1. Packages
  2. Azure Classic
  3. API Docs
  4. keyvault
  5. Certifiate

We recommend using Azure Native.

Azure Classic v5.70.0 published on Wednesday, Mar 27, 2024 by Pulumi

azure.keyvault.Certifiate

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure Classic v5.70.0 published on Wednesday, Mar 27, 2024 by Pulumi
    Deprecated: azure.keyvault.Certifiate has been deprecated in favor of azure.keyvault.Certificate

    Manages a Key Vault Certificate.

    «««< HEAD

    Note: The Azure Provider includes a Feature Toggle which will purge a Key Vault Certificate resource on destroy, rather than the default soft-delete. See purge_soft_deleted_certificates_on_destroy for more information.

    =======

    8d78c87098 (Update-documentation)

    Example Usage

    Importing A PFX)

    Note: this example assumed the PFX file is located in the same directory at certificate-to-import.pfx.

    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    import * as std from "@pulumi/std";
    
    const current = azure.core.getClientConfig({});
    const example = new azure.core.ResourceGroup("example", {
        name: "example-resources",
        location: "West Europe",
    });
    const exampleKeyVault = new azure.keyvault.KeyVault("example", {
        name: "examplekeyvault",
        location: example.location,
        resourceGroupName: example.name,
        tenantId: current.then(current => current.tenantId),
        skuName: "premium",
        accessPolicies: [{
            tenantId: current.then(current => current.tenantId),
            objectId: current.then(current => current.objectId),
            certificatePermissions: [
                "Create",
                "Delete",
                "DeleteIssuers",
                "Get",
                "GetIssuers",
                "Import",
                "List",
                "ListIssuers",
                "ManageContacts",
                "ManageIssuers",
                "SetIssuers",
                "Update",
            ],
            keyPermissions: [
                "Backup",
                "Create",
                "Decrypt",
                "Delete",
                "Encrypt",
                "Get",
                "Import",
                "List",
                "Purge",
                "Recover",
                "Restore",
                "Sign",
                "UnwrapKey",
                "Update",
                "Verify",
                "WrapKey",
            ],
            secretPermissions: [
                "Backup",
                "Delete",
                "Get",
                "List",
                "Purge",
                "Recover",
                "Restore",
                "Set",
            ],
        }],
    });
    const exampleCertificate = new azure.keyvault.Certificate("example", {
        name: "imported-cert",
        keyVaultId: exampleKeyVault.id,
        certificate: {
            contents: std.filebase64({
                input: "certificate-to-import.pfx",
            }).then(invoke => invoke.result),
            password: "",
        },
    });
    
    import pulumi
    import pulumi_azure as azure
    import pulumi_std as std
    
    current = azure.core.get_client_config()
    example = azure.core.ResourceGroup("example",
        name="example-resources",
        location="West Europe")
    example_key_vault = azure.keyvault.KeyVault("example",
        name="examplekeyvault",
        location=example.location,
        resource_group_name=example.name,
        tenant_id=current.tenant_id,
        sku_name="premium",
        access_policies=[azure.keyvault.KeyVaultAccessPolicyArgs(
            tenant_id=current.tenant_id,
            object_id=current.object_id,
            certificate_permissions=[
                "Create",
                "Delete",
                "DeleteIssuers",
                "Get",
                "GetIssuers",
                "Import",
                "List",
                "ListIssuers",
                "ManageContacts",
                "ManageIssuers",
                "SetIssuers",
                "Update",
            ],
            key_permissions=[
                "Backup",
                "Create",
                "Decrypt",
                "Delete",
                "Encrypt",
                "Get",
                "Import",
                "List",
                "Purge",
                "Recover",
                "Restore",
                "Sign",
                "UnwrapKey",
                "Update",
                "Verify",
                "WrapKey",
            ],
            secret_permissions=[
                "Backup",
                "Delete",
                "Get",
                "List",
                "Purge",
                "Recover",
                "Restore",
                "Set",
            ],
        )])
    example_certificate = azure.keyvault.Certificate("example",
        name="imported-cert",
        key_vault_id=example_key_vault.id,
        certificate=azure.keyvault.CertificateCertificateArgs(
            contents=std.filebase64(input="certificate-to-import.pfx").result,
            password="",
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
    	"github.com/pulumi/pulumi-std/sdk/go/std"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		current, err := core.GetClientConfig(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
    			Name:     pulumi.String("example-resources"),
    			Location: pulumi.String("West Europe"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
    			Name:              pulumi.String("examplekeyvault"),
    			Location:          example.Location,
    			ResourceGroupName: example.Name,
    			TenantId:          pulumi.String(current.TenantId),
    			SkuName:           pulumi.String("premium"),
    			AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
    				&keyvault.KeyVaultAccessPolicyArgs{
    					TenantId: pulumi.String(current.TenantId),
    					ObjectId: pulumi.String(current.ObjectId),
    					CertificatePermissions: pulumi.StringArray{
    						pulumi.String("Create"),
    						pulumi.String("Delete"),
    						pulumi.String("DeleteIssuers"),
    						pulumi.String("Get"),
    						pulumi.String("GetIssuers"),
    						pulumi.String("Import"),
    						pulumi.String("List"),
    						pulumi.String("ListIssuers"),
    						pulumi.String("ManageContacts"),
    						pulumi.String("ManageIssuers"),
    						pulumi.String("SetIssuers"),
    						pulumi.String("Update"),
    					},
    					KeyPermissions: pulumi.StringArray{
    						pulumi.String("Backup"),
    						pulumi.String("Create"),
    						pulumi.String("Decrypt"),
    						pulumi.String("Delete"),
    						pulumi.String("Encrypt"),
    						pulumi.String("Get"),
    						pulumi.String("Import"),
    						pulumi.String("List"),
    						pulumi.String("Purge"),
    						pulumi.String("Recover"),
    						pulumi.String("Restore"),
    						pulumi.String("Sign"),
    						pulumi.String("UnwrapKey"),
    						pulumi.String("Update"),
    						pulumi.String("Verify"),
    						pulumi.String("WrapKey"),
    					},
    					SecretPermissions: pulumi.StringArray{
    						pulumi.String("Backup"),
    						pulumi.String("Delete"),
    						pulumi.String("Get"),
    						pulumi.String("List"),
    						pulumi.String("Purge"),
    						pulumi.String("Recover"),
    						pulumi.String("Restore"),
    						pulumi.String("Set"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		invokeFilebase64, err := std.Filebase64(ctx, &std.Filebase64Args{
    			Input: "certificate-to-import.pfx",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = keyvault.NewCertificate(ctx, "example", &keyvault.CertificateArgs{
    			Name:       pulumi.String("imported-cert"),
    			KeyVaultId: exampleKeyVault.ID(),
    			Certificate: &keyvault.CertificateCertificateArgs{
    				Contents: invokeFilebase64.Result,
    				Password: pulumi.String(""),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    using Std = Pulumi.Std;
    
    return await Deployment.RunAsync(() => 
    {
        var current = Azure.Core.GetClientConfig.Invoke();
    
        var example = new Azure.Core.ResourceGroup("example", new()
        {
            Name = "example-resources",
            Location = "West Europe",
        });
    
        var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
        {
            Name = "examplekeyvault",
            Location = example.Location,
            ResourceGroupName = example.Name,
            TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
            SkuName = "premium",
            AccessPolicies = new[]
            {
                new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
                {
                    TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
                    ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
                    CertificatePermissions = new[]
                    {
                        "Create",
                        "Delete",
                        "DeleteIssuers",
                        "Get",
                        "GetIssuers",
                        "Import",
                        "List",
                        "ListIssuers",
                        "ManageContacts",
                        "ManageIssuers",
                        "SetIssuers",
                        "Update",
                    },
                    KeyPermissions = new[]
                    {
                        "Backup",
                        "Create",
                        "Decrypt",
                        "Delete",
                        "Encrypt",
                        "Get",
                        "Import",
                        "List",
                        "Purge",
                        "Recover",
                        "Restore",
                        "Sign",
                        "UnwrapKey",
                        "Update",
                        "Verify",
                        "WrapKey",
                    },
                    SecretPermissions = new[]
                    {
                        "Backup",
                        "Delete",
                        "Get",
                        "List",
                        "Purge",
                        "Recover",
                        "Restore",
                        "Set",
                    },
                },
            },
        });
    
