id=current.tenant_id,
sku_name="standard",
enable_rbac_authorization=True)
user_keyvault_admin = azure.authorization.Assignment("user_keyvault_admin",
scope=example_key_vault.id,
role_definition_name="Key Vault Administrator",
principal_id=current.object_id)
example_assignment = azure.authorization.Assignment("example",
scope=example_key_vault.id,
role_definition_name="Key Vault Secrets User",
principal_id=example_environment.identity.principal_id)
example_certificate = azure.keyvault.Certificate("example",
name="example-certificate",
key_vault_id=example_key_vault.id,
certificate={
"contents": std.filebase64(input="path/to/certificate_file.pfx").result,
"password": "",
},
opts = pulumi.ResourceOptions(depends_on=[
user_keyvault_admin,
example_assignment,
]))
example_environment_certificate = azure.containerapp.EnvironmentCertificate("example",
name="example-certificate",
container_app_environment_id=example_environment.id,
certificate_key_vault={
"identity": example_user_assigned_identity.id,
"key_vault_secret_id": example_certificate.versionless_secret_id,
},
opts = pulumi.ResourceOptions(depends_on=[example_assignment]))
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/containerapp"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/operationalinsights"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
Name: pulumi.String("example-workspace"),
Location: example.Location,
ResourceGroupName: example.Name,
Sku: pulumi.String("PerGB2018"),
RetentionInDays: pulumi.Int(30),
})
if err != nil {
return err
}
exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{
Name: pulumi.String("example-identity"),
ResourceGroupName: example.Name,
Location: example.Location,
})
if err != nil {
return err
}
exampleEnvironment, err := containerapp.NewEnvironment(ctx, "example", &containerapp.EnvironmentArgs{
Name: pulumi.String("example-environment"),
Location: example.Location,
ResourceGroupName: example.Name,
LogAnalyticsWorkspaceId: exampleAnalyticsWorkspace.ID(),
Identity: &containerapp.EnvironmentIdentityArgs{
Type: pulumi.String("UserAssigned"),
IdentityIds: pulumi.StringArray{
exampleUserAssignedIdentity.ID(),
},
},
})
if err != nil {
return err
}
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
Name: pulumi.String("example-keyvault"),
Location: example.Location,
ResourceGroupName: example.Name,
TenantId: pulumi.String(current.TenantId),
SkuName: pulumi.String("standard"),
EnableRbacAuthorization: pulumi.Bool(true),
})
if err != nil {
return err
}
userKeyvaultAdmin, err := authorization.NewAssignment(ctx, "user_keyvault_admin", &authorization.AssignmentArgs{
Scope: exampleKeyVault.ID(),
RoleDefinitionName: pulumi.String("Key Vault Administrator"),
PrincipalId: pulumi.String(current.ObjectId),
})
if err != nil {
return err
}
exampleAssignment, err := authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
Scope: exampleKeyVault.ID(),
RoleDefinitionName: pulumi.String("Key Vault Secrets User"),
PrincipalId: pulumi.String(exampleEnvironment.Identity.ApplyT(func(identity containerapp.EnvironmentIdentity) (*string, error) {
return &identity.PrincipalId, nil
}).(pulumi.StringPtrOutput)),
})
if err != nil {
return err
}
invokeFilebase64, err := std.Filebase64(ctx, &std.Filebase64Args{
Input: "path/to/certificate_file.pfx",
}, nil)
if err != nil {
return err
}
exampleCertificate, err := keyvault.NewCertificate(ctx, "example", &keyvault.CertificateArgs{
Name: pulumi.String("example-certificate"),
KeyVaultId: exampleKeyVault.ID(),
Certificate: &keyvault.CertificateCertificateArgs{
Contents: pulumi.String(invokeFilebase64.Result),
Password: pulumi.String(""),
},
}, pulumi.DependsOn([]pulumi.Resource{
userKeyvaultAdmin,
exampleAssignment,
}))
if err != nil {
return err
}
_, err = containerapp.NewEnvironmentCertificate(ctx, "example", &containerapp.EnvironmentCertificateArgs{
Name: pulumi.String("example-certificate"),
ContainerAppEnvironmentId: exampleEnvironment.ID(),
CertificateKeyVault: &containerapp.EnvironmentCertificateCertificateKeyVaultArgs{
Identity: exampleUserAssignedIdentity.ID(),
KeyVaultSecretId: exampleCertificate.VersionlessSecretId,
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleAssignment,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var current = Azure.Core.GetClientConfig.Invoke();
