Azure Classic v5.43.0, May 6 23

azure.keyvault.Certifiate

Explore with Pulumi AI

Deprecated:

azure.keyvault.Certifiate has been deprecated in favor of azure.keyvault.Certificate

Manages a Key Vault Certificate.

Example Usage

Importing A PFX)

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

	private static string ReadFileBase64(string path) {
		return Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(File.ReadAllText(path)));
	}

return await Deployment.RunAsync(() => 
{
    var current = Azure.Core.GetClientConfig.Invoke();

    var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
    {
        Location = "West Europe",
    });

    var exampleKeyVault = new Azure.KeyVault.KeyVault("exampleKeyVault", new()
    {
        Location = exampleResourceGroup.Location,
        ResourceGroupName = exampleResourceGroup.Name,
        TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
        SkuName = "premium",
        AccessPolicies = new[]
        {
            new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
            {
                TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
                ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
                CertificatePermissions = new[]
                {
                    "Create",
                    "Delete",
                    "DeleteIssuers",
                    "Get",
                    "GetIssuers",
                    "Import",
                    "List",
                    "ListIssuers",
                    "ManageContacts",
                    "ManageIssuers",
                    "SetIssuers",
                    "Update",
                },
                KeyPermissions = new[]
                {
                    "Backup",
                    "Create",
                    "Decrypt",
                    "Delete",
                    "Encrypt",
                    "Get",
                    "Import",
                    "List",
                    "Purge",
                    "Recover",
                    "Restore",
                    "Sign",
                    "UnwrapKey",
                    "Update",
                    "Verify",
                    "WrapKey",
                },
                SecretPermissions = new[]
                {
                    "Backup",
                    "Delete",
                    "Get",
                    "List",
                    "Purge",
                    "Recover",
                    "Restore",
                    "Set",
                },
            },
        },
    });

    var exampleCertificate = new Azure.KeyVault.Certificate("exampleCertificate", new()
    {
        KeyVaultId = exampleKeyVault.Id,
        KeyVaultCertificate = new Azure.KeyVault.Inputs.CertificateCertificateArgs
        {
            Contents = ReadFileBase64("certificate-to-import.pfx"),
            Password = "",
        },
    });

});

package main

import (
	"encoding/base64"
	"os"

	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func filebase64OrPanic(path string) pulumi.StringPtrInput {
	if fileData, err := os.ReadFile(path); err == nil {
		return pulumi.String(base64.StdEncoding.EncodeToString(fileData[:]))
	} else {
		panic(err.Error())
	}
}

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleKeyVault, err := keyvault.NewKeyVault(ctx, "exampleKeyVault", &keyvault.KeyVaultArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			TenantId:          *pulumi.String(current.TenantId),
			SkuName:           pulumi.String("premium"),
			AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
				&keyvault.KeyVaultAccessPolicyArgs{
					TenantId: *pulumi.String(current.TenantId),
					ObjectId: *pulumi.String(current.ObjectId),
					CertificatePermissions: pulumi.StringArray{
						pulumi.String("Create"),
						pulumi.String("Delete"),
						pulumi.String("DeleteIssuers"),
						pulumi.String("Get"),
						pulumi.String("GetIssuers"),
						pulumi.String("Import"),
						pulumi.String("List"),
						pulumi.String("ListIssuers"),
						pulumi.String("ManageContacts"),
						pulumi.String("ManageIssuers"),
						pulumi.String("SetIssuers"),
						pulumi.String("Update"),
					},
					KeyPermissions: pulumi.StringArray{
						pulumi.String("Backup"),
						pulumi.String("Create"),
						pulumi.String("Decrypt"),
						pulumi.String("Delete"),
						pulumi.String("Encrypt"),
						pulumi.String("Get"),
						pulumi.String("Import"),
						pulumi.String("List"),
						pulumi.String("Purge"),
						pulumi.String("Recover"),
						pulumi.String("Restore"),
						pulumi.String("Sign"),
						pulumi.String("UnwrapKey"),
						pulumi.String("Update"),
						pulumi.String("Verify"),
						pulumi.String("WrapKey"),
					},
					SecretPermissions: pulumi.StringArray{
						pulumi.String("Backup"),
						pulumi.String("Delete"),
						pulumi.String("Get"),
						pulumi.String("List"),
						pulumi.String("Purge"),
						pulumi.String("Recover"),
						pulumi.String("Restore"),
						pulumi.String("Set"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = keyvault.NewCertificate(ctx, "exampleCertificate", &keyvault.CertificateArgs{
			KeyVaultId: exampleKeyVault.ID(),
			Certificate: &keyvault.CertificateCertificateArgs{
				Contents: filebase64OrPanic("certificate-to-import.pfx"),
				Password: pulumi.String(""),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
import com.pulumi.azure.keyvault.Certificate;
import com.pulumi.azure.keyvault.CertificateArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var current = CoreFunctions.getClientConfig();

        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()        
            .location("West Europe")
            .build());

        var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()        
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .skuName("premium")
            .accessPolicies(KeyVaultAccessPolicyArgs.builder()
                .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
                .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
                .certificatePermissions(                
                    "Create",
                    "Delete",
                    "DeleteIssuers",
                    "Get",
                    "GetIssuers",
                    "Import",
                    "List",
                    "ListIssuers",
                    "ManageContacts",
                    "ManageIssuers",
                    "SetIssuers",
                    "Update")
                .keyPermissions(                
                    "Backup",
                    "Create",
                    "Decrypt",
                    "Delete",
                    "Encrypt",
                    "Get",
                    "Import",
                    "List",
                    "Purge",
                    "Recover",
                    "Restore",
                    "Sign",
                    "UnwrapKey",
                    "Update",
                    "Verify",
                    "WrapKey")
                .secretPermissions(                
                    "Backup",
                    "Delete",
                    "Get",
                    "List",
                    "Purge",
                    "Recover",
                    "Restore",
                    "Set")
                .build())
            .build());

        var exampleCertificate = new Certificate("exampleCertificate", CertificateArgs.builder()        
            .keyVaultId(exampleKeyVault.id())
            .certificate(CertificateCertificateArgs.builder()
                .contents(Base64.getEncoder().encodeToString(Files.readAllBytes(Paths.get("certificate-to-import.pfx"))))
                .password("")
                .build())
            .build());

    }
}

import pulumi
import base64
import pulumi_azure as azure

current = azure.core.get_client_config()
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_key_vault = azure.keyvault.KeyVault("exampleKeyVault",
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name,
    tenant_id=current.tenant_id,
    sku_name="premium",
    access_policies=[azure.keyvault.KeyVaultAccessPolicyArgs(
        tenant_id=current.tenant_id,
        object_id=current.object_id,
        certificate_permissions=[
            "Create",
            "Delete",
            "DeleteIssuers",
            "Get",
            "GetIssuers",
            "Import",
            "List",
            "ListIssuers",
            "ManageContacts",
            "ManageIssuers",
            "SetIssuers",
            "Update",
        ],
        key_permissions=[
            "Backup",
            "Create",
            "Decrypt",
            "Delete",
            "Encrypt",
            "Get",
            "Import",
            "List",
            "Purge",
            "Recover",
            "Restore",
            "Sign",
            "UnwrapKey",
            "Update",
            "Verify",
            "WrapKey",
        ],
        secret_permissions=[
            "Backup",
            "Delete",
            "Get",
            "List",
            "Purge",
            "Recover",
            "Restore",
            "Set",
        ],
    )])
example_certificate = azure.keyvault.Certificate("exampleCertificate",
    key_vault_id=example_key_vault.id,
    certificate=azure.keyvault.CertificateCertificateArgs(
        contents=(lambda path: base64.b64encode(open(path).read().encode()).decode())("certificate-to-import.pfx"),
        password="",
    ))