        var exampleCertificate = new Azure.KeyVault.Certificate("example", new()
        {
            Name = "imported-cert",
            KeyVaultId = exampleKeyVault.Id,
            KeyVaultCertificate = new Azure.KeyVault.Inputs.CertificateCertificateArgs
            {
                Contents = Std.Filebase64.Invoke(new()
                {
                    Input = "certificate-to-import.pfx",
                }).Apply(invoke => invoke.Result),
                Password = "",
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.CoreFunctions;
    import com.pulumi.azure.core.ResourceGroup;
    import com.pulumi.azure.core.ResourceGroupArgs;
    import com.pulumi.azure.keyvault.KeyVault;
    import com.pulumi.azure.keyvault.KeyVaultArgs;
    import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
    import com.pulumi.azure.keyvault.Certificate;
    import com.pulumi.azure.keyvault.CertificateArgs;
    import com.pulumi.azure.keyvault.inputs.CertificateCertificateArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var current = CoreFunctions.getClientConfig();
    
            var example = new ResourceGroup("example", ResourceGroupArgs.builder()        
                .name("example-resources")
                .location("West Europe")
                .build());
    
            var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()        
                .name("examplekeyvault")
                .location(example.location())
                .resourceGroupName(example.name())
                .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
                .skuName("premium")
                .accessPolicies(KeyVaultAccessPolicyArgs.builder()
                    .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
                    .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
                    .certificatePermissions(                
                        "Create",
                        "Delete",
                        "DeleteIssuers",
                        "Get",
                        "GetIssuers",
                        "Import",
                        "List",
                        "ListIssuers",
                        "ManageContacts",
                        "ManageIssuers",
                        "SetIssuers",
                        "Update")
                    .keyPermissions(                
                        "Backup",
                        "Create",
                        "Decrypt",
                        "Delete",
                        "Encrypt",
                        "Get",
                        "Import",
                        "List",
                        "Purge",
                        "Recover",
                        "Restore",
                        "Sign",
                        "UnwrapKey",
                        "Update",
                        "Verify",
                        "WrapKey")
                    .secretPermissions(                
                        "Backup",
                        "Delete",
                        "Get",
                        "List",
                        "Purge",
                        "Recover",
                        "Restore",
                        "Set")
                    .build())
                .build());
    
            var exampleCertificate = new Certificate("exampleCertificate", CertificateArgs.builder()        
                .name("imported-cert")
                .keyVaultId(exampleKeyVault.id())
                .certificate(CertificateCertificateArgs.builder()
                    .contents(StdFunctions.filebase64(Filebase64Args.builder()
                        .input("certificate-to-import.pfx")
                        .build()).result())
                    .password("")
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: azure:core:ResourceGroup
        properties:
          name: example-resources
          location: West Europe
      exampleKeyVault:
        type: azure:keyvault:KeyVault
        name: example
        properties:
          name: examplekeyvault
          location: ${example.location}
          resourceGroupName: ${example.name}
          tenantId: ${current.tenantId}
          skuName: premium
          accessPolicies:
            - tenantId: ${current.tenantId}
              objectId: ${current.objectId}
              certificatePermissions:
                - Create
                - Delete
                - DeleteIssuers
                - Get
                - GetIssuers
                - Import
                - List
                - ListIssuers
                - ManageContacts
                - ManageIssuers
                - SetIssuers
                - Update
              keyPermissions:
                - Backup
                - Create
                - Decrypt
                - Delete
                - Encrypt
                - Get
                - Import
                - List
                - Purge
                - Recover
                - Restore
                - Sign
                - UnwrapKey
                - Update
                - Verify
                - WrapKey
              secretPermissions:
                - Backup
                - Delete
                - Get
                - List
                - Purge
                - Recover
                - Restore
                - Set
      exampleCertificate:
        type: azure:keyvault:Certificate
        name: example
        properties:
          name: imported-cert
          keyVaultId: ${exampleKeyVault.id}
          certificate:
            contents:
              fn::invoke:
                Function: std:filebase64
                Arguments:
                  input: certificate-to-import.pfx
                Return: result
            password:
    variables:
      current:
        fn::invoke:
          Function: azure:core:getClientConfig
          Arguments: {}
    

    Generating a new certificate

    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const current = azure.core.getClientConfig({});
    const example = new azure.core.ResourceGroup("example", {
        name: "example-resources",
        location: "West Europe",
    });
    const exampleKeyVault = new azure.keyvault.KeyVault("example", {
        name: "examplekeyvault",
        location: example.location,
        resourceGroupName: example.name,
        tenantId: current.then(current => current.tenantId),
        skuName: "standard",
        softDeleteRetentionDays: 7,
        accessPolicies: [{
            tenantId: current.then(current => current.tenantId),
            objectId: current.then(current => current.objectId),
            certificatePermissions: [
                "Create",
                "Delete",
                "DeleteIssuers",
                "Get",
                "GetIssuers",
                "Import",
                "List",
                "ListIssuers",
                "ManageContacts",
                "ManageIssuers",
                "Purge",
                "SetIssuers",
                "Update",
            ],
            keyPermissions: [
                "Backup",
                "Create",
                "Decrypt",
                "Delete",
                "Encrypt",
                "Get",
                "Import",
                "List",
                "Purge",
                "Recover",
                "Restore",
                "Sign",
                "UnwrapKey",
                "Update",
                "Verify",
                "WrapKey",
            ],
            secretPermissions: [
                "Backup",
                "Delete",
                "Get",
                "List",
                "Purge",
                "Recover",
                "Restore",
                "Set",
            ],
        }],
    });
    const exampleCertificate = new azure.keyvault.Certificate("example", {
        name: "generated-cert",
        keyVaultId: exampleKeyVault.id,
        certificatePolicy: {
            issuerParameters: {
                name: "Self",
            },
            keyProperties: {
                exportable: true,
                keySize: 2048,
                keyType: "RSA",
                reuseKey: true,
            },
            lifetimeActions: [{
                action: {
                    actionType: "AutoRenew",
                },
                trigger: {
                    daysBeforeExpiry: 30,
                },
            }],
            secretProperties: {
                contentType: "application/x-pkcs12",
            },
            x509CertificateProperties: {
                extendedKeyUsages: ["1.3.6.1.5.5.7.3.1"],
                keyUsages: [
                    "cRLSign",
                    "dataEncipherment",
                    "digitalSignature",
                    "keyAgreement",
                    "keyCertSign",
                    "keyEncipherment",
                ],
                subjectAlternativeNames: {
                    dnsNames: [
                        "internal.contoso.com",
                        "domain.hello.world",
                    ],
                },
                subject: "CN=hello-world",
                validityInMonths: 12,
            },
        },
    });
    