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleAnalyticsWorkspace = new Azure.OperationalInsights.AnalyticsWorkspace("example", new()
{
Name = "example-workspace",
Location = example.Location,
ResourceGroupName = example.Name,
Sku = "PerGB2018",
RetentionInDays = 30,
});
var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new()
{
Name = "example-identity",
ResourceGroupName = example.Name,
Location = example.Location,
});
var exampleEnvironment = new Azure.ContainerApp.Environment("example", new()
{
Name = "example-environment",
Location = example.Location,
ResourceGroupName = example.Name,
LogAnalyticsWorkspaceId = exampleAnalyticsWorkspace.Id,
Identity = new Azure.ContainerApp.Inputs.EnvironmentIdentityArgs
{
Type = "UserAssigned",
IdentityIds = new[]
{
exampleUserAssignedIdentity.Id,
},
},
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
{
Name = "example-keyvault",
Location = example.Location,
ResourceGroupName = example.Name,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
SkuName = "standard",
EnableRbacAuthorization = true,
});
var userKeyvaultAdmin = new Azure.Authorization.Assignment("user_keyvault_admin", new()
{
Scope = exampleKeyVault.Id,
RoleDefinitionName = "Key Vault Administrator",
PrincipalId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
});
var exampleAssignment = new Azure.Authorization.Assignment("example", new()
{
Scope = exampleKeyVault.Id,
RoleDefinitionName = "Key Vault Secrets User",
PrincipalId = exampleEnvironment.Identity.Apply(identity => identity?.PrincipalId),
});
var exampleCertificate = new Azure.KeyVault.Certificate("example", new()
{
Name = "example-certificate",
KeyVaultId = exampleKeyVault.Id,
KeyVaultCertificate = new Azure.KeyVault.Inputs.CertificateCertificateArgs
{
Contents = Std.Filebase64.Invoke(new()
{
Input = "path/to/certificate_file.pfx",
}).Apply(invoke => invoke.Result),
Password = "",
},
}, new CustomResourceOptions
{
DependsOn =
{
userKeyvaultAdmin,
exampleAssignment,
},
});
var exampleEnvironmentCertificate = new Azure.ContainerApp.EnvironmentCertificate("example", new()
{
Name = "example-certificate",
ContainerAppEnvironmentId = exampleEnvironment.Id,
CertificateKeyVault = new Azure.ContainerApp.Inputs.EnvironmentCertificateCertificateKeyVaultArgs
{
Identity = exampleUserAssignedIdentity.Id,
KeyVaultSecretId = exampleCertificate.VersionlessSecretId,
},
}, new CustomResourceOptions
{
DependsOn =
{
exampleAssignment,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspace;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspaceArgs;
import com.pulumi.azure.authorization.UserAssignedIdentity;
import com.pulumi.azure.authorization.UserAssignedIdentityArgs;
import com.pulumi.azure.containerapp.Environment;
import com.pulumi.azure.containerapp.EnvironmentArgs;
import com.pulumi.azure.containerapp.inputs.EnvironmentIdentityArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.authorization.Assignment;
import com.pulumi.azure.authorization.AssignmentArgs;
import com.pulumi.azure.keyvault.Certificate;
import com.pulumi.azure.keyvault.CertificateArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificateArgs;
import com.pulumi.std.StdFunctions;
import com.pulumi.std.inputs.Filebase64Args;
import com.pulumi.azure.containerapp.EnvironmentCertificate;
import com.pulumi.azure.containerapp.EnvironmentCertificateArgs;
import com.pulumi.azure.containerapp.inputs.EnvironmentCertificateCertificateKeyVaultArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = CoreFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleAnalyticsWorkspace = new AnalyticsWorkspace("exampleAnalyticsWorkspace", AnalyticsWorkspaceArgs.builder()
.name("example-workspace")
.location(example.location())
.resourceGroupName(example.name())
.sku("PerGB2018")
.retentionInDays(30)
.build());
var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder()
.name("example-identity")
.resourceGroupName(example.name())
.location(example.location())
.build());
var exampleEnvironment = new Environment("exampleEnvironment", EnvironmentArgs.builder()
.name("example-environment")
.location(example.location())
.resourceGroupName(example.name())
.logAnalyticsWorkspaceId(exampleAnalyticsWorkspace.id())
.identity(EnvironmentIdentityArgs.builder()
.type("UserAssigned")
.identityIds(exampleUserAssignedIdentity.id())
.build())
.build());