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as fs from "fs";

const current = azure.core.getClientConfig({});
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleKeyVault = new azure.keyvault.KeyVault("exampleKeyVault", {
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
    tenantId: current.then(current => current.tenantId),
    skuName: "premium",
    accessPolicies: [{
        tenantId: current.then(current => current.tenantId),
        objectId: current.then(current => current.objectId),
        certificatePermissions: [
            "Create",
            "Delete",
            "DeleteIssuers",
            "Get",
            "GetIssuers",
            "Import",
            "List",
            "ListIssuers",
            "ManageContacts",
            "ManageIssuers",
            "SetIssuers",
            "Update",
        ],
        keyPermissions: [
            "Backup",
            "Create",
            "Decrypt",
            "Delete",
            "Encrypt",
            "Get",
            "Import",
            "List",
            "Purge",
            "Recover",
            "Restore",
            "Sign",
            "UnwrapKey",
            "Update",
            "Verify",
            "WrapKey",
        ],
        secretPermissions: [
            "Backup",
            "Delete",
            "Get",
            "List",
            "Purge",
            "Recover",
            "Restore",
            "Set",
        ],
    }],
});
const exampleCertificate = new azure.keyvault.Certificate("exampleCertificate", {
    keyVaultId: exampleKeyVault.id,
    certificate: {
        contents: Buffer.from(fs.readFileSync("certificate-to-import.pfx"), 'binary').toString('base64'),
        password: "",
    },
});

Coming soon!

Generating a new certificate

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var current = Azure.Core.GetClientConfig.Invoke();

    var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
    {
        Location = "West Europe",
    });

    var exampleKeyVault = new Azure.KeyVault.KeyVault("exampleKeyVault", new()
    {
        Location = exampleResourceGroup.Location,
        ResourceGroupName = exampleResourceGroup.Name,
        TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
        SkuName = "standard",
        SoftDeleteRetentionDays = 7,
        AccessPolicies = new[]
        {
            new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
            {
                TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
                ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
                CertificatePermissions = new[]
                {
                    "Create",
                    "Delete",
                    "DeleteIssuers",
                    "Get",
                    "GetIssuers",
                    "Import",
                    "List",
                    "ListIssuers",
                    "ManageContacts",
                    "ManageIssuers",
                    "Purge",
                    "SetIssuers",
                    "Update",
                },
                KeyPermissions = new[]
                {
                    "Backup",
                    "Create",
                    "Decrypt",
                    "Delete",
                    "Encrypt",
                    "Get",
                    "Import",
                    "List",
                    "Purge",
                    "Recover",
                    "Restore",
                    "Sign",
                    "UnwrapKey",
                    "Update",
                    "Verify",
                    "WrapKey",
                },
                SecretPermissions = new[]
                {
                    "Backup",
                    "Delete",
                    "Get",
                    "List",
                    "Purge",
                    "Recover",
                    "Restore",
                    "Set",
                },
            },
        },
    });

    var exampleCertificate = new Azure.KeyVault.Certificate("exampleCertificate", new()
    {
        KeyVaultId = exampleKeyVault.Id,
        CertificatePolicy = new Azure.KeyVault.Inputs.CertificateCertificatePolicyArgs
        {
            IssuerParameters = new Azure.KeyVault.Inputs.CertificateCertificatePolicyIssuerParametersArgs
            {
                Name = "Self",
            },
            KeyProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicyKeyPropertiesArgs
            {
                Exportable = true,
                KeySize = 2048,
                KeyType = "RSA",
                ReuseKey = true,
            },
            LifetimeActions = new[]
            {
                new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionArgs
                {
                    Action = new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionActionArgs
                    {
                        ActionType = "AutoRenew",
                    },
                    Trigger = new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionTriggerArgs
                    {
                        DaysBeforeExpiry = 30,
                    },
                },
            },
            SecretProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicySecretPropertiesArgs
            {
                ContentType = "application/x-pkcs12",
            },
            X509CertificateProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicyX509CertificatePropertiesArgs
            {
                ExtendedKeyUsages = new[]
                {
                    "1.3.6.1.5.5.7.3.1",
                },
                KeyUsages = new[]
                {
                    "cRLSign",
                    "dataEncipherment",
                    "digitalSignature",
                    "keyAgreement",
                    "keyCertSign",
                    "keyEncipherment",
                },
                SubjectAlternativeNames = new Azure.KeyVault.Inputs.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs
                {
                    DnsNames = new[]
                    {
                        "internal.contoso.com",
                        "domain.hello.world",
                    },
                },
                Subject = "CN=hello-world",
                ValidityInMonths = 12,
            },
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleKeyVault, err := keyvault.NewKeyVault(ctx, "exampleKeyVault", &keyvault.KeyVaultArgs{
			Location:                exampleResourceGroup.Location,
			ResourceGroupName:       exampleResourceGroup.Name,
			TenantId:                *pulumi.String(current.TenantId),
			SkuName:                 pulumi.String("standard"),
			SoftDeleteRetentionDays: pulumi.Int(7),
			AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
				&keyvault.KeyVaultAccessPolicyArgs{
					TenantId: *pulumi.String(current.TenantId),
					ObjectId: *pulumi.String(current.ObjectId),
					CertificatePermissions: pulumi.StringArray{
						pulumi.String("Create"),
						pulumi.String("Delete"),
						pulumi.String("DeleteIssuers"),
						pulumi.String("Get"),
						pulumi.String("GetIssuers"),
						pulumi.String("Import"),
						pulumi.String("List"),
						pulumi.String("ListIssuers"),
						pulumi.String("ManageContacts"),
						pulumi.String("ManageIssuers"),
						pulumi.String("Purge"),
						pulumi.String("SetIssuers"),
						pulumi.String("Update"),
					},
					KeyPermissions: pulumi.StringArray{
						pulumi.String("Backup"),
						pulumi.String("Create"),
						pulumi.String("Decrypt"),
						pulumi.String("Delete"),
						pulumi.String("Encrypt"),
						pulumi.String("Get"),
						pulumi.String("Import"),
						pulumi.String("List"),
						pulumi.String("Purge"),
						pulumi.String("Recover"),
						pulumi.String("Restore"),
						pulumi.String("Sign"),
						pulumi.String("UnwrapKey"),
						pulumi.String("Update"),
						pulumi.String("Verify"),
						pulumi.String("WrapKey"),
					},
					SecretPermissions: pulumi.StringArray{
						pulumi.String("Backup"),
						pulumi.String("Delete"),
						pulumi.String("Get"),
						pulumi.String("List"),
						pulumi.String("Purge"),
						pulumi.String("Recover"),
						pulumi.String("Restore"),
						pulumi.String("Set"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = keyvault.NewCertificate(ctx, "exampleCertificate", &keyvault.CertificateArgs{
			KeyVaultId: exampleKeyVault.ID(),
			CertificatePolicy: &keyvault.CertificateCertificatePolicyArgs{
				IssuerParameters: &keyvault.CertificateCertificatePolicyIssuerParametersArgs{
					Name: pulumi.String("Self"),
				},
				KeyProperties: &keyvault.CertificateCertificatePolicyKeyPropertiesArgs{
					Exportable: pulumi.Bool(true),
					KeySize:    pulumi.Int(2048),
					KeyType:    pulumi.String("RSA"),
					ReuseKey:   pulumi.Bool(true),
				},
				LifetimeActions: keyvault.CertificateCertificatePolicyLifetimeActionArray{
					&keyvault.CertificateCertificatePolicyLifetimeActionArgs{
						Action: &keyvault.CertificateCertificatePolicyLifetimeActionActionArgs{
							ActionType: pulumi.String("AutoRenew"),
						},
						Trigger: &keyvault.CertificateCertificatePolicyLifetimeActionTriggerArgs{
							DaysBeforeExpiry: pulumi.Int(30),
						},
					},
				},
				SecretProperties: &keyvault.CertificateCertificatePolicySecretPropertiesArgs{
					ContentType: pulumi.String("application/x-pkcs12"),
				},
				X509CertificateProperties: &keyvault.CertificateCertificatePolicyX509CertificatePropertiesArgs{
					ExtendedKeyUsages: pulumi.StringArray{
						pulumi.String("1.3.6.1.5.5.7.3.1"),
					},
					KeyUsages: pulumi.StringArray{
						pulumi.String("cRLSign"),
						pulumi.String("dataEncipherment"),
						pulumi.String("digitalSignature"),
						pulumi.String("keyAgreement"),
						pulumi.String("keyCertSign"),
						pulumi.String("keyEncipherment"),
					},
					SubjectAlternativeNames: &keyvault.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs{
						DnsNames: pulumi.StringArray{
							pulumi.String("internal.contoso.com"),
							pulumi.String("domain.hello.world"),
						},
					},
					Subject:          pulumi.String("CN=hello-world"),
					ValidityInMonths: pulumi.Int(12),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
import com.pulumi.azure.keyvault.Certificate;
import com.pulumi.azure.keyvault.CertificateArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyIssuerParametersArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyKeyPropertiesArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicySecretPropertiesArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyX509CertificatePropertiesArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var current = CoreFunctions.getClientConfig();