    import pulumi
    import pulumi_azure as azure
    
    current = azure.core.get_client_config()
    example = azure.core.ResourceGroup("example",
        name="example-resources",
        location="West Europe")
    example_key_vault = azure.keyvault.KeyVault("example",
        name="examplekeyvault",
        location=example.location,
        resource_group_name=example.name,
        tenant_id=current.tenant_id,
        sku_name="standard",
        soft_delete_retention_days=7,
        access_policies=[azure.keyvault.KeyVaultAccessPolicyArgs(
            tenant_id=current.tenant_id,
            object_id=current.object_id,
            certificate_permissions=[
                "Create",
                "Delete",
                "DeleteIssuers",
                "Get",
                "GetIssuers",
                "Import",
                "List",
                "ListIssuers",
                "ManageContacts",
                "ManageIssuers",
                "Purge",
                "SetIssuers",
                "Update",
            ],
            key_permissions=[
                "Backup",
                "Create",
                "Decrypt",
                "Delete",
                "Encrypt",
                "Get",
                "Import",
                "List",
                "Purge",
                "Recover",
                "Restore",
                "Sign",
                "UnwrapKey",
                "Update",
                "Verify",
                "WrapKey",
            ],
            secret_permissions=[
                "Backup",
                "Delete",
                "Get",
                "List",
                "Purge",
                "Recover",
                "Restore",
                "Set",
            ],
        )])
    example_certificate = azure.keyvault.Certificate("example",
        name="generated-cert",
        key_vault_id=example_key_vault.id,
        certificate_policy=azure.keyvault.CertificateCertificatePolicyArgs(
            issuer_parameters=azure.keyvault.CertificateCertificatePolicyIssuerParametersArgs(
                name="Self",
            ),
            key_properties=azure.keyvault.CertificateCertificatePolicyKeyPropertiesArgs(
                exportable=True,
                key_size=2048,
                key_type="RSA",
                reuse_key=True,
            ),
            lifetime_actions=[azure.keyvault.CertificateCertificatePolicyLifetimeActionArgs(
                action=azure.keyvault.CertificateCertificatePolicyLifetimeActionActionArgs(
                    action_type="AutoRenew",
                ),
                trigger=azure.keyvault.CertificateCertificatePolicyLifetimeActionTriggerArgs(
                    days_before_expiry=30,
                ),
            )],
            secret_properties=azure.keyvault.CertificateCertificatePolicySecretPropertiesArgs(
                content_type="application/x-pkcs12",
            ),
            x509_certificate_properties=azure.keyvault.CertificateCertificatePolicyX509CertificatePropertiesArgs(
                extended_key_usages=["1.3.6.1.5.5.7.3.1"],
                key_usages=[
                    "cRLSign",
                    "dataEncipherment",
                    "digitalSignature",
                    "keyAgreement",
                    "keyCertSign",
                    "keyEncipherment",
                ],
                subject_alternative_names=azure.keyvault.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs(
                    dns_names=[
                        "internal.contoso.com",
                        "domain.hello.world",
                    ],
                ),
                subject="CN=hello-world",
                validity_in_months=12,
            ),
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		current, err := core.GetClientConfig(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
    			Name:     pulumi.String("example-resources"),
    			Location: pulumi.String("West Europe"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
    			Name:                    pulumi.String("examplekeyvault"),
    			Location:                example.Location,
    			ResourceGroupName:       example.Name,
    			TenantId:                pulumi.String(current.TenantId),
    			SkuName:                 pulumi.String("standard"),
    			SoftDeleteRetentionDays: pulumi.Int(7),
    			AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
    				&keyvault.KeyVaultAccessPolicyArgs{
    					TenantId: pulumi.String(current.TenantId),
    					ObjectId: pulumi.String(current.ObjectId),
    					CertificatePermissions: pulumi.StringArray{
    						pulumi.String("Create"),
    						pulumi.String("Delete"),
    						pulumi.String("DeleteIssuers"),
    						pulumi.String("Get"),
    						pulumi.String("GetIssuers"),
    						pulumi.String("Import"),
    						pulumi.String("List"),
    						pulumi.String("ListIssuers"),
    						pulumi.String("ManageContacts"),
    						pulumi.String("ManageIssuers"),
    						pulumi.String("Purge"),
    						pulumi.String("SetIssuers"),
    						pulumi.String("Update"),
    					},
    					KeyPermissions: pulumi.StringArray{
    						pulumi.String("Backup"),
    						pulumi.String("Create"),
    						pulumi.String("Decrypt"),
    						pulumi.String("Delete"),
    						pulumi.String("Encrypt"),
    						pulumi.String("Get"),
    						pulumi.String("Import"),
    						pulumi.String("List"),
    						pulumi.String("Purge"),
    						pulumi.String("Recover"),
    						pulumi.String("Restore"),
    						pulumi.String("Sign"),
    						pulumi.String("UnwrapKey"),
    						pulumi.String("Update"),
    						pulumi.String("Verify"),
    						pulumi.String("WrapKey"),
    					},
    					SecretPermissions: pulumi.StringArray{
    						pulumi.String("Backup"),
    						pulumi.String("Delete"),
    						pulumi.String("Get"),
    						pulumi.String("List"),
    						pulumi.String("Purge"),
    						pulumi.String("Recover"),
    						pulumi.String("Restore"),
    						pulumi.String("Set"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = keyvault.NewCertificate(ctx, "example", &keyvault.CertificateArgs{
    			Name:       pulumi.String("generated-cert"),
    			KeyVaultId: exampleKeyVault.ID(),
    			CertificatePolicy: &keyvault.CertificateCertificatePolicyArgs{
    				IssuerParameters: &keyvault.CertificateCertificatePolicyIssuerParametersArgs{
    					Name: pulumi.String("Self"),
    				},
    				KeyProperties: &keyvault.CertificateCertificatePolicyKeyPropertiesArgs{
    					Exportable: pulumi.Bool(true),
    					KeySize:    pulumi.Int(2048),
    					KeyType:    pulumi.String("RSA"),
    					ReuseKey:   pulumi.Bool(true),
    				},
    				LifetimeActions: keyvault.CertificateCertificatePolicyLifetimeActionArray{
    					&keyvault.CertificateCertificatePolicyLifetimeActionArgs{
    						Action: &keyvault.CertificateCertificatePolicyLifetimeActionActionArgs{
    							ActionType: pulumi.String("AutoRenew"),
    						},
    						Trigger: &keyvault.CertificateCertificatePolicyLifetimeActionTriggerArgs{
    							DaysBeforeExpiry: pulumi.Int(30),
    						},
    					},
    				},
    				SecretProperties: &keyvault.CertificateCertificatePolicySecretPropertiesArgs{
    					ContentType: pulumi.String("application/x-pkcs12"),
    				},
    				X509CertificateProperties: &keyvault.CertificateCertificatePolicyX509CertificatePropertiesArgs{
    					ExtendedKeyUsages: pulumi.StringArray{
    						pulumi.String("1.3.6.1.5.5.7.3.1"),
    					},
    					KeyUsages: pulumi.StringArray{
    						pulumi.String("cRLSign"),
    						pulumi.String("dataEncipherment"),
    						pulumi.String("digitalSignature"),
    						pulumi.String("keyAgreement"),
    						pulumi.String("keyCertSign"),
    						pulumi.String("keyEncipherment"),
    					},
    					SubjectAlternativeNames: &keyvault.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs{
    						DnsNames: pulumi.StringArray{
    							pulumi.String("internal.contoso.com"),
    							pulumi.String("domain.hello.world"),
    						},
    					},
    					Subject:          pulumi.String("CN=hello-world"),
    					ValidityInMonths: pulumi.Int(12),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var current = Azure.Core.GetClientConfig.Invoke();
    
        var example = new Azure.Core.ResourceGroup("example", new()
        {
            Name = "example-resources",
            Location = "West Europe",
        });
    
        var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
        {
            Name = "examplekeyvault",
            Location = example.Location,
            ResourceGroupName = example.Name,
            TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
            SkuName = "standard",
            SoftDeleteRetentionDays = 7,
            AccessPolicies = new[]
            {
                new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
                {
                    TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
                    ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
                    CertificatePermissions = new[]
                    {
                        "Create",
                        "Delete",
                        "DeleteIssuers",
                        "Get",
                        "GetIssuers",
                        "Import",
                        "List",
                        "ListIssuers",
                        "ManageContacts",
                        "ManageIssuers",
                        "Purge",
                        "SetIssuers",
                        "Update",
                    },
                    KeyPermissions = new[]
                    {
                        "Backup",
                        "Create",
                        "Decrypt",
                        "Delete",
                        "Encrypt",
                        "Get",
                        "Import",
                        "List",
                        "Purge",
                        "Recover",
                        "Restore",
                        "Sign",
                        "UnwrapKey",
                        "Update",
                        "Verify",
                        "WrapKey",
                    },
                    SecretPermissions = new[]
                    {
                        "Backup",
                        "Delete",
                        "Get",
                        "List",
                        "Purge",
                        "Recover",
                        "Restore",
                        "Set",
                    },
                },
            },
        });
    