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.name("example-keyvault")
.location(example.location())
.resourceGroupName(example.name())
.tenantId(current.tenantId())
.skuName("standard")
.enableRbacAuthorization(true)
.build());
var userKeyvaultAdmin = new Assignment("userKeyvaultAdmin", AssignmentArgs.builder()
.scope(exampleKeyVault.id())
.roleDefinitionName("Key Vault Administrator")
.principalId(current.objectId())
.build());
var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
.scope(exampleKeyVault.id())
.roleDefinitionName("Key Vault Secrets User")
.principalId(exampleEnvironment.identity().applyValue(_identity -> _identity.principalId()))
.build());
var exampleCertificate = new Certificate("exampleCertificate", CertificateArgs.builder()
.name("example-certificate")
.keyVaultId(exampleKeyVault.id())
.certificate(CertificateCertificateArgs.builder()
.contents(StdFunctions.filebase64(Filebase64Args.builder()
.input("path/to/certificate_file.pfx")
.build()).result())
.password("")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
userKeyvaultAdmin,
exampleAssignment)
.build());
var exampleEnvironmentCertificate = new EnvironmentCertificate("exampleEnvironmentCertificate", EnvironmentCertificateArgs.builder()
.name("example-certificate")
.containerAppEnvironmentId(exampleEnvironment.id())
.certificateKeyVault(EnvironmentCertificateCertificateKeyVaultArgs.builder()
.identity(exampleUserAssignedIdentity.id())
.keyVaultSecretId(exampleCertificate.versionlessSecretId())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(exampleAssignment)
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleAnalyticsWorkspace:
type: azure:operationalinsights:AnalyticsWorkspace
name: example
properties:
name: example-workspace
location: ${example.location}
resourceGroupName: ${example.name}
sku: PerGB2018
retentionInDays: 30
exampleUserAssignedIdentity:
type: azure:authorization:UserAssignedIdentity
name: example
properties:
name: example-identity
resourceGroupName: ${example.name}
location: ${example.location}
exampleEnvironment:
type: azure:containerapp:Environment
name: example
properties:
name: example-environment
location: ${example.location}
resourceGroupName: ${example.name}
logAnalyticsWorkspaceId: ${exampleAnalyticsWorkspace.id}
identity:
type: UserAssigned
identityIds:
- ${exampleUserAssignedIdentity.id}
exampleKeyVault:
type: azure:keyvault:KeyVault
name: example
properties:
name: example-keyvault
location: ${example.location}
resourceGroupName: ${example.name}
tenantId: ${current.tenantId}
skuName: standard
enableRbacAuthorization: true
userKeyvaultAdmin:
type: azure:authorization:Assignment
name: user_keyvault_admin
properties:
scope: ${exampleKeyVault.id}
roleDefinitionName: Key Vault Administrator
principalId: ${current.objectId}
exampleAssignment:
type: azure:authorization:Assignment
name: example
properties:
scope: ${exampleKeyVault.id}
roleDefinitionName: Key Vault Secrets User
principalId: ${exampleEnvironment.identity.principalId}
exampleCertificate:
type: azure:keyvault:Certificate
name: example
properties:
name: example-certificate
keyVaultId: ${exampleKeyVault.id}
certificate:
contents:
fn::invoke:
function: std:filebase64
arguments:
input: path/to/certificate_file.pfx
return: result
password: ""
options:
dependsOn:
- ${userKeyvaultAdmin}
- ${exampleAssignment}
exampleEnvironmentCertificate:
type: azure:containerapp:EnvironmentCertificate
name: example
properties:
name: example-certificate
containerAppEnvironmentId: ${exampleEnvironment.id}
certificateKeyVault:
identity: ${exampleUserAssignedIdentity.id}
keyVaultSecretId: ${exampleCertificate.versionlessSecretId}
options:
dependsOn:
- ${exampleAssignment}
variables:
current:
fn::invoke:
function: azure:core:getClientConfig
arguments: {}
API Providers
This resource uses the following Azure API Providers:
Microsoft.App- 2025-07-01
Create EnvironmentCertificate Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new EnvironmentCertificate(name: string, args: EnvironmentCertificateArgs, opts?: CustomResourceOptions);@overload
def EnvironmentCertificate(resource_name: str,
args: EnvironmentCertificateArgs,
opts: Optional[ResourceOptions] = None)
@overload
def EnvironmentCertificate(resource_name: str,
opts: Optional[ResourceOptions] = None,
container_app_environment_id: Optional[str] = None,