        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()        
            .location("West Europe")
            .build());

        var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()        
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .skuName("standard")
            .softDeleteRetentionDays(7)
            .accessPolicies(KeyVaultAccessPolicyArgs.builder()
                .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
                .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
                .certificatePermissions(                
                    "Create",
                    "Delete",
                    "DeleteIssuers",
                    "Get",
                    "GetIssuers",
                    "Import",
                    "List",
                    "ListIssuers",
                    "ManageContacts",
                    "ManageIssuers",
                    "Purge",
                    "SetIssuers",
                    "Update")
                .keyPermissions(                
                    "Backup",
                    "Create",
                    "Decrypt",
                    "Delete",
                    "Encrypt",
                    "Get",
                    "Import",
                    "List",
                    "Purge",
                    "Recover",
                    "Restore",
                    "Sign",
                    "UnwrapKey",
                    "Update",
                    "Verify",
                    "WrapKey")
                .secretPermissions(                
                    "Backup",
                    "Delete",
                    "Get",
                    "List",
                    "Purge",
                    "Recover",
                    "Restore",
                    "Set")
                .build())
            .build());

        var exampleCertificate = new Certificate("exampleCertificate", CertificateArgs.builder()        
            .keyVaultId(exampleKeyVault.id())
            .certificatePolicy(CertificateCertificatePolicyArgs.builder()
                .issuerParameters(CertificateCertificatePolicyIssuerParametersArgs.builder()
                    .name("Self")
                    .build())
                .keyProperties(CertificateCertificatePolicyKeyPropertiesArgs.builder()
                    .exportable(true)
                    .keySize(2048)
                    .keyType("RSA")
                    .reuseKey(true)
                    .build())
                .lifetimeActions(CertificateCertificatePolicyLifetimeActionArgs.builder()
                    .action(CertificateCertificatePolicyLifetimeActionActionArgs.builder()
                        .actionType("AutoRenew")
                        .build())
                    .trigger(CertificateCertificatePolicyLifetimeActionTriggerArgs.builder()
                        .daysBeforeExpiry(30)
                        .build())
                    .build())
                .secretProperties(CertificateCertificatePolicySecretPropertiesArgs.builder()
                    .contentType("application/x-pkcs12")
                    .build())
                .x509CertificateProperties(CertificateCertificatePolicyX509CertificatePropertiesArgs.builder()
                    .extendedKeyUsages("1.3.6.1.5.5.7.3.1")
                    .keyUsages(                    
                        "cRLSign",
                        "dataEncipherment",
                        "digitalSignature",
                        "keyAgreement",
                        "keyCertSign",
                        "keyEncipherment")
                    .subjectAlternativeNames(CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs.builder()
                        .dnsNames(                        
                            "internal.contoso.com",
                            "domain.hello.world")
                        .build())
                    .subject("CN=hello-world")
                    .validityInMonths(12)
                    .build())
                .build())
            .build());

    }
}

import pulumi
import pulumi_azure as azure

current = azure.core.get_client_config()
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_key_vault = azure.keyvault.KeyVault("exampleKeyVault",
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name,
    tenant_id=current.tenant_id,
    sku_name="standard",
    soft_delete_retention_days=7,
    access_policies=[azure.keyvault.KeyVaultAccessPolicyArgs(
        tenant_id=current.tenant_id,
        object_id=current.object_id,
        certificate_permissions=[
            "Create",
            "Delete",
            "DeleteIssuers",
            "Get",
            "GetIssuers",
            "Import",
            "List",
            "ListIssuers",
            "ManageContacts",
            "ManageIssuers",
            "Purge",
            "SetIssuers",
            "Update",
        ],
        key_permissions=[
            "Backup",
            "Create",
            "Decrypt",
            "Delete",
            "Encrypt",
            "Get",
            "Import",
            "List",
            "Purge",
            "Recover",
            "Restore",
            "Sign",
            "UnwrapKey",
            "Update",
            "Verify",
            "WrapKey",
        ],
        secret_permissions=[
            "Backup",
            "Delete",
            "Get",
            "List",
            "Purge",
            "Recover",
            "Restore",
            "Set",
        ],
    )])
example_certificate = azure.keyvault.Certificate("exampleCertificate",
    key_vault_id=example_key_vault.id,
    certificate_policy=azure.keyvault.CertificateCertificatePolicyArgs(
        issuer_parameters=azure.keyvault.CertificateCertificatePolicyIssuerParametersArgs(
            name="Self",
        ),
        key_properties=azure.keyvault.CertificateCertificatePolicyKeyPropertiesArgs(
            exportable=True,
            key_size=2048,
            key_type="RSA",
            reuse_key=True,
        ),
        lifetime_actions=[azure.keyvault.CertificateCertificatePolicyLifetimeActionArgs(
            action=azure.keyvault.CertificateCertificatePolicyLifetimeActionActionArgs(
                action_type="AutoRenew",
            ),
            trigger=azure.keyvault.CertificateCertificatePolicyLifetimeActionTriggerArgs(
                days_before_expiry=30,
            ),
        )],
        secret_properties=azure.keyvault.CertificateCertificatePolicySecretPropertiesArgs(
            content_type="application/x-pkcs12",
        ),
        x509_certificate_properties=azure.keyvault.CertificateCertificatePolicyX509CertificatePropertiesArgs(
            extended_key_usages=["1.3.6.1.5.5.7.3.1"],
            key_usages=[
                "cRLSign",
                "dataEncipherment",
                "digitalSignature",
                "keyAgreement",
                "keyCertSign",
                "keyEncipherment",
            ],
            subject_alternative_names=azure.keyvault.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs(
                dns_names=[
                    "internal.contoso.com",
                    "domain.hello.world",
                ],
            ),
            subject="CN=hello-world",
            validity_in_months=12,
        ),
    ))