        var exampleCertificate = new Azure.KeyVault.Certificate("example", new()
        {
            Name = "generated-cert",
            KeyVaultId = exampleKeyVault.Id,
            CertificatePolicy = new Azure.KeyVault.Inputs.CertificateCertificatePolicyArgs
            {
                IssuerParameters = new Azure.KeyVault.Inputs.CertificateCertificatePolicyIssuerParametersArgs
                {
                    Name = "Self",
                },
                KeyProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicyKeyPropertiesArgs
                {
                    Exportable = true,
                    KeySize = 2048,
                    KeyType = "RSA",
                    ReuseKey = true,
                },
                LifetimeActions = new[]
                {
                    new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionArgs
                    {
                        Action = new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionActionArgs
                        {
                            ActionType = "AutoRenew",
                        },
                        Trigger = new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionTriggerArgs
                        {
                            DaysBeforeExpiry = 30,
                        },
                    },
                },
                SecretProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicySecretPropertiesArgs
                {
                    ContentType = "application/x-pkcs12",
                },
                X509CertificateProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicyX509CertificatePropertiesArgs
                {
                    ExtendedKeyUsages = new[]
                    {
                        "1.3.6.1.5.5.7.3.1",
                    },
                    KeyUsages = new[]
                    {
                        "cRLSign",
                        "dataEncipherment",
                        "digitalSignature",
                        "keyAgreement",
                        "keyCertSign",
                        "keyEncipherment",
                    },
                    SubjectAlternativeNames = new Azure.KeyVault.Inputs.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs
                    {
                        DnsNames = new[]
                        {
                            "internal.contoso.com",
                            "domain.hello.world",
                        },
                    },
                    Subject = "CN=hello-world",
                    ValidityInMonths = 12,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.CoreFunctions;
    import com.pulumi.azure.core.ResourceGroup;
    import com.pulumi.azure.core.ResourceGroupArgs;
    import com.pulumi.azure.keyvault.KeyVault;
    import com.pulumi.azure.keyvault.KeyVaultArgs;
    import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
    import com.pulumi.azure.keyvault.Certificate;
    import com.pulumi.azure.keyvault.CertificateArgs;
    import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyArgs;
    import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyIssuerParametersArgs;
    import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyKeyPropertiesArgs;
    import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicySecretPropertiesArgs;
    import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyX509CertificatePropertiesArgs;
    import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var current = CoreFunctions.getClientConfig();
    
            var example = new ResourceGroup("example", ResourceGroupArgs.builder()        
                .name("example-resources")
                .location("West Europe")
                .build());
    
            var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()        
                .name("examplekeyvault")
                .location(example.location())
                .resourceGroupName(example.name())
                .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
                .skuName("standard")
                .softDeleteRetentionDays(7)
                .accessPolicies(KeyVaultAccessPolicyArgs.builder()
                    .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
                    .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
                    .certificatePermissions(                
                        "Create",
                        "Delete",
                        "DeleteIssuers",
                        "Get",
                        "GetIssuers",
                        "Import",
                        "List",
                        "ListIssuers",
                        "ManageContacts",
                        "ManageIssuers",
                        "Purge",
                        "SetIssuers",
                        "Update")
                    .keyPermissions(                
                        "Backup",
                        "Create",
                        "Decrypt",
                        "Delete",
                        "Encrypt",
                        "Get",
                        "Import",
                        "List",
                        "Purge",
                        "Recover",
                        "Restore",
                        "Sign",
                        "UnwrapKey",
                        "Update",
                        "Verify",
                        "WrapKey")
                    .secretPermissions(                
                        "Backup",
                        "Delete",
                        "Get",
                        "List",
                        "Purge",
                        "Recover",
                        "Restore",
                        "Set")
                    .build())
                .build());
    
            var exampleCertificate = new Certificate("exampleCertificate", CertificateArgs.builder()        
                .name("generated-cert")
                .keyVaultId(exampleKeyVault.id())
                .certificatePolicy(CertificateCertificatePolicyArgs.builder()
                    .issuerParameters(CertificateCertificatePolicyIssuerParametersArgs.builder()
                        .name("Self")
                        .build())
                    .keyProperties(CertificateCertificatePolicyKeyPropertiesArgs.builder()
                        .exportable(true)
                        .keySize(2048)
                        .keyType("RSA")
                        .reuseKey(true)
                        .build())
                    .lifetimeActions(CertificateCertificatePolicyLifetimeActionArgs.builder()
                        .action(CertificateCertificatePolicyLifetimeActionActionArgs.builder()
                            .actionType("AutoRenew")
                            .build())
                        .trigger(CertificateCertificatePolicyLifetimeActionTriggerArgs.builder()
                            .daysBeforeExpiry(30)
                            .build())
                        .build())
                    .secretProperties(CertificateCertificatePolicySecretPropertiesArgs.builder()
                        .contentType("application/x-pkcs12")
                        .build())
                    .x509CertificateProperties(CertificateCertificatePolicyX509CertificatePropertiesArgs.builder()
                        .extendedKeyUsages("1.3.6.1.5.5.7.3.1")
                        .keyUsages(                    
                            "cRLSign",
                            "dataEncipherment",
                            "digitalSignature",
                            "keyAgreement",
                            "keyCertSign",
                            "keyEncipherment")
                        .subjectAlternativeNames(CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs.builder()
                            .dnsNames(                        
                                "internal.contoso.com",
                                "domain.hello.world")
                            .build())
                        .subject("CN=hello-world")
                        .validityInMonths(12)
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: azure:core:ResourceGroup
        properties:
          name: example-resources
          location: West Europe
      exampleKeyVault:
        type: azure:keyvault:KeyVault
        name: example
        properties:
          name: examplekeyvault
          location: ${example.location}
          resourceGroupName: ${example.name}
          tenantId: ${current.tenantId}
          skuName: standard
          softDeleteRetentionDays: 7
          accessPolicies:
            - tenantId: ${current.tenantId}
              objectId: ${current.objectId}
              certificatePermissions:
                - Create
                - Delete
                - DeleteIssuers
                - Get
                - GetIssuers
                - Import
                - List
                - ListIssuers
                - ManageContacts
                - ManageIssuers
                - Purge
                - SetIssuers
                - Update
              keyPermissions:
                - Backup
                - Create
                - Decrypt
                - Delete
                - Encrypt
                - Get
                - Import
                - List
                - Purge
                - Recover
                - Restore
                - Sign
                - UnwrapKey
                - Update
                - Verify
                - WrapKey
              secretPermissions:
                - Backup
                - Delete
                - Get
                - List
                - Purge
                - Recover
                - Restore
                - Set
      exampleCertificate:
        type: azure:keyvault:Certificate
        name: example
        properties:
          name: generated-cert
          keyVaultId: ${exampleKeyVault.id}
          certificatePolicy:
            issuerParameters:
              name: Self
            keyProperties:
              exportable: true
              keySize: 2048
              keyType: RSA
              reuseKey: true
            lifetimeActions:
              - action:
                  actionType: AutoRenew
                trigger:
                  daysBeforeExpiry: 30
            secretProperties:
              contentType: application/x-pkcs12
            x509CertificateProperties:
              extendedKeyUsages:
                - 1.3.6.1.5.5.7.3.1
              keyUsages:
                - cRLSign
                - dataEncipherment
                - digitalSignature
                - keyAgreement
                - keyCertSign
                - keyEncipherment
              subjectAlternativeNames:
                dnsNames:
                  - internal.contoso.com
                  - domain.hello.world
              subject: CN=hello-world
              validityInMonths: 12
    variables:
      current:
        fn::invoke:
          Function: azure:core:getClientConfig
          Arguments: {}
    

    Create Certifiate Resource

    new Certifiate(name: string, args: CertifiateArgs, opts?: CustomResourceOptions);
    @overload
    def Certifiate(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   certificate: Optional[CertifiateCertificateArgs] = None,
                   certificate_policy: Optional[CertifiateCertificatePolicyArgs] = None,
                   key_vault_id: Optional[str] = None,
                   name: Optional[str] = None,
                   tags: Optional[Mapping[str, str]] = None)
    @overload
    def Certifiate(resource_name: str,
                   args: CertifiateArgs,
                   opts: Optional[ResourceOptions] = None)
    func NewCertifiate(ctx *Context, name string, args CertifiateArgs, opts ...ResourceOption) (*Certifiate, error)
    public Certifiate(string name, CertifiateArgs args, CustomResourceOptions? opts = null)
    public Certifiate(String name, CertifiateArgs args)
    public Certifiate(String name, CertifiateArgs args, CustomResourceOptions options)
    
    type: azure:keyvault:Certifiate
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args CertifiateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CertifiateArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CertifiateArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CertifiateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CertifiateArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Certifiate Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Certifiate resource accepts the following input properties:

    KeyVaultId string
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    CertificatePolicy CertifiateCertificatePolicy

    A certificate_policy block as defined below. Changing this (except the lifetime_action field) will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    KeyVaultCertificate CertifiateCertificate
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    Name string
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    Tags Dictionary<string, string>
    A mapping of tags to assign to the resource.
    KeyVaultId string
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    Certificate CertifiateCertificateArgs
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    CertificatePolicy CertifiateCertificatePolicyArgs