certificate_blob_base64: Optional[str] = None,
certificate_key_vault: Optional[EnvironmentCertificateCertificateKeyVaultArgs] = None,
certificate_password: Optional[str] = None,
name: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)func NewEnvironmentCertificate(ctx *Context, name string, args EnvironmentCertificateArgs, opts ...ResourceOption) (*EnvironmentCertificate, error)public EnvironmentCertificate(string name, EnvironmentCertificateArgs args, CustomResourceOptions? opts = null)
public EnvironmentCertificate(String name, EnvironmentCertificateArgs args)
public EnvironmentCertificate(String name, EnvironmentCertificateArgs args, CustomResourceOptions options)
type: azure:containerapp:EnvironmentCertificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args EnvironmentCertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args EnvironmentCertificateArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args EnvironmentCertificateArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args EnvironmentCertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args EnvironmentCertificateArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var environmentCertificateResource = new Azure.ContainerApp.EnvironmentCertificate("environmentCertificateResource", new()
{
ContainerAppEnvironmentId = "string",
CertificateBlobBase64 = "string",
CertificateKeyVault = new Azure.ContainerApp.Inputs.EnvironmentCertificateCertificateKeyVaultArgs
{
KeyVaultSecretId = "string",
Identity = "string",
},
CertificatePassword = "string",
Name = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := containerapp.NewEnvironmentCertificate(ctx, "environmentCertificateResource", &containerapp.EnvironmentCertificateArgs{
ContainerAppEnvironmentId: pulumi.String("string"),
CertificateBlobBase64: pulumi.String("string"),
CertificateKeyVault: &containerapp.EnvironmentCertificateCertificateKeyVaultArgs{
KeyVaultSecretId: pulumi.String("string"),
Identity: pulumi.String("string"),
},
CertificatePassword: pulumi.String("string"),
Name: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var environmentCertificateResource = new EnvironmentCertificate("environmentCertificateResource", EnvironmentCertificateArgs.builder()
.containerAppEnvironmentId("string")
.certificateBlobBase64("string")
.certificateKeyVault(EnvironmentCertificateCertificateKeyVaultArgs.builder()
.keyVaultSecretId("string")
.identity("string")
.build())
.certificatePassword("string")
.name("string")
.tags(Map.of("string", "string"))
.build());
environment_certificate_resource = azure.containerapp.EnvironmentCertificate("environmentCertificateResource",
container_app_environment_id="string",
certificate_blob_base64="string",
certificate_key_vault={
"key_vault_secret_id": "string",
"identity": "string",
},
certificate_password="string",
name="string",
tags={
"string": "string",
})
const environmentCertificateResource = new azure.containerapp.EnvironmentCertificate("environmentCertificateResource", {
containerAppEnvironmentId: "string",
certificateBlobBase64: "string",
certificateKeyVault: {
keyVaultSecretId: "string",
identity: "string",
},
certificatePassword: "string",
name: "string",
tags: {
string: "string",
},
});
type: azure:containerapp:EnvironmentCertificate
properties:
certificateBlobBase64: string
certificateKeyVault:
identity: string
keyVaultSecretId: string
certificatePassword: string
containerAppEnvironmentId: string
name: string
tags:
string: string
EnvironmentCertificate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The EnvironmentCertificate resource accepts the following input properties:
- Container
App stringEnvironment Id - The Container App Managed Environment ID to configure this Certificate on. Changing this forces a new resource to be created.
- Certificate
Blob stringBase64 The Certificate Private Key as a base64 encoded PFX or PEM. Changing this forces a new resource to be created.
Note: One of
certificate_blob_base64andcertificate_key_vaultmust be set.- Certificate
Key EnvironmentVault Certificate Certificate Key Vault A
certificate_key_vaultblock as defined below. Changing this forces a new resource to be created.Note: one of
certificate_blob_base64andcertificate_key_vaultmust be set.- Certificate
Password string The password for the Certificate. Changing this forces a new resource to be created.