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const current = azure.core.getClientConfig({});
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleKeyVault = new azure.keyvault.KeyVault("exampleKeyVault", {
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
    tenantId: current.then(current => current.tenantId),
    skuName: "standard",
    softDeleteRetentionDays: 7,
    accessPolicies: [{
        tenantId: current.then(current => current.tenantId),
        objectId: current.then(current => current.objectId),
        certificatePermissions: [
            "Create",
            "Delete",
            "DeleteIssuers",
            "Get",
            "GetIssuers",
            "Import",
            "List",
            "ListIssuers",
            "ManageContacts",
            "ManageIssuers",
            "Purge",
            "SetIssuers",
            "Update",
        ],
        keyPermissions: [
            "Backup",
            "Create",
            "Decrypt",
            "Delete",
            "Encrypt",
            "Get",
            "Import",
            "List",
            "Purge",
            "Recover",
            "Restore",
            "Sign",
            "UnwrapKey",
            "Update",
            "Verify",
            "WrapKey",
        ],
        secretPermissions: [
            "Backup",
            "Delete",
            "Get",
            "List",
            "Purge",
            "Recover",
            "Restore",
            "Set",
        ],
    }],
});
const exampleCertificate = new azure.keyvault.Certificate("exampleCertificate", {
    keyVaultId: exampleKeyVault.id,
    certificatePolicy: {
        issuerParameters: {
            name: "Self",
        },
        keyProperties: {
            exportable: true,
            keySize: 2048,
            keyType: "RSA",
            reuseKey: true,
        },
        lifetimeActions: [{
            action: {
                actionType: "AutoRenew",
            },
            trigger: {
                daysBeforeExpiry: 30,
            },
        }],
        secretProperties: {
            contentType: "application/x-pkcs12",
        },
        x509CertificateProperties: {
            extendedKeyUsages: ["1.3.6.1.5.5.7.3.1"],
            keyUsages: [
                "cRLSign",
                "dataEncipherment",
                "digitalSignature",
                "keyAgreement",
                "keyCertSign",
                "keyEncipherment",
            ],
            subjectAlternativeNames: {
                dnsNames: [
                    "internal.contoso.com",
                    "domain.hello.world",
                ],
            },
            subject: "CN=hello-world",
            validityInMonths: 12,
        },
    },
});

resources:
  exampleResourceGroup:
    type: azure:core:ResourceGroup
    properties:
      location: West Europe
  exampleKeyVault:
    type: azure:keyvault:KeyVault
    properties:
      location: ${exampleResourceGroup.location}
      resourceGroupName: ${exampleResourceGroup.name}
      tenantId: ${current.tenantId}
      skuName: standard
      softDeleteRetentionDays: 7
      accessPolicies:
        - tenantId: ${current.tenantId}
          objectId: ${current.objectId}
          certificatePermissions:
            - Create
            - Delete
            - DeleteIssuers
            - Get
            - GetIssuers
            - Import
            - List
            - ListIssuers
            - ManageContacts
            - ManageIssuers
            - Purge
            - SetIssuers
            - Update
          keyPermissions:
            - Backup
            - Create
            - Decrypt
            - Delete
            - Encrypt
            - Get
            - Import
            - List
            - Purge
            - Recover
            - Restore
            - Sign
            - UnwrapKey
            - Update
            - Verify
            - WrapKey
          secretPermissions:
            - Backup
            - Delete
            - Get
            - List
            - Purge
            - Recover
            - Restore
            - Set
  exampleCertificate:
    type: azure:keyvault:Certificate
    properties:
      keyVaultId: ${exampleKeyVault.id}
      certificatePolicy:
        issuerParameters:
          name: Self
        keyProperties:
          exportable: true
          keySize: 2048
          keyType: RSA
          reuseKey: true
        lifetimeActions:
          - action:
              actionType: AutoRenew
            trigger:
              daysBeforeExpiry: 30
        secretProperties:
          contentType: application/x-pkcs12
        x509CertificateProperties:
          extendedKeyUsages:
            - 1.3.6.1.5.5.7.3.1
          keyUsages:
            - cRLSign
            - dataEncipherment
            - digitalSignature
            - keyAgreement
            - keyCertSign
            - keyEncipherment
          subjectAlternativeNames:
            dnsNames:
              - internal.contoso.com
              - domain.hello.world
          subject: CN=hello-world
          validityInMonths: 12
variables:
  current:
    fn::invoke:
      Function: azure:core:getClientConfig
      Arguments: {}

Create Certifiate Resource

new Certifiate(name: string, args: CertifiateArgs, opts?: CustomResourceOptions);

@overload
def Certifiate(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               certificate: Optional[CertifiateCertificateArgs] = None,
               certificate_policy: Optional[CertifiateCertificatePolicyArgs] = None,
               key_vault_id: Optional[str] = None,
               name: Optional[str] = None,
               tags: Optional[Mapping[str, str]] = None)
@overload
def Certifiate(resource_name: str,
               args: CertifiateArgs,
               opts: Optional[ResourceOptions] = None)

func NewCertifiate(ctx *Context, name string, args CertifiateArgs, opts ...ResourceOption) (*Certifiate, error)

public Certifiate(string name, CertifiateArgs args, CustomResourceOptions? opts = null)

public Certifiate(String name, CertifiateArgs args)
public Certifiate(String name, CertifiateArgs args, CustomResourceOptions options)

type: azure:keyvault:Certifiate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CertifiateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args CertifiateArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args CertifiateArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CertifiateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args CertifiateArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Certifiate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Certifiate resource accepts the following input properties:

KeyVaultId string: The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
CertificatePolicy CertifiateCertificatePolicyArgs: A certificate_policy block as defined below. Changing this forces a new resource to be created.
KeyVaultCertificate CertifiateCertificateArgs: A certificate block as defined below, used to Import an existing certificate.
Name string: Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource.

KeyVaultId string: The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
Certificate CertifiateCertificateArgs: A certificate block as defined below, used to Import an existing certificate.
CertificatePolicy CertifiateCertificatePolicyArgs: A certificate_policy block as defined below. Changing this forces a new resource to be created.
Name string: Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
Tags map[string]string: A mapping of tags to assign to the resource.

keyVaultId String: The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
certificate CertifiateCertificateArgs: A certificate block as defined below, used to Import an existing certificate.
certificatePolicy CertifiateCertificatePolicyArgs: A certificate_policy block as defined below. Changing this forces a new resource to be created.
name String: Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
tags Map<String,String>: A mapping of tags to assign to the resource.

keyVaultId string: The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
certificate CertifiateCertificateArgs: A certificate block as defined below, used to Import an existing certificate.
certificatePolicy CertifiateCertificatePolicyArgs: A certificate_policy block as defined below. Changing this forces a new resource to be created.
name string: Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
tags {[key: string]: string}: A mapping of tags to assign to the resource.

key_vault_id str: The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
certificate CertifiateCertificateArgs: A certificate block as defined below, used to Import an existing certificate.
certificate_policy CertifiateCertificatePolicyArgs: A certificate_policy block as defined below. Changing this forces a new resource to be created.
name str: Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
tags Mapping[str, str]: A mapping of tags to assign to the resource.

keyVaultId String: The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
certificate Property Map: A certificate block as defined below, used to Import an existing certificate.
certificatePolicy Property Map: A certificate_policy block as defined below. Changing this forces a new resource to be created.
name String: Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
tags Map<String>: A mapping of tags to assign to the resource.