    A certificate_policy block as defined below. Changing this (except the lifetime_action field) will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    Name string
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    Tags map[string]string
    A mapping of tags to assign to the resource.
    keyVaultId String
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    certificate CertifiateCertificate
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    certificatePolicy CertifiateCertificatePolicy

    A certificate_policy block as defined below. Changing this (except the lifetime_action field) will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    name String
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    tags Map<String,String>
    A mapping of tags to assign to the resource.
    keyVaultId string
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    certificate CertifiateCertificate
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    certificatePolicy CertifiateCertificatePolicy

    A certificate_policy block as defined below. Changing this (except the lifetime_action field) will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    name string
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    tags {[key: string]: string}
    A mapping of tags to assign to the resource.
    key_vault_id str
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    certificate CertifiateCertificateArgs
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    certificate_policy CertifiateCertificatePolicyArgs

    A certificate_policy block as defined below. Changing this (except the lifetime_action field) will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    name str
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    tags Mapping[str, str]
    A mapping of tags to assign to the resource.
    keyVaultId String
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    certificate Property Map
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    certificatePolicy Property Map

    A certificate_policy block as defined below. Changing this (except the lifetime_action field) will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    name String
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    tags Map<String>
    A mapping of tags to assign to the resource.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Certifiate resource produces the following output properties:

    CertificateAttributes List<CertifiateCertificateAttribute>
    A certificate_attribute block as defined below.
    CertificateData string
    The raw Key Vault Certificate data represented as a hexadecimal string.
    CertificateDataBase64 string
    The Base64 encoded Key Vault Certificate data.
    Id string
    The provider-assigned unique ID for this managed resource.
    ResourceManagerId string
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    ResourceManagerVersionlessId string
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    SecretId string
    The ID of the associated Key Vault Secret.
    Thumbprint string
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    Version string
    The current version of the Key Vault Certificate.
    VersionlessId string
    The Base ID of the Key Vault Certificate.
    VersionlessSecretId string
    The Base ID of the Key Vault Secret.
    CertificateAttributes []CertifiateCertificateAttribute
    A certificate_attribute block as defined below.
    CertificateData string
    The raw Key Vault Certificate data represented as a hexadecimal string.
    CertificateDataBase64 string
    The Base64 encoded Key Vault Certificate data.
    Id string
    The provider-assigned unique ID for this managed resource.
    ResourceManagerId string
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    ResourceManagerVersionlessId string
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    SecretId string
    The ID of the associated Key Vault Secret.
    Thumbprint string
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    Version string
    The current version of the Key Vault Certificate.
    VersionlessId string
    The Base ID of the Key Vault Certificate.
    VersionlessSecretId string
    The Base ID of the Key Vault Secret.
    certificateAttributes List<CertifiateCertificateAttribute>
    A certificate_attribute block as defined below.
    certificateData String
    The raw Key Vault Certificate data represented as a hexadecimal string.
    certificateDataBase64 String
    The Base64 encoded Key Vault Certificate data.
    id String
    The provider-assigned unique ID for this managed resource.
    resourceManagerId String
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    resourceManagerVersionlessId String
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    secretId String
    The ID of the associated Key Vault Secret.
    thumbprint String
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    version String
    The current version of the Key Vault Certificate.
    versionlessId String
    The Base ID of the Key Vault Certificate.
    versionlessSecretId String
    The Base ID of the Key Vault Secret.
    certificateAttributes CertifiateCertificateAttribute[]
    A certificate_attribute block as defined below.
    certificateData string
    The raw Key Vault Certificate data represented as a hexadecimal string.
    certificateDataBase64 string
    The Base64 encoded Key Vault Certificate data.
    id string
    The provider-assigned unique ID for this managed resource.
    resourceManagerId string
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    resourceManagerVersionlessId string
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    secretId string
    The ID of the associated Key Vault Secret.
    thumbprint string
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    version string
    The current version of the Key Vault Certificate.
    versionlessId string
    The Base ID of the Key Vault Certificate.
    versionlessSecretId string
    The Base ID of the Key Vault Secret.
    certificate_attributes Sequence[CertifiateCertificateAttribute]
    A certificate_attribute block as defined below.
    certificate_data str
    The raw Key Vault Certificate data represented as a hexadecimal string.
    certificate_data_base64 str
    The Base64 encoded Key Vault Certificate data.
    id str
    The provider-assigned unique ID for this managed resource.
    resource_manager_id str
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    resource_manager_versionless_id str
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    secret_id str
    The ID of the associated Key Vault Secret.
    thumbprint str
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    version str
    The current version of the Key Vault Certificate.
    versionless_id str
    The Base ID of the Key Vault Certificate.
    versionless_secret_id str
    The Base ID of the Key Vault Secret.
    certificateAttributes List<Property Map>
    A certificate_attribute block as defined below.
    certificateData String
    The raw Key Vault Certificate data represented as a hexadecimal string.
    certificateDataBase64 String
    The Base64 encoded Key Vault Certificate data.
    id String
    The provider-assigned unique ID for this managed resource.
    resourceManagerId String
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    resourceManagerVersionlessId String
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    secretId String
    The ID of the associated Key Vault Secret.
    thumbprint String
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    version String
    The current version of the Key Vault Certificate.
    versionlessId String
    The Base ID of the Key Vault Certificate.
    versionlessSecretId String
    The Base ID of the Key Vault Secret.

    Look up Existing Certifiate Resource

    Get an existing Certifiate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: CertifiateState, opts?: CustomResourceOptions): Certifiate
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            certificate: Optional[CertifiateCertificateArgs] = None,
            certificate_attributes: Optional[Sequence[CertifiateCertificateAttributeArgs]] = None,
            certificate_data: Optional[str] = None,
            certificate_data_base64: Optional[str] = None,
            certificate_policy: Optional[CertifiateCertificatePolicyArgs] = None,
            key_vault_id: Optional[str] = None,
            name: Optional[str] = None,
            resource_manager_id: Optional[str] = None,
            resource_manager_versionless_id: Optional[str] = None,
            secret_id: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None,
            thumbprint: Optional[str] = None,
            version: Optional[str] = None,
            versionless_id: Optional[str] = None,
            versionless_secret_id: Optional[str] = None) -> Certifiate
    func GetCertifiate(ctx *Context, name string, id IDInput, state *CertifiateState, opts ...ResourceOption) (*Certifiate, error)
    public static Certifiate Get(string name, Input<string> id, CertifiateState? state, CustomResourceOptions? opts = null)
    public static Certifiate get(String name, Output<String> id, CertifiateState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    CertificateAttributes List<CertifiateCertificateAttribute>
    A certificate_attribute block as defined below.
    CertificateData string
    The raw Key Vault Certificate data represented as a hexadecimal string.
    CertificateDataBase64 string
    The Base64 encoded Key Vault Certificate data.
    CertificatePolicy CertifiateCertificatePolicy

    A certificate_policy block as defined below. Changing this (except the lifetime_action field) will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    KeyVaultCertificate CertifiateCertificate
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    KeyVaultId string
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    Name string
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    ResourceManagerId string
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    ResourceManagerVersionlessId string
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    SecretId string
    The ID of the associated Key Vault Secret.
    Tags Dictionary<string, string>
    A mapping of tags to assign to the resource.
    Thumbprint string
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    Version string
    The current version of the Key Vault Certificate.
    VersionlessId string
    The Base ID of the Key Vault Certificate.
    VersionlessSecretId string
    The Base ID of the Key Vault Secret.
    Certificate CertifiateCertificateArgs
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    CertificateAttributes []CertifiateCertificateAttributeArgs
    A certificate_attribute block as defined below.
    CertificateData string
    The raw Key Vault Certificate data represented as a hexadecimal string.
    CertificateDataBase64 string
    The Base64 encoded Key Vault Certificate data.
    CertificatePolicy CertifiateCertificatePolicyArgs

    A certificate_policy block as defined below. Changing this (except the lifetime_action field) will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    KeyVaultId string
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    Name string
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    ResourceManagerId string
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    ResourceManagerVersionlessId string
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    SecretId string
    The ID of the associated Key Vault Secret.
    Tags map[string]string
    A mapping of tags to assign to the resource.
    Thumbprint string
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    Version string
    The current version of the Key Vault Certificate.
    VersionlessId string
    The Base ID of the Key Vault Certificate.
    VersionlessSecretId string
    The Base ID of the Key Vault Secret.
    certificate CertifiateCertificate
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    certificateAttributes List<CertifiateCertificateAttribute>
    A certificate_attribute block as defined below.
    certificateData String
    The raw Key Vault Certificate data represented as a hexadecimal string.
    certificateDataBase64 String
    The Base64 encoded Key Vault Certificate data.
    certificatePolicy CertifiateCertificatePolicy