Note: required if
certificate_blob_base64is specified.- Name string
- The name of the Container Apps Environment Certificate. Changing this forces a new resource to be created.
- Dictionary<string, string>
- A mapping of tags to assign to the resource.
- Container
App stringEnvironment Id - The Container App Managed Environment ID to configure this Certificate on. Changing this forces a new resource to be created.
- Certificate
Blob stringBase64 The Certificate Private Key as a base64 encoded PFX or PEM. Changing this forces a new resource to be created.
Note: One of
certificate_blob_base64andcertificate_key_vaultmust be set.- Certificate
Key EnvironmentVault Certificate Certificate Key Vault Args A
certificate_key_vaultblock as defined below. Changing this forces a new resource to be created.Note: one of
certificate_blob_base64andcertificate_key_vaultmust be set.- Certificate
Password string The password for the Certificate. Changing this forces a new resource to be created.
Note: required if
certificate_blob_base64is specified.- Name string
- The name of the Container Apps Environment Certificate. Changing this forces a new resource to be created.
- map[string]string
- A mapping of tags to assign to the resource.
- container
App StringEnvironment Id - The Container App Managed Environment ID to configure this Certificate on. Changing this forces a new resource to be created.
- certificate
Blob StringBase64 The Certificate Private Key as a base64 encoded PFX or PEM. Changing this forces a new resource to be created.
Note: One of
certificate_blob_base64andcertificate_key_vaultmust be set.- certificate
Key EnvironmentVault Certificate Certificate Key Vault A
certificate_key_vaultblock as defined below. Changing this forces a new resource to be created.Note: one of
certificate_blob_base64andcertificate_key_vaultmust be set.- certificate
Password String The password for the Certificate. Changing this forces a new resource to be created.
Note: required if
certificate_blob_base64is specified.- name String
- The name of the Container Apps Environment Certificate. Changing this forces a new resource to be created.
- Map<String,String>
- A mapping of tags to assign to the resource.
- container
App stringEnvironment Id - The Container App Managed Environment ID to configure this Certificate on. Changing this forces a new resource to be created.
- certificate
Blob stringBase64 The Certificate Private Key as a base64 encoded PFX or PEM. Changing this forces a new resource to be created.
Note: One of
certificate_blob_base64andcertificate_key_vaultmust be set.- certificate
Key EnvironmentVault Certificate Certificate Key Vault A
certificate_key_vaultblock as defined below. Changing this forces a new resource to be created.Note: one of
certificate_blob_base64andcertificate_key_vaultmust be set.- certificate
Password string The password for the Certificate. Changing this forces a new resource to be created.
Note: required if
certificate_blob_base64is specified.- name string
- The name of the Container Apps Environment Certificate. Changing this forces a new resource to be created.
- {[key: string]: string}
- A mapping of tags to assign to the resource.
- container_
app_ strenvironment_ id - The Container App Managed Environment ID to configure this Certificate on. Changing this forces a new resource to be created.
- certificate_
blob_ strbase64 The Certificate Private Key as a base64 encoded PFX or PEM. Changing this forces a new resource to be created.
Note: One of
certificate_blob_base64andcertificate_key_vaultmust be set.- certificate_
key_ Environmentvault Certificate Certificate Key Vault Args A
certificate_key_vaultblock as defined below. Changing this forces a new resource to be created.Note: one of
certificate_blob_base64andcertificate_key_vaultmust be set.- certificate_
password str The password for the Certificate. Changing this forces a new resource to be created.
Note: required if
certificate_blob_base64is specified.- name str
- The name of the Container Apps Environment Certificate. Changing this forces a new resource to be created.
- Mapping[str, str]
- A mapping of tags to assign to the resource.
- container
App StringEnvironment Id - The Container App Managed Environment ID to configure this Certificate on. Changing this forces a new resource to be created.
- certificate
Blob StringBase64 The Certificate Private Key as a base64 encoded PFX or PEM. Changing this forces a new resource to be created.
Note: One of
certificate_blob_base64andcertificate_key_vaultmust be set.- certificate
Key Property MapVault A
certificate_key_vaultblock as defined below. Changing this forces a new resource to be created.Note: one of
certificate_blob_base64andcertificate_key_vaultmust be set.- certificate
Password String The password for the Certificate. Changing this forces a new resource to be created.