Outputs

All input properties are implicitly available as output properties. Additionally, the Certifiate resource produces the following output properties:

CertificateAttributes List<CertifiateCertificateAttribute>: A certificate_attribute block as defined below.
CertificateData string: The raw Key Vault Certificate data represented as a hexadecimal string.
CertificateDataBase64 string: The Base64 encoded Key Vault Certificate data.
Id string: The provider-assigned unique ID for this managed resource.
ResourceManagerId string: The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
ResourceManagerVersionlessId string: The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
SecretId string: The ID of the associated Key Vault Secret.
Thumbprint string: The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
Version string: The current version of the Key Vault Certificate.
VersionlessId string: The Base ID of the Key Vault Certificate.
VersionlessSecretId string: The Base ID of the Key Vault Secret.

CertificateAttributes []CertifiateCertificateAttribute: A certificate_attribute block as defined below.
CertificateData string: The raw Key Vault Certificate data represented as a hexadecimal string.
CertificateDataBase64 string: The Base64 encoded Key Vault Certificate data.
Id string: The provider-assigned unique ID for this managed resource.
ResourceManagerId string: The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
ResourceManagerVersionlessId string: The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
SecretId string: The ID of the associated Key Vault Secret.
Thumbprint string: The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
Version string: The current version of the Key Vault Certificate.
VersionlessId string: The Base ID of the Key Vault Certificate.
VersionlessSecretId string: The Base ID of the Key Vault Secret.

certificateAttributes List<CertifiateCertificateAttribute>: A certificate_attribute block as defined below.
certificateData String: The raw Key Vault Certificate data represented as a hexadecimal string.
certificateDataBase64 String: The Base64 encoded Key Vault Certificate data.
id String: The provider-assigned unique ID for this managed resource.
resourceManagerId String: The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
resourceManagerVersionlessId String: The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
secretId String: The ID of the associated Key Vault Secret.
thumbprint String: The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
version String: The current version of the Key Vault Certificate.
versionlessId String: The Base ID of the Key Vault Certificate.
versionlessSecretId String: The Base ID of the Key Vault Secret.

certificateAttributes CertifiateCertificateAttribute[]: A certificate_attribute block as defined below.
certificateData string: The raw Key Vault Certificate data represented as a hexadecimal string.
certificateDataBase64 string: The Base64 encoded Key Vault Certificate data.
id string: The provider-assigned unique ID for this managed resource.
resourceManagerId string: The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
resourceManagerVersionlessId string: The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
secretId string: The ID of the associated Key Vault Secret.
thumbprint string: The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
version string: The current version of the Key Vault Certificate.
versionlessId string: The Base ID of the Key Vault Certificate.
versionlessSecretId string: The Base ID of the Key Vault Secret.

certificate_attributes Sequence[CertifiateCertificateAttribute]: A certificate_attribute block as defined below.
certificate_data str: The raw Key Vault Certificate data represented as a hexadecimal string.
certificate_data_base64 str: The Base64 encoded Key Vault Certificate data.
id str: The provider-assigned unique ID for this managed resource.
resource_manager_id str: The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
resource_manager_versionless_id str: The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
secret_id str: The ID of the associated Key Vault Secret.
thumbprint str: The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
version str: The current version of the Key Vault Certificate.
versionless_id str: The Base ID of the Key Vault Certificate.
versionless_secret_id str: The Base ID of the Key Vault Secret.

certificateAttributes List<Property Map>: A certificate_attribute block as defined below.
certificateData String: The raw Key Vault Certificate data represented as a hexadecimal string.
certificateDataBase64 String: The Base64 encoded Key Vault Certificate data.
id String: The provider-assigned unique ID for this managed resource.
resourceManagerId String: The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
resourceManagerVersionlessId String: The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
secretId String: The ID of the associated Key Vault Secret.
thumbprint String: The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
version String: The current version of the Key Vault Certificate.
versionlessId String: The Base ID of the Key Vault Certificate.
versionlessSecretId String: The Base ID of the Key Vault Secret.

Look up Existing Certifiate Resource

Get an existing Certifiate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CertifiateState, opts?: CustomResourceOptions): Certifiate

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        certificate: Optional[CertifiateCertificateArgs] = None,
        certificate_attributes: Optional[Sequence[CertifiateCertificateAttributeArgs]] = None,
        certificate_data: Optional[str] = None,
        certificate_data_base64: Optional[str] = None,
        certificate_policy: Optional[CertifiateCertificatePolicyArgs] = None,
        key_vault_id: Optional[str] = None,
        name: Optional[str] = None,
        resource_manager_id: Optional[str] = None,
        resource_manager_versionless_id: Optional[str] = None,
        secret_id: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        thumbprint: Optional[str] = None,
        version: Optional[str] = None,
        versionless_id: Optional[str] = None,
        versionless_secret_id: Optional[str] = None) -> Certifiate

func GetCertifiate(ctx *Context, name string, id IDInput, state *CertifiateState, opts ...ResourceOption) (*Certifiate, error)

public static Certifiate Get(string name, Input<string> id, CertifiateState? state, CustomResourceOptions? opts = null)

public static Certifiate get(String name, Output<String> id, CertifiateState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

CertificateAttributes List<CertifiateCertificateAttributeArgs>: A certificate_attribute block as defined below.
CertificateData string: The raw Key Vault Certificate data represented as a hexadecimal string.
CertificateDataBase64 string: The Base64 encoded Key Vault Certificate data.
CertificatePolicy CertifiateCertificatePolicyArgs: A certificate_policy block as defined below. Changing this forces a new resource to be created.
KeyVaultCertificate CertifiateCertificateArgs: A certificate block as defined below, used to Import an existing certificate.
KeyVaultId string: The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
Name string: Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
ResourceManagerId string: The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
ResourceManagerVersionlessId string: The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
SecretId string: The ID of the associated Key Vault Secret.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource.
Thumbprint string: The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
Version string: The current version of the Key Vault Certificate.
VersionlessId string: The Base ID of the Key Vault Certificate.
VersionlessSecretId string: The Base ID of the Key Vault Secret.

Certificate CertifiateCertificateArgs: A certificate block as defined below, used to Import an existing certificate.
CertificateAttributes []CertifiateCertificateAttributeArgs: A certificate_attribute block as defined below.
CertificateData string: The raw Key Vault Certificate data represented as a hexadecimal string.
CertificateDataBase64 string: The Base64 encoded Key Vault Certificate data.
CertificatePolicy CertifiateCertificatePolicyArgs: A certificate_policy block as defined below. Changing this forces a new resource to be created.
KeyVaultId string: The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
Name string: Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
ResourceManagerId string: The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
ResourceManagerVersionlessId string: The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
SecretId string: The ID of the associated Key Vault Secret.
Tags map[string]string: A mapping of tags to assign to the resource.
Thumbprint string: The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
Version string: The current version of the Key Vault Certificate.
VersionlessId string: The Base ID of the Key Vault Certificate.
VersionlessSecretId string: The Base ID of the Key Vault Secret.

certificate CertifiateCertificateArgs: A certificate block as defined below, used to Import an existing certificate.
certificateAttributes List<CertifiateCertificateAttributeArgs>: A certificate_attribute block as defined below.
certificateData String: The raw Key Vault Certificate data represented as a hexadecimal string.
certificateDataBase64 String: The Base64 encoded Key Vault Certificate data.
certificatePolicy CertifiateCertificatePolicyArgs: A certificate_policy block as defined below. Changing this forces a new resource to be created.
keyVaultId String: The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
name String: Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
resourceManagerId String: The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
resourceManagerVersionlessId String: The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
secretId String: The ID of the associated Key Vault Secret.
tags Map<String,String>: A mapping of tags to assign to the resource.
thumbprint String: The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
version String: The current version of the Key Vault Certificate.
versionlessId String: The Base ID of the Key Vault Certificate.
versionlessSecretId String: The Base ID of the Key Vault Secret.