    A certificate_policy block as defined below. Changing this (except the lifetime_action field) will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    keyVaultId String
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    name String
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    resourceManagerId String
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    resourceManagerVersionlessId String
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    secretId String
    The ID of the associated Key Vault Secret.
    tags Map<String,String>
    A mapping of tags to assign to the resource.
    thumbprint String
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    version String
    The current version of the Key Vault Certificate.
    versionlessId String
    The Base ID of the Key Vault Certificate.
    versionlessSecretId String
    The Base ID of the Key Vault Secret.
    certificate CertifiateCertificate
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    certificateAttributes CertifiateCertificateAttribute[]
    A certificate_attribute block as defined below.
    certificateData string
    The raw Key Vault Certificate data represented as a hexadecimal string.
    certificateDataBase64 string
    The Base64 encoded Key Vault Certificate data.
    certificatePolicy CertifiateCertificatePolicy

    A certificate_policy block as defined below. Changing this (except the lifetime_action field) will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    keyVaultId string
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    name string
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    resourceManagerId string
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    resourceManagerVersionlessId string
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    secretId string
    The ID of the associated Key Vault Secret.
    tags {[key: string]: string}
    A mapping of tags to assign to the resource.
    thumbprint string
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    version string
    The current version of the Key Vault Certificate.
    versionlessId string
    The Base ID of the Key Vault Certificate.
    versionlessSecretId string
    The Base ID of the Key Vault Secret.
    certificate CertifiateCertificateArgs
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    certificate_attributes Sequence[CertifiateCertificateAttributeArgs]
    A certificate_attribute block as defined below.
    certificate_data str
    The raw Key Vault Certificate data represented as a hexadecimal string.
    certificate_data_base64 str
    The Base64 encoded Key Vault Certificate data.
    certificate_policy CertifiateCertificatePolicyArgs

    A certificate_policy block as defined below. Changing this (except the lifetime_action field) will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    key_vault_id str
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    name str
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    resource_manager_id str
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    resource_manager_versionless_id str
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    secret_id str
    The ID of the associated Key Vault Secret.
    tags Mapping[str, str]
    A mapping of tags to assign to the resource.
    thumbprint str
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    version str
    The current version of the Key Vault Certificate.
    versionless_id str
    The Base ID of the Key Vault Certificate.
    versionless_secret_id str
    The Base ID of the Key Vault Secret.
    certificate Property Map
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    certificateAttributes List<Property Map>
    A certificate_attribute block as defined below.
    certificateData String
    The raw Key Vault Certificate data represented as a hexadecimal string.
    certificateDataBase64 String
    The Base64 encoded Key Vault Certificate data.
    certificatePolicy Property Map

    A certificate_policy block as defined below. Changing this (except the lifetime_action field) will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    keyVaultId String
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    name String
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    resourceManagerId String
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    resourceManagerVersionlessId String
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    secretId String
    The ID of the associated Key Vault Secret.
    tags Map<String>
    A mapping of tags to assign to the resource.
    thumbprint String
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    version String
    The current version of the Key Vault Certificate.
    versionlessId String
    The Base ID of the Key Vault Certificate.
    versionlessSecretId String
    The Base ID of the Key Vault Secret.

    Supporting Types

    CertifiateCertificate, CertifiateCertificateArgs

    Contents string
    The base64-encoded certificate contents.
    Password string

    The password associated with the certificate.

    NOTE: A PEM certificate is already base64 encoded. To successfully import, the contents property should include a PEM encoded X509 certificate and a private_key in pkcs8 format. There should only be linux style \n line endings and the whole block should have the PEM begin/end blocks around the certificate data and the private key data.

    To convert a private key to pkcs8 format with openssl use:

    openssl pkcs8 -topk8 -nocrypt -in private_key.pem > private_key_pk8.pem
    

    The PEM content should look something like:

    -----BEGIN CERTIFICATE-----
    aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K
    :
    aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K
    -----END CERTIFICATE-----
    -----BEGIN PRIVATE KEY-----
    d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK
    :
    d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK
    -----END PRIVATE KEY-----
    
    Contents string
    The base64-encoded certificate contents.
    Password string

    The password associated with the certificate.

    NOTE: A PEM certificate is already base64 encoded. To successfully import, the contents property should include a PEM encoded X509 certificate and a private_key in pkcs8 format. There should only be linux style \n line endings and the whole block should have the PEM begin/end blocks around the certificate data and the private key data.

    To convert a private key to pkcs8 format with openssl use:

    openssl pkcs8 -topk8 -nocrypt -in private_key.pem > private_key_pk8.pem
    

    The PEM content should look something like:

    -----BEGIN CERTIFICATE-----
    aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K
    :
    aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K
    -----END CERTIFICATE-----
    -----BEGIN PRIVATE KEY-----
    d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK
    :
    d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK
    -----END PRIVATE KEY-----
    
    contents String
    The base64-encoded certificate contents.
    password String

    The password associated with the certificate.

    NOTE: A PEM certificate is already base64 encoded. To successfully import, the contents property should include a PEM encoded X509 certificate and a private_key in pkcs8 format. There should only be linux style \n line endings and the whole block should have the PEM begin/end blocks around the certificate data and the private key data.

    To convert a private key to pkcs8 format with openssl use:

    openssl pkcs8 -topk8 -nocrypt -in private_key.pem > private_key_pk8.pem
    

    The PEM content should look something like:

    -----BEGIN CERTIFICATE-----
    aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K
    :
    aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K
    -----END CERTIFICATE-----
    -----BEGIN PRIVATE KEY-----
    d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK
    :
    d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK
    -----END PRIVATE KEY-----
    
    contents string
    The base64-encoded certificate contents.
    password string

    The password associated with the certificate.

    NOTE: A PEM certificate is already base64 encoded. To successfully import, the contents property should include a PEM encoded X509 certificate and a private_key in pkcs8 format. There should only be linux style \n line endings and the whole block should have the PEM begin/end blocks around the certificate data and the private key data.

    To convert a private key to pkcs8 format with openssl use:

    openssl pkcs8 -topk8 -nocrypt -in private_key.pem > private_key_pk8.pem
    

    The PEM content should look something like:

    -----BEGIN CERTIFICATE-----
    aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K
    :
    aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K
    -----END CERTIFICATE-----
    -----BEGIN PRIVATE KEY-----
    d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK
    :
    d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK
    -----END PRIVATE KEY-----
    
    contents str
    The base64-encoded certificate contents.
    password str

    The password associated with the certificate.

    NOTE: A PEM certificate is already base64 encoded. To successfully import, the contents property should include a PEM encoded X509 certificate and a private_key in pkcs8 format. There should only be linux style \n line endings and the whole block should have the PEM begin/end blocks around the certificate data and the private key data.

    To convert a private key to pkcs8 format with openssl use:

    openssl pkcs8 -topk8 -nocrypt -in private_key.pem > private_key_pk8.pem
    

    The PEM content should look something like:

    -----BEGIN CERTIFICATE-----
    aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K
    :
    aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K
    -----END CERTIFICATE-----
    -----BEGIN PRIVATE KEY-----
    d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK
    :
    d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK
    -----END PRIVATE KEY-----
    
    contents String
    The base64-encoded certificate contents.
    password String

    The password associated with the certificate.

    NOTE: A PEM certificate is already base64 encoded. To successfully import, the contents property should include a PEM encoded X509 certificate and a private_key in pkcs8 format. There should only be linux style \n line endings and the whole block should have the PEM begin/end blocks around the certificate data and the private key data.