Note: required if
certificate_blob_base64is specified.- name String
- The name of the Container Apps Environment Certificate. Changing this forces a new resource to be created.
- Map<String>
- A mapping of tags to assign to the resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the EnvironmentCertificate resource produces the following output properties:
- Expiration
Date string - The expiration date for the Certificate.
- Id string
- The provider-assigned unique ID for this managed resource.
- Issue
Date string - The date of issue for the Certificate.
- Issuer string
- The Certificate Issuer.
- Subject
Name string - The Subject Name for the Certificate.
- Thumbprint string
- The Thumbprint of the Certificate.
- Expiration
Date string - The expiration date for the Certificate.
- Id string
- The provider-assigned unique ID for this managed resource.
- Issue
Date string - The date of issue for the Certificate.
- Issuer string
- The Certificate Issuer.
- Subject
Name string - The Subject Name for the Certificate.
- Thumbprint string
- The Thumbprint of the Certificate.
- expiration
Date String - The expiration date for the Certificate.
- id String
- The provider-assigned unique ID for this managed resource.
- issue
Date String - The date of issue for the Certificate.
- issuer String
- The Certificate Issuer.
- subject
Name String - The Subject Name for the Certificate.
- thumbprint String
- The Thumbprint of the Certificate.
- expiration
Date string - The expiration date for the Certificate.
- id string
- The provider-assigned unique ID for this managed resource.
- issue
Date string - The date of issue for the Certificate.
- issuer string
- The Certificate Issuer.
- subject
Name string - The Subject Name for the Certificate.
- thumbprint string
- The Thumbprint of the Certificate.
- expiration_
date str - The expiration date for the Certificate.
- id str
- The provider-assigned unique ID for this managed resource.
- issue_
date str - The date of issue for the Certificate.
- issuer str
- The Certificate Issuer.
- subject_
name str - The Subject Name for the Certificate.
- thumbprint str
- The Thumbprint of the Certificate.
- expiration
Date String - The expiration date for the Certificate.
- id String
- The provider-assigned unique ID for this managed resource.
- issue
Date String - The date of issue for the Certificate.
- issuer String
- The Certificate Issuer.
- subject
Name String - The Subject Name for the Certificate.
- thumbprint String
- The Thumbprint of the Certificate.
Look up Existing EnvironmentCertificate Resource
Get an existing EnvironmentCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: EnvironmentCertificateState, opts?: CustomResourceOptions): EnvironmentCertificate@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
certificate_blob_base64: Optional[str] = None,
certificate_key_vault: Optional[EnvironmentCertificateCertificateKeyVaultArgs] = None,
certificate_password: Optional[str] = None,
container_app_environment_id: Optional[str] = None,
expiration_date: Optional[str] = None,
issue_date: Optional[str] = None,
issuer: Optional[str] = None,
name: Optional[str] = None,
subject_name: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
thumbprint: Optional[str] = None) -> EnvironmentCertificatefunc GetEnvironmentCertificate(ctx *Context, name string, id IDInput, state *EnvironmentCertificateState, opts ...ResourceOption) (*EnvironmentCertificate, error)public static EnvironmentCertificate Get(string name, Input<string> id, EnvironmentCertificateState? state, CustomResourceOptions? opts = null)public static EnvironmentCertificate get(String name, Output<String> id, EnvironmentCertificateState state, CustomResourceOptions options)resources: _: type: azure:containerapp:EnvironmentCertificate get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Certificate
Blob stringBase64 The Certificate Private Key as a base64 encoded PFX or PEM. Changing this forces a new resource to be created.
Note: One of
certificate_blob_base64andcertificate_key_vaultmust be set.- Certificate
Key EnvironmentVault Certificate Certificate Key Vault A
certificate_key_vaultblock as defined below. Changing this forces a new resource to be created.Note: one of
certificate_blob_base64andcertificate_key_vaultmust be set.- Certificate
Password string The password for the Certificate. Changing this forces a new resource to be created.
Note: required if
certificate_blob_base64is specified.- Container
App stringEnvironment Id - The Container App Managed Environment ID to configure this Certificate on. Changing this forces a new resource to be created.
- Expiration
Date string - The expiration date for the Certificate.
- Issue
Date string - The date of issue for the Certificate.
- Issuer string
- The Certificate Issuer.
- Name string
- The name of the Container Apps Environment Certificate. Changing this forces a new resource to be created.