certificate CertifiateCertificateArgs: A certificate block as defined below, used to Import an existing certificate.
certificateAttributes CertifiateCertificateAttributeArgs[]: A certificate_attribute block as defined below.
certificateData string: The raw Key Vault Certificate data represented as a hexadecimal string.
certificateDataBase64 string: The Base64 encoded Key Vault Certificate data.
certificatePolicy CertifiateCertificatePolicyArgs: A certificate_policy block as defined below. Changing this forces a new resource to be created.
keyVaultId string: The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
name string: Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
resourceManagerId string: The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
resourceManagerVersionlessId string: The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
secretId string: The ID of the associated Key Vault Secret.
tags {[key: string]: string}: A mapping of tags to assign to the resource.
thumbprint string: The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
version string: The current version of the Key Vault Certificate.
versionlessId string: The Base ID of the Key Vault Certificate.
versionlessSecretId string: The Base ID of the Key Vault Secret.

certificate CertifiateCertificateArgs: A certificate block as defined below, used to Import an existing certificate.
certificate_attributes Sequence[CertifiateCertificateAttributeArgs]: A certificate_attribute block as defined below.
certificate_data str: The raw Key Vault Certificate data represented as a hexadecimal string.
certificate_data_base64 str: The Base64 encoded Key Vault Certificate data.
certificate_policy CertifiateCertificatePolicyArgs: A certificate_policy block as defined below. Changing this forces a new resource to be created.
key_vault_id str: The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
name str: Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
resource_manager_id str: The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
resource_manager_versionless_id str: The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
secret_id str: The ID of the associated Key Vault Secret.
tags Mapping[str, str]: A mapping of tags to assign to the resource.
thumbprint str: The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
version str: The current version of the Key Vault Certificate.
versionless_id str: The Base ID of the Key Vault Certificate.
versionless_secret_id str: The Base ID of the Key Vault Secret.

certificate Property Map: A certificate block as defined below, used to Import an existing certificate.
certificateAttributes List<Property Map>: A certificate_attribute block as defined below.
certificateData String: The raw Key Vault Certificate data represented as a hexadecimal string.
certificateDataBase64 String: The Base64 encoded Key Vault Certificate data.
certificatePolicy Property Map: A certificate_policy block as defined below. Changing this forces a new resource to be created.
keyVaultId String: The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
name String: Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
resourceManagerId String: The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
resourceManagerVersionlessId String: The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
secretId String: The ID of the associated Key Vault Secret.
tags Map<String>: A mapping of tags to assign to the resource.
thumbprint String: The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
version String: The current version of the Key Vault Certificate.
versionlessId String: The Base ID of the Key Vault Certificate.
versionlessSecretId String: The Base ID of the Key Vault Secret.

Supporting Types

CertifiateCertificate

Contents string: The base64-encoded certificate contents.
Password string: The password associated with the certificate.

Contents string: The base64-encoded certificate contents.
Password string: The password associated with the certificate.

contents String: The base64-encoded certificate contents.
password String: The password associated with the certificate.

contents string: The base64-encoded certificate contents.
password string: The password associated with the certificate.

contents str: The base64-encoded certificate contents.
password str: The password associated with the certificate.

contents String: The base64-encoded certificate contents.
password String: The password associated with the certificate.

CertifiateCertificateAttribute

Created string: The create time of the Key Vault Certificate.
Enabled bool: whether the Key Vault Certificate is enabled.
Expires string: The expires time of the Key Vault Certificate.
NotBefore string: The not before valid time of the Key Vault Certificate.
RecoveryLevel string: The deletion recovery level of the Key Vault Certificate.
Updated string: The recent update time of the Key Vault Certificate.

Created string: The create time of the Key Vault Certificate.
Enabled bool: whether the Key Vault Certificate is enabled.
Expires string: The expires time of the Key Vault Certificate.
NotBefore string: The not before valid time of the Key Vault Certificate.
RecoveryLevel string: The deletion recovery level of the Key Vault Certificate.
Updated string: The recent update time of the Key Vault Certificate.

created String: The create time of the Key Vault Certificate.
enabled Boolean: whether the Key Vault Certificate is enabled.
expires String: The expires time of the Key Vault Certificate.
notBefore String: The not before valid time of the Key Vault Certificate.
recoveryLevel String: The deletion recovery level of the Key Vault Certificate.
updated String: The recent update time of the Key Vault Certificate.

created string: The create time of the Key Vault Certificate.
enabled boolean: whether the Key Vault Certificate is enabled.
expires string: The expires time of the Key Vault Certificate.
notBefore string: The not before valid time of the Key Vault Certificate.
recoveryLevel string: The deletion recovery level of the Key Vault Certificate.
updated string: The recent update time of the Key Vault Certificate.

created str: The create time of the Key Vault Certificate.
enabled bool: whether the Key Vault Certificate is enabled.
expires str: The expires time of the Key Vault Certificate.
not_before str: The not before valid time of the Key Vault Certificate.
recovery_level str: The deletion recovery level of the Key Vault Certificate.
updated str: The recent update time of the Key Vault Certificate.

created String: The create time of the Key Vault Certificate.
enabled Boolean: whether the Key Vault Certificate is enabled.
expires String: The expires time of the Key Vault Certificate.
notBefore String: The not before valid time of the Key Vault Certificate.
recoveryLevel String: The deletion recovery level of the Key Vault Certificate.
updated String: The recent update time of the Key Vault Certificate.

CertifiateCertificatePolicy

IssuerParameters CertifiateCertificatePolicyIssuerParameters: A issuer_parameters block as defined below.
KeyProperties CertifiateCertificatePolicyKeyProperties: A key_properties block as defined below.
SecretProperties CertifiateCertificatePolicySecretProperties: A secret_properties block as defined below.
LifetimeActions List<CertifiateCertificatePolicyLifetimeAction>: A lifetime_action block as defined below.
X509CertificateProperties CertifiateCertificatePolicyX509CertificateProperties: A x509_certificate_properties block as defined below. Required when certificate block is not specified.

IssuerParameters CertifiateCertificatePolicyIssuerParameters: A issuer_parameters block as defined below.
KeyProperties CertifiateCertificatePolicyKeyProperties: A key_properties block as defined below.
SecretProperties CertifiateCertificatePolicySecretProperties: A secret_properties block as defined below.
LifetimeActions []CertifiateCertificatePolicyLifetimeAction: A lifetime_action block as defined below.
X509CertificateProperties CertifiateCertificatePolicyX509CertificateProperties: A x509_certificate_properties block as defined below. Required when certificate block is not specified.

issuerParameters CertifiateCertificatePolicyIssuerParameters: A issuer_parameters block as defined below.
keyProperties CertifiateCertificatePolicyKeyProperties: A key_properties block as defined below.
secretProperties CertifiateCertificatePolicySecretProperties: A secret_properties block as defined below.
lifetimeActions List<CertifiateCertificatePolicyLifetimeAction>: A lifetime_action block as defined below.
x509CertificateProperties CertifiateCertificatePolicyX509CertificateProperties: A x509_certificate_properties block as defined below. Required when certificate block is not specified.