    To convert a private key to pkcs8 format with openssl use:

    openssl pkcs8 -topk8 -nocrypt -in private_key.pem > private_key_pk8.pem
    

    The PEM content should look something like:

    -----BEGIN CERTIFICATE-----
    aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K
    :
    aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K
    -----END CERTIFICATE-----
    -----BEGIN PRIVATE KEY-----
    d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK
    :
    d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK
    -----END PRIVATE KEY-----
    

    CertifiateCertificateAttribute, CertifiateCertificateAttributeArgs

    Created string
    The create time of the Key Vault Certificate.
    Enabled bool
    whether the Key Vault Certificate is enabled.
    Expires string
    The expires time of the Key Vault Certificate.
    NotBefore string
    The not before valid time of the Key Vault Certificate.
    RecoveryLevel string
    The deletion recovery level of the Key Vault Certificate.
    Updated string
    The recent update time of the Key Vault Certificate.
    Created string
    The create time of the Key Vault Certificate.
    Enabled bool
    whether the Key Vault Certificate is enabled.
    Expires string
    The expires time of the Key Vault Certificate.
    NotBefore string
    The not before valid time of the Key Vault Certificate.
    RecoveryLevel string
    The deletion recovery level of the Key Vault Certificate.
    Updated string
    The recent update time of the Key Vault Certificate.
    created String
    The create time of the Key Vault Certificate.
    enabled Boolean
    whether the Key Vault Certificate is enabled.
    expires String
    The expires time of the Key Vault Certificate.
    notBefore String
    The not before valid time of the Key Vault Certificate.
    recoveryLevel String
    The deletion recovery level of the Key Vault Certificate.
    updated String
    The recent update time of the Key Vault Certificate.
    created string
    The create time of the Key Vault Certificate.
    enabled boolean
    whether the Key Vault Certificate is enabled.
    expires string
    The expires time of the Key Vault Certificate.
    notBefore string
    The not before valid time of the Key Vault Certificate.
    recoveryLevel string
    The deletion recovery level of the Key Vault Certificate.
    updated string
    The recent update time of the Key Vault Certificate.
    created str
    The create time of the Key Vault Certificate.
    enabled bool
    whether the Key Vault Certificate is enabled.
    expires str
    The expires time of the Key Vault Certificate.
    not_before str
    The not before valid time of the Key Vault Certificate.
    recovery_level str
    The deletion recovery level of the Key Vault Certificate.
    updated str
    The recent update time of the Key Vault Certificate.
    created String
    The create time of the Key Vault Certificate.
    enabled Boolean
    whether the Key Vault Certificate is enabled.
    expires String
    The expires time of the Key Vault Certificate.
    notBefore String
    The not before valid time of the Key Vault Certificate.
    recoveryLevel String
    The deletion recovery level of the Key Vault Certificate.
    updated String
    The recent update time of the Key Vault Certificate.

    CertifiateCertificatePolicy, CertifiateCertificatePolicyArgs

    IssuerParameters CertifiateCertificatePolicyIssuerParameters
    A issuer_parameters block as defined below.
    KeyProperties CertifiateCertificatePolicyKeyProperties
    A key_properties block as defined below.
    SecretProperties CertifiateCertificatePolicySecretProperties
    A secret_properties block as defined below.
    LifetimeActions List<CertifiateCertificatePolicyLifetimeAction>
    A lifetime_action block as defined below.
    X509CertificateProperties CertifiateCertificatePolicyX509CertificateProperties
    A x509_certificate_properties block as defined below. Required when certificate block is not specified.
    IssuerParameters CertifiateCertificatePolicyIssuerParameters
    A issuer_parameters block as defined below.
    KeyProperties CertifiateCertificatePolicyKeyProperties
    A key_properties block as defined below.
    SecretProperties CertifiateCertificatePolicySecretProperties
    A secret_properties block as defined below.
    LifetimeActions []CertifiateCertificatePolicyLifetimeAction
    A lifetime_action block as defined below.
    X509CertificateProperties CertifiateCertificatePolicyX509CertificateProperties
    A x509_certificate_properties block as defined below. Required when certificate block is not specified.
    issuerParameters CertifiateCertificatePolicyIssuerParameters
    A issuer_parameters block as defined below.
    keyProperties CertifiateCertificatePolicyKeyProperties
    A key_properties block as defined below.
    secretProperties CertifiateCertificatePolicySecretProperties
    A secret_properties block as defined below.
    lifetimeActions List<CertifiateCertificatePolicyLifetimeAction>
    A lifetime_action block as defined below.
    x509CertificateProperties CertifiateCertificatePolicyX509CertificateProperties
    A x509_certificate_properties block as defined below. Required when certificate block is not specified.
    issuerParameters CertifiateCertificatePolicyIssuerParameters
    A issuer_parameters block as defined below.
    keyProperties CertifiateCertificatePolicyKeyProperties
    A key_properties block as defined below.
    secretProperties CertifiateCertificatePolicySecretProperties
    A secret_properties block as defined below.
    lifetimeActions CertifiateCertificatePolicyLifetimeAction[]
    A lifetime_action block as defined below.
    x509CertificateProperties CertifiateCertificatePolicyX509CertificateProperties
    A x509_certificate_properties block as defined below. Required when certificate block is not specified.
    issuer_parameters CertifiateCertificatePolicyIssuerParameters
    A issuer_parameters block as defined below.
    key_properties CertifiateCertificatePolicyKeyProperties
    A key_properties block as defined below.
    secret_properties CertifiateCertificatePolicySecretProperties
    A secret_properties block as defined below.
    lifetime_actions Sequence[CertifiateCertificatePolicyLifetimeAction]
    A lifetime_action block as defined below.
    x509_certificate_properties CertifiateCertificatePolicyX509CertificateProperties
    A x509_certificate_properties block as defined below. Required when certificate block is not specified.
    issuerParameters Property Map
    A issuer_parameters block as defined below.
    keyProperties Property Map
    A key_properties block as defined below.
    secretProperties Property Map
    A secret_properties block as defined below.
    lifetimeActions List<Property Map>
    A lifetime_action block as defined below.
    x509CertificateProperties Property Map
    A x509_certificate_properties block as defined below. Required when certificate block is not specified.

    CertifiateCertificatePolicyIssuerParameters, CertifiateCertificatePolicyIssuerParametersArgs

    Name string
    The name of the Certificate Issuer. Possible values include Self (for self-signed certificate), or Unknown (for a certificate issuing authority like Let's Encrypt and Azure direct supported ones).
    Name string
    The name of the Certificate Issuer. Possible values include Self (for self-signed certificate), or Unknown (for a certificate issuing authority like Let's Encrypt and Azure direct supported ones).
    name String
    The name of the Certificate Issuer. Possible values include Self (for self-signed certificate), or Unknown (for a certificate issuing authority like Let's Encrypt and Azure direct supported ones).
    name string
    The name of the Certificate Issuer. Possible values include Self (for self-signed certificate), or Unknown (for a certificate issuing authority like Let's Encrypt and Azure direct supported ones).
    name str
    The name of the Certificate Issuer. Possible values include Self (for self-signed certificate), or Unknown (for a certificate issuing authority like Let's Encrypt and Azure direct supported ones).
    name String
    The name of the Certificate Issuer. Possible values include Self (for self-signed certificate), or Unknown (for a certificate issuing authority like Let's Encrypt and Azure direct supported ones).

    CertifiateCertificatePolicyKeyProperties, CertifiateCertificatePolicyKeyPropertiesArgs