- Subject
Name string - The Subject Name for the Certificate.
- Dictionary<string, string>
- A mapping of tags to assign to the resource.
- Thumbprint string
- The Thumbprint of the Certificate.
- Certificate
Blob stringBase64 The Certificate Private Key as a base64 encoded PFX or PEM. Changing this forces a new resource to be created.
Note: One of
certificate_blob_base64andcertificate_key_vaultmust be set.- Certificate
Key EnvironmentVault Certificate Certificate Key Vault Args A
certificate_key_vaultblock as defined below. Changing this forces a new resource to be created.Note: one of
certificate_blob_base64andcertificate_key_vaultmust be set.- Certificate
Password string The password for the Certificate. Changing this forces a new resource to be created.
Note: required if
certificate_blob_base64is specified.- Container
App stringEnvironment Id - The Container App Managed Environment ID to configure this Certificate on. Changing this forces a new resource to be created.
- Expiration
Date string - The expiration date for the Certificate.
- Issue
Date string - The date of issue for the Certificate.
- Issuer string
- The Certificate Issuer.
- Name string
- The name of the Container Apps Environment Certificate. Changing this forces a new resource to be created.
- Subject
Name string - The Subject Name for the Certificate.
- map[string]string
- A mapping of tags to assign to the resource.
- Thumbprint string
- The Thumbprint of the Certificate.
- certificate
Blob StringBase64 The Certificate Private Key as a base64 encoded PFX or PEM. Changing this forces a new resource to be created.
Note: One of
certificate_blob_base64andcertificate_key_vaultmust be set.- certificate
Key EnvironmentVault Certificate Certificate Key Vault A
certificate_key_vaultblock as defined below. Changing this forces a new resource to be created.Note: one of
certificate_blob_base64andcertificate_key_vaultmust be set.- certificate
Password String The password for the Certificate. Changing this forces a new resource to be created.
Note: required if
certificate_blob_base64is specified.- container
App StringEnvironment Id - The Container App Managed Environment ID to configure this Certificate on. Changing this forces a new resource to be created.
- expiration
Date String - The expiration date for the Certificate.
- issue
Date String - The date of issue for the Certificate.
- issuer String
- The Certificate Issuer.
- name String
- The name of the Container Apps Environment Certificate. Changing this forces a new resource to be created.
- subject
Name String - The Subject Name for the Certificate.
- Map<String,String>
- A mapping of tags to assign to the resource.
- thumbprint String
- The Thumbprint of the Certificate.
- certificate
Blob stringBase64 The Certificate Private Key as a base64 encoded PFX or PEM. Changing this forces a new resource to be created.
Note: One of
certificate_blob_base64andcertificate_key_vaultmust be set.- certificate
Key EnvironmentVault Certificate Certificate Key Vault A
certificate_key_vaultblock as defined below. Changing this forces a new resource to be created.Note: one of
certificate_blob_base64andcertificate_key_vaultmust be set.- certificate
Password string The password for the Certificate. Changing this forces a new resource to be created.
Note: required if
certificate_blob_base64is specified.- container
App stringEnvironment Id - The Container App Managed Environment ID to configure this Certificate on. Changing this forces a new resource to be created.
- expiration
Date string - The expiration date for the Certificate.
- issue
Date string - The date of issue for the Certificate.
- issuer string
- The Certificate Issuer.
- name string
- The name of the Container Apps Environment Certificate. Changing this forces a new resource to be created.
- subject
Name string - The Subject Name for the Certificate.
- {[key: string]: string}
- A mapping of tags to assign to the resource.
- thumbprint string
- The Thumbprint of the Certificate.
- certificate_
blob_ strbase64 The Certificate Private Key as a base64 encoded PFX or PEM. Changing this forces a new resource to be created.
Note: One of
certificate_blob_base64andcertificate_key_vaultmust be set.- certificate_
key_ Environmentvault Certificate Certificate Key Vault Args A
certificate_key_vaultblock as defined below. Changing this forces a new resource to be created.Note: one of
certificate_blob_base64andcertificate_key_vaultmust be set.- certificate_
password str The password for the Certificate. Changing this forces a new resource to be created.
Note: required if
certificate_blob_base64is specified.- container_
app_ strenvironment_ id - The Container App Managed Environment ID to configure this Certificate on. Changing this forces a new resource to be created.