issuerParameters CertifiateCertificatePolicyIssuerParameters: A issuer_parameters block as defined below.
keyProperties CertifiateCertificatePolicyKeyProperties: A key_properties block as defined below.
secretProperties CertifiateCertificatePolicySecretProperties: A secret_properties block as defined below.
lifetimeActions CertifiateCertificatePolicyLifetimeAction[]: A lifetime_action block as defined below.
x509CertificateProperties CertifiateCertificatePolicyX509CertificateProperties: A x509_certificate_properties block as defined below. Required when certificate block is not specified.

issuer_parameters CertifiateCertificatePolicyIssuerParameters: A issuer_parameters block as defined below.
key_properties CertifiateCertificatePolicyKeyProperties: A key_properties block as defined below.
secret_properties CertifiateCertificatePolicySecretProperties: A secret_properties block as defined below.
lifetime_actions Sequence[CertifiateCertificatePolicyLifetimeAction]: A lifetime_action block as defined below.
x509_certificate_properties CertifiateCertificatePolicyX509CertificateProperties: A x509_certificate_properties block as defined below. Required when certificate block is not specified.

issuerParameters Property Map: A issuer_parameters block as defined below.
keyProperties Property Map: A key_properties block as defined below.
secretProperties Property Map: A secret_properties block as defined below.
lifetimeActions List<Property Map>: A lifetime_action block as defined below.
x509CertificateProperties Property Map: A x509_certificate_properties block as defined below. Required when certificate block is not specified.

CertifiateCertificatePolicyIssuerParameters

Name string: The name of the Certificate Issuer. Possible values include Self (for self-signed certificate), or Unknown (for a certificate issuing authority like Let's Encrypt and Azure direct supported ones). Changing this forces a new resource to be created.

Name string: The name of the Certificate Issuer. Possible values include Self (for self-signed certificate), or Unknown (for a certificate issuing authority like Let's Encrypt and Azure direct supported ones). Changing this forces a new resource to be created.

name String: The name of the Certificate Issuer. Possible values include Self (for self-signed certificate), or Unknown (for a certificate issuing authority like Let's Encrypt and Azure direct supported ones). Changing this forces a new resource to be created.

name string: The name of the Certificate Issuer. Possible values include Self (for self-signed certificate), or Unknown (for a certificate issuing authority like Let's Encrypt and Azure direct supported ones). Changing this forces a new resource to be created.

name str: The name of the Certificate Issuer. Possible values include Self (for self-signed certificate), or Unknown (for a certificate issuing authority like Let's Encrypt and Azure direct supported ones). Changing this forces a new resource to be created.

name String: The name of the Certificate Issuer. Possible values include Self (for self-signed certificate), or Unknown (for a certificate issuing authority like Let's Encrypt and Azure direct supported ones). Changing this forces a new resource to be created.

CertifiateCertificatePolicyKeyProperties

Exportable bool: Is this certificate exportable? Changing this forces a new resource to be created.
KeyType string: Specifies the type of key. Possible values are EC, EC-HSM, RSA, RSA-HSM and oct. Changing this forces a new resource to be created.
ReuseKey bool: Is the key reusable? Changing this forces a new resource to be created.
Curve string: Specifies the curve to use when creating an EC key. Possible values are P-256, P-256K, P-384, and P-521. This field will be required in a future release if key_type is EC or EC-HSM. Changing this forces a new resource to be created.
KeySize int: The size of the key used in the certificate. Possible values include 2048, 3072, and 4096 for RSA keys, or 256, 384, and 521 for EC keys. This property is required when using RSA keys. Changing this forces a new resource to be created.

Exportable bool: Is this certificate exportable? Changing this forces a new resource to be created.
KeyType string: Specifies the type of key. Possible values are EC, EC-HSM, RSA, RSA-HSM and oct. Changing this forces a new resource to be created.
ReuseKey bool: Is the key reusable? Changing this forces a new resource to be created.
Curve string: Specifies the curve to use when creating an EC key. Possible values are P-256, P-256K, P-384, and P-521. This field will be required in a future release if key_type is EC or EC-HSM. Changing this forces a new resource to be created.
KeySize int: The size of the key used in the certificate. Possible values include 2048, 3072, and 4096 for RSA keys, or 256, 384, and 521 for EC keys. This property is required when using RSA keys. Changing this forces a new resource to be created.

exportable Boolean: Is this certificate exportable? Changing this forces a new resource to be created.
keyType String: Specifies the type of key. Possible values are EC, EC-HSM, RSA, RSA-HSM and oct. Changing this forces a new resource to be created.
reuseKey Boolean: Is the key reusable? Changing this forces a new resource to be created.
curve String: Specifies the curve to use when creating an EC key. Possible values are P-256, P-256K, P-384, and P-521. This field will be required in a future release if key_type is EC or EC-HSM. Changing this forces a new resource to be created.
keySize Integer: The size of the key used in the certificate. Possible values include 2048, 3072, and 4096 for RSA keys, or 256, 384, and 521 for EC keys. This property is required when using RSA keys. Changing this forces a new resource to be created.

exportable boolean: Is this certificate exportable? Changing this forces a new resource to be created.
keyType string: Specifies the type of key. Possible values are EC, EC-HSM, RSA, RSA-HSM and oct. Changing this forces a new resource to be created.
reuseKey boolean: Is the key reusable? Changing this forces a new resource to be created.
curve string: Specifies the curve to use when creating an EC key. Possible values are P-256, P-256K, P-384, and P-521. This field will be required in a future release if key_type is EC or EC-HSM. Changing this forces a new resource to be created.
keySize number: The size of the key used in the certificate. Possible values include 2048, 3072, and 4096 for RSA keys, or 256, 384, and 521 for EC keys. This property is required when using RSA keys. Changing this forces a new resource to be created.

exportable bool: Is this certificate exportable? Changing this forces a new resource to be created.
key_type str: Specifies the type of key. Possible values are EC, EC-HSM, RSA, RSA-HSM and oct. Changing this forces a new resource to be created.
reuse_key bool: Is the key reusable? Changing this forces a new resource to be created.
curve str: Specifies the curve to use when creating an EC key. Possible values are P-256, P-256K, P-384, and P-521. This field will be required in a future release if key_type is EC or EC-HSM. Changing this forces a new resource to be created.
key_size int: The size of the key used in the certificate. Possible values include 2048, 3072, and 4096 for RSA keys, or 256, 384, and 521 for EC keys. This property is required when using RSA keys. Changing this forces a new resource to be created.

exportable Boolean: Is this certificate exportable? Changing this forces a new resource to be created.
keyType String: Specifies the type of key. Possible values are EC, EC-HSM, RSA, RSA-HSM and oct. Changing this forces a new resource to be created.
reuseKey Boolean: Is the key reusable? Changing this forces a new resource to be created.
curve String: Specifies the curve to use when creating an EC key. Possible values are P-256, P-256K, P-384, and P-521. This field will be required in a future release if key_type is EC or EC-HSM. Changing this forces a new resource to be created.
keySize Number: The size of the key used in the certificate. Possible values include 2048, 3072, and 4096 for RSA keys, or 256, 384, and 521 for EC keys. This property is required when using RSA keys. Changing this forces a new resource to be created.

CertifiateCertificatePolicyLifetimeAction

Action CertifiateCertificatePolicyLifetimeActionAction: A action block as defined below.
Trigger CertifiateCertificatePolicyLifetimeActionTrigger: A trigger block as defined below.