    Exportable bool
    Is this certificate exportable?
    KeyType string
    Specifies the type of key. Possible values are EC, EC-HSM, RSA, RSA-HSM and oct.
    ReuseKey bool
    Is the key reusable?
    Curve string
    Specifies the curve to use when creating an EC key. Possible values are P-256, P-256K, P-384, and P-521. This field will be required in a future release if key_type is EC or EC-HSM.
    KeySize int
    The size of the key used in the certificate. Possible values include 2048, 3072, and 4096 for RSA keys, or 256, 384, and 521 for EC keys. This property is required when using RSA keys.
    Exportable bool
    Is this certificate exportable?
    KeyType string
    Specifies the type of key. Possible values are EC, EC-HSM, RSA, RSA-HSM and oct.
    ReuseKey bool
    Is the key reusable?
    Curve string
    Specifies the curve to use when creating an EC key. Possible values are P-256, P-256K, P-384, and P-521. This field will be required in a future release if key_type is EC or EC-HSM.
    KeySize int
    The size of the key used in the certificate. Possible values include 2048, 3072, and 4096 for RSA keys, or 256, 384, and 521 for EC keys. This property is required when using RSA keys.
    exportable Boolean
    Is this certificate exportable?
    keyType String
    Specifies the type of key. Possible values are EC, EC-HSM, RSA, RSA-HSM and oct.
    reuseKey Boolean
    Is the key reusable?
    curve String
    Specifies the curve to use when creating an EC key. Possible values are P-256, P-256K, P-384, and P-521. This field will be required in a future release if key_type is EC or EC-HSM.
    keySize Integer
    The size of the key used in the certificate. Possible values include 2048, 3072, and 4096 for RSA keys, or 256, 384, and 521 for EC keys. This property is required when using RSA keys.
    exportable boolean
    Is this certificate exportable?
    keyType string
    Specifies the type of key. Possible values are EC, EC-HSM, RSA, RSA-HSM and oct.
    reuseKey boolean
    Is the key reusable?
    curve string
    Specifies the curve to use when creating an EC key. Possible values are P-256, P-256K, P-384, and P-521. This field will be required in a future release if key_type is EC or EC-HSM.
    keySize number
    The size of the key used in the certificate. Possible values include 2048, 3072, and 4096 for RSA keys, or 256, 384, and 521 for EC keys. This property is required when using RSA keys.
    exportable bool
    Is this certificate exportable?
    key_type str
    Specifies the type of key. Possible values are EC, EC-HSM, RSA, RSA-HSM and oct.
    reuse_key bool
    Is the key reusable?
    curve str
    Specifies the curve to use when creating an EC key. Possible values are P-256, P-256K, P-384, and P-521. This field will be required in a future release if key_type is EC or EC-HSM.
    key_size int
    The size of the key used in the certificate. Possible values include 2048, 3072, and 4096 for RSA keys, or 256, 384, and 521 for EC keys. This property is required when using RSA keys.
    exportable Boolean
    Is this certificate exportable?
    keyType String
    Specifies the type of key. Possible values are EC, EC-HSM, RSA, RSA-HSM and oct.
    reuseKey Boolean
    Is the key reusable?
    curve String
    Specifies the curve to use when creating an EC key. Possible values are P-256, P-256K, P-384, and P-521. This field will be required in a future release if key_type is EC or EC-HSM.
    keySize Number
    The size of the key used in the certificate. Possible values include 2048, 3072, and 4096 for RSA keys, or 256, 384, and 521 for EC keys. This property is required when using RSA keys.

    CertifiateCertificatePolicyLifetimeAction, CertifiateCertificatePolicyLifetimeActionArgs

    action Property Map
    A action block as defined below.
    trigger Property Map
    A trigger block as defined below.

    CertifiateCertificatePolicyLifetimeActionAction, CertifiateCertificatePolicyLifetimeActionActionArgs

    ActionType string
    The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts.
    ActionType string
    The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts.
    actionType String
    The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts.
    actionType string
    The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts.
    action_type str
    The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts.
    actionType String
    The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts.

    CertifiateCertificatePolicyLifetimeActionTrigger, CertifiateCertificatePolicyLifetimeActionTriggerArgs

    DaysBeforeExpiry int
    The number of days before the Certificate expires that the action associated with this Trigger should run. Conflicts with lifetime_percentage.
    LifetimePercentage int
    The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Conflicts with days_before_expiry.
    DaysBeforeExpiry int
    The number of days before the Certificate expires that the action associated with this Trigger should run. Conflicts with lifetime_percentage.
    LifetimePercentage int
    The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Conflicts with days_before_expiry.
    daysBeforeExpiry Integer
    The number of days before the Certificate expires that the action associated with this Trigger should run. Conflicts with lifetime_percentage.
    lifetimePercentage Integer
    The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Conflicts with days_before_expiry.
    daysBeforeExpiry number
    The number of days before the Certificate expires that the action associated with this Trigger should run. Conflicts with lifetime_percentage.
    lifetimePercentage number
    The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Conflicts with days_before_expiry.
    days_before_expiry int
    The number of days before the Certificate expires that the action associated with this Trigger should run. Conflicts with lifetime_percentage.
    lifetime_percentage int
    The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Conflicts with days_before_expiry.
    daysBeforeExpiry Number
    The number of days before the Certificate expires that the action associated with this Trigger should run. Conflicts with lifetime_percentage.
    lifetimePercentage Number
    The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Conflicts with days_before_expiry.

    CertifiateCertificatePolicySecretProperties, CertifiateCertificatePolicySecretPropertiesArgs

    ContentType string
    The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.
    ContentType string
    The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.
    contentType String
    The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.
    contentType string
    The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.
    content_type str
    The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.
    contentType String
    The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.

    CertifiateCertificatePolicyX509CertificateProperties, CertifiateCertificatePolicyX509CertificatePropertiesArgs

    KeyUsages List<string>
    A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive.
    Subject string
    The Certificate's Subject.
    ValidityInMonths int
    The Certificates Validity Period in Months.
    ExtendedKeyUsages List<string>
    A list of Extended/Enhanced Key Usages.
    SubjectAlternativeNames CertifiateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames
    A subject_alternative_names block as defined below.
    KeyUsages []string
    A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive.
    Subject string
    The Certificate's Subject.
    ValidityInMonths int
    The Certificates Validity Period in Months.
    ExtendedKeyUsages []string
    A list of Extended/Enhanced Key Usages.
    SubjectAlternativeNames CertifiateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames
    A subject_alternative_names block as defined below.
    keyUsages List<String>
    A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive.
    subject String
    The Certificate's Subject.
    validityInMonths Integer
    The Certificates Validity Period in Months.
    extendedKeyUsages List<String>
    A list of Extended/Enhanced Key Usages.
    subjectAlternativeNames CertifiateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames
    A subject_alternative_names block as defined below.
    keyUsages string[]
    A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive.
    subject string
    The Certificate's Subject.
    validityInMonths number
    The Certificates Validity Period in Months.
    extendedKeyUsages string[]
    A list of Extended/Enhanced Key Usages.
    subjectAlternativeNames CertifiateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames
    A subject_alternative_names block as defined below.
    key_usages Sequence[str]
    A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive.
    subject str
    The Certificate's Subject.
    validity_in_months int
    The Certificates Validity Period in Months.
    extended_key_usages Sequence[str]
    A list of Extended/Enhanced Key Usages.
    subject_alternative_names CertifiateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames
    A subject_alternative_names block as defined below.
    keyUsages List<String>
    A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive.
    subject String
    The Certificate's Subject.
    validityInMonths Number
    The Certificates Validity Period in Months.
    extendedKeyUsages List<String>
    A list of Extended/Enhanced Key Usages.
    subjectAlternativeNames Property Map
    A subject_alternative_names block as defined below.

    CertifiateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames, CertifiateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs

    DnsNames List<string>
    A list of alternative DNS names (FQDNs) identified by the Certificate.
    Emails List<string>
    A list of email addresses identified by this Certificate.
    Upns List<string>
    A list of User Principal Names identified by the Certificate.
    DnsNames []string
    A list of alternative DNS names (FQDNs) identified by the Certificate.
    Emails []string
    A list of email addresses identified by this Certificate.
    Upns []string
    A list of User Principal Names identified by the Certificate.
    dnsNames List<String>
    A list of alternative DNS names (FQDNs) identified by the Certificate.
    emails List<String>
    A list of email addresses identified by this Certificate.
    upns List<String>
    A list of User Principal Names identified by the Certificate.
    dnsNames string[]
    A list of alternative DNS names (FQDNs) identified by the Certificate.
    emails string[]
    A list of email addresses identified by this Certificate.
    upns string[]
    A list of User Principal Names identified by the Certificate.
    dns_names Sequence[str]
    A list of alternative DNS names (FQDNs) identified by the Certificate.
    emails Sequence[str]
    A list of email addresses identified by this Certificate.
    upns Sequence[str]
    A list of User Principal Names identified by the Certificate.
    dnsNames List<String>
    A list of alternative DNS names (FQDNs) identified by the Certificate.
    emails List<String>
    A list of email addresses identified by this Certificate.
    upns List<String>
    A list of User Principal Names identified by the Certificate.

    Import

    Key Vault Certificates can be imported using the resource id, e.g.

    $ pulumi import azure:keyvault/certifiate:Certifiate example "https://example-keyvault.vault.azure.net/certificates/example/fdf067c93bbb4b22bff4d8b7a9a56217"
    

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azurerm Terraform Provider.
    azure logo

    We recommend using Azure Native.

    Azure Classic v5.70.0 published on Wednesday, Mar 27, 2024 by Pulumi