- expiration_
date str - The expiration date for the Certificate.
- issue_
date str - The date of issue for the Certificate.
- issuer str
- The Certificate Issuer.
- name str
- The name of the Container Apps Environment Certificate. Changing this forces a new resource to be created.
- subject_
name str - The Subject Name for the Certificate.
- Mapping[str, str]
- A mapping of tags to assign to the resource.
- thumbprint str
- The Thumbprint of the Certificate.
- certificate
Blob StringBase64 The Certificate Private Key as a base64 encoded PFX or PEM. Changing this forces a new resource to be created.
Note: One of
certificate_blob_base64andcertificate_key_vaultmust be set.- certificate
Key Property MapVault A
certificate_key_vaultblock as defined below. Changing this forces a new resource to be created.Note: one of
certificate_blob_base64andcertificate_key_vaultmust be set.- certificate
Password String The password for the Certificate. Changing this forces a new resource to be created.
Note: required if
certificate_blob_base64is specified.- container
App StringEnvironment Id - The Container App Managed Environment ID to configure this Certificate on. Changing this forces a new resource to be created.
- expiration
Date String - The expiration date for the Certificate.
- issue
Date String - The date of issue for the Certificate.
- issuer String
- The Certificate Issuer.
- name String
- The name of the Container Apps Environment Certificate. Changing this forces a new resource to be created.
- subject
Name String - The Subject Name for the Certificate.
- Map<String>
- A mapping of tags to assign to the resource.
- thumbprint String
- The Thumbprint of the Certificate.
Supporting Types
EnvironmentCertificateCertificateKeyVault, EnvironmentCertificateCertificateKeyVaultArgs
- Key
Vault stringSecret Id - The ID of the Key Vault Secret containing the certificate. Changing this forces a new resource to be created.
- Identity string
The managed identity to authenticate with Azure Key Vault. Possible values are the resource ID of user-assigned identity, and
Systemfor system-assigned identity. Defaults toSystem. Changing this forces a new resource to be created.Note: Please make sure required permissions are correctly configured for your Key Vault and managed identity.
- Key
Vault stringSecret Id - The ID of the Key Vault Secret containing the certificate. Changing this forces a new resource to be created.
- Identity string
The managed identity to authenticate with Azure Key Vault. Possible values are the resource ID of user-assigned identity, and
Systemfor system-assigned identity. Defaults toSystem. Changing this forces a new resource to be created.Note: Please make sure required permissions are correctly configured for your Key Vault and managed identity.
- key
Vault StringSecret Id - The ID of the Key Vault Secret containing the certificate. Changing this forces a new resource to be created.
- identity String
The managed identity to authenticate with Azure Key Vault. Possible values are the resource ID of user-assigned identity, and
Systemfor system-assigned identity. Defaults toSystem. Changing this forces a new resource to be created.Note: Please make sure required permissions are correctly configured for your Key Vault and managed identity.
- key
Vault stringSecret Id - The ID of the Key Vault Secret containing the certificate. Changing this forces a new resource to be created.
- identity string
The managed identity to authenticate with Azure Key Vault. Possible values are the resource ID of user-assigned identity, and
Systemfor system-assigned identity. Defaults toSystem. Changing this forces a new resource to be created.Note: Please make sure required permissions are correctly configured for your Key Vault and managed identity.
- key_
vault_ strsecret_ id - The ID of the Key Vault Secret containing the certificate. Changing this forces a new resource to be created.
- identity str
The managed identity to authenticate with Azure Key Vault. Possible values are the resource ID of user-assigned identity, and
Systemfor system-assigned identity. Defaults toSystem. Changing this forces a new resource to be created.Note: Please make sure required permissions are correctly configured for your Key Vault and managed identity.
- key
Vault StringSecret Id - The ID of the Key Vault Secret containing the certificate. Changing this forces a new resource to be created.
- identity String
The managed identity to authenticate with Azure Key Vault. Possible values are the resource ID of user-assigned identity, and
Systemfor system-assigned identity. Defaults toSystem. Changing this forces a new resource to be created.Note: Please make sure required permissions are correctly configured for your Key Vault and managed identity.
Import
A Container App Environment Certificate can be imported using the resource id, e.g.
$ pulumi import azure:containerapp/environmentCertificate:EnvironmentCertificate example "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.App/managedEnvironments/myenv/certificates/mycertificate"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.