Action CertifiateCertificatePolicyLifetimeActionAction: A action block as defined below.
Trigger CertifiateCertificatePolicyLifetimeActionTrigger: A trigger block as defined below.

action CertifiateCertificatePolicyLifetimeActionAction: A action block as defined below.
trigger CertifiateCertificatePolicyLifetimeActionTrigger: A trigger block as defined below.

action CertifiateCertificatePolicyLifetimeActionAction: A action block as defined below.
trigger CertifiateCertificatePolicyLifetimeActionTrigger: A trigger block as defined below.

action CertifiateCertificatePolicyLifetimeActionAction: A action block as defined below.
trigger CertifiateCertificatePolicyLifetimeActionTrigger: A trigger block as defined below.

action Property Map: A action block as defined below.
trigger Property Map: A trigger block as defined below.

CertifiateCertificatePolicyLifetimeActionAction

ActionType string: The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts. Changing this forces a new resource to be created.

ActionType string: The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts. Changing this forces a new resource to be created.

actionType String: The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts. Changing this forces a new resource to be created.

actionType string: The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts. Changing this forces a new resource to be created.

action_type str: The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts. Changing this forces a new resource to be created.

actionType String: The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts. Changing this forces a new resource to be created.

CertifiateCertificatePolicyLifetimeActionTrigger

DaysBeforeExpiry int: The number of days before the Certificate expires that the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with lifetime_percentage.
LifetimePercentage int: The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with days_before_expiry.

DaysBeforeExpiry int: The number of days before the Certificate expires that the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with lifetime_percentage.
LifetimePercentage int: The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with days_before_expiry.

daysBeforeExpiry Integer: The number of days before the Certificate expires that the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with lifetime_percentage.
lifetimePercentage Integer: The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with days_before_expiry.

daysBeforeExpiry number: The number of days before the Certificate expires that the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with lifetime_percentage.
lifetimePercentage number: The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with days_before_expiry.

days_before_expiry int: The number of days before the Certificate expires that the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with lifetime_percentage.
lifetime_percentage int: The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with days_before_expiry.

daysBeforeExpiry Number: The number of days before the Certificate expires that the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with lifetime_percentage.
lifetimePercentage Number: The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with days_before_expiry.

CertifiateCertificatePolicySecretProperties

ContentType string: The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM. Changing this forces a new resource to be created.

ContentType string: The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM. Changing this forces a new resource to be created.

contentType String: The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM. Changing this forces a new resource to be created.

contentType string: The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM. Changing this forces a new resource to be created.

content_type str: The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM. Changing this forces a new resource to be created.

contentType String: The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM. Changing this forces a new resource to be created.

CertifiateCertificatePolicyX509CertificateProperties

KeyUsages List<string>: A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive. Changing this forces a new resource to be created.
Subject string: The Certificate's Subject. Changing this forces a new resource to be created.
ValidityInMonths int: The Certificates Validity Period in Months. Changing this forces a new resource to be created.
ExtendedKeyUsages List<string>: A list of Extended/Enhanced Key Usages. Changing this forces a new resource to be created.
SubjectAlternativeNames CertifiateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames: A subject_alternative_names block as defined below. Changing this forces a new resource to be created.

KeyUsages []string: A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive. Changing this forces a new resource to be created.
Subject string: The Certificate's Subject. Changing this forces a new resource to be created.
ValidityInMonths int: The Certificates Validity Period in Months. Changing this forces a new resource to be created.
ExtendedKeyUsages []string: A list of Extended/Enhanced Key Usages. Changing this forces a new resource to be created.
SubjectAlternativeNames CertifiateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames: A subject_alternative_names block as defined below. Changing this forces a new resource to be created.

keyUsages List<String>: A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive. Changing this forces a new resource to be created.
subject String: The Certificate's Subject. Changing this forces a new resource to be created.
validityInMonths Integer: The Certificates Validity Period in Months. Changing this forces a new resource to be created.
extendedKeyUsages List<String>: A list of Extended/Enhanced Key Usages. Changing this forces a new resource to be created.
subjectAlternativeNames CertifiateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames: A subject_alternative_names block as defined below. Changing this forces a new resource to be created.

keyUsages string[]: A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive. Changing this forces a new resource to be created.
subject string: The Certificate's Subject. Changing this forces a new resource to be created.
validityInMonths number: The Certificates Validity Period in Months. Changing this forces a new resource to be created.
extendedKeyUsages string[]: A list of Extended/Enhanced Key Usages. Changing this forces a new resource to be created.
subjectAlternativeNames CertifiateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames: A subject_alternative_names block as defined below. Changing this forces a new resource to be created.

key_usages Sequence[str]: A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive. Changing this forces a new resource to be created.
subject str: The Certificate's Subject. Changing this forces a new resource to be created.
validity_in_months int: The Certificates Validity Period in Months. Changing this forces a new resource to be created.
extended_key_usages Sequence[str]: A list of Extended/Enhanced Key Usages. Changing this forces a new resource to be created.
subject_alternative_names CertifiateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames: A subject_alternative_names block as defined below. Changing this forces a new resource to be created.

keyUsages List<String>: A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive. Changing this forces a new resource to be created.
subject String: The Certificate's Subject. Changing this forces a new resource to be created.
validityInMonths Number: The Certificates Validity Period in Months. Changing this forces a new resource to be created.
extendedKeyUsages List<String>: A list of Extended/Enhanced Key Usages. Changing this forces a new resource to be created.
subjectAlternativeNames Property Map: A subject_alternative_names block as defined below. Changing this forces a new resource to be created.

CertifiateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames

DnsNames List<string>: A list of alternative DNS names (FQDNs) identified by the Certificate. Changing this forces a new resource to be created.
Emails List<string>: A list of email addresses identified by this Certificate. Changing this forces a new resource to be created.
Upns List<string>: A list of User Principal Names identified by the Certificate. Changing this forces a new resource to be created.

DnsNames []string: A list of alternative DNS names (FQDNs) identified by the Certificate. Changing this forces a new resource to be created.
Emails []string: A list of email addresses identified by this Certificate. Changing this forces a new resource to be created.
Upns []string: A list of User Principal Names identified by the Certificate. Changing this forces a new resource to be created.

dnsNames List<String>: A list of alternative DNS names (FQDNs) identified by the Certificate. Changing this forces a new resource to be created.
emails List<String>: A list of email addresses identified by this Certificate. Changing this forces a new resource to be created.
upns List<String>: A list of User Principal Names identified by the Certificate. Changing this forces a new resource to be created.

dnsNames string[]: A list of alternative DNS names (FQDNs) identified by the Certificate. Changing this forces a new resource to be created.
emails string[]: A list of email addresses identified by this Certificate. Changing this forces a new resource to be created.
upns string[]: A list of User Principal Names identified by the Certificate. Changing this forces a new resource to be created.

dns_names Sequence[str]: A list of alternative DNS names (FQDNs) identified by the Certificate. Changing this forces a new resource to be created.
emails Sequence[str]: A list of email addresses identified by this Certificate. Changing this forces a new resource to be created.
upns Sequence[str]: A list of User Principal Names identified by the Certificate. Changing this forces a new resource to be created.

dnsNames List<String>: A list of alternative DNS names (FQDNs) identified by the Certificate. Changing this forces a new resource to be created.
emails List<String>: A list of email addresses identified by this Certificate. Changing this forces a new resource to be created.
upns List<String>: A list of User Principal Names identified by the Certificate. Changing this forces a new resource to be created.

Import

Key Vault Certificates can be imported using the resource id, e.g.

 $ pulumi import azure:keyvault/certifiate:Certifiate example "https://example-keyvault.vault.azure.net/certificates/example/fdf067c93bbb4b22bff4d8b7a9a56217"

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.