1. Packages
  2. Azure Classic
  3. API Docs
  4. keyvault
  5. Certificate

We recommend using Azure Native.

Azure Classic v5.66.1 published on Wednesday, Feb 14, 2024 by Pulumi

azure.keyvault.Certificate

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure Classic v5.66.1 published on Wednesday, Feb 14, 2024 by Pulumi

    Manages a Key Vault Certificate.

    «««< HEAD

    Note: The Azure Provider includes a Feature Toggle which will purge a Key Vault Certificate resource on destroy, rather than the default soft-delete. See purge_soft_deleted_certificates_on_destroy for more information.

    =======

    8d78c87098 (Update-documentation)

    Example Usage

    Importing A PFX)

    using System;
    using System.Collections.Generic;
    using System.IO;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    	
    string ReadFileBase64(string path) 
    {
        return Convert.ToBase64String(Encoding.UTF8.GetBytes(File.ReadAllText(path)));
    }
    
    return await Deployment.RunAsync(() => 
    {
        var current = Azure.Core.GetClientConfig.Invoke();
    
        var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
        {
            Location = "West Europe",
        });
    
        var exampleKeyVault = new Azure.KeyVault.KeyVault("exampleKeyVault", new()
        {
            Location = exampleResourceGroup.Location,
            ResourceGroupName = exampleResourceGroup.Name,
            TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
            SkuName = "premium",
            AccessPolicies = new[]
            {
                new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
                {
                    TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
                    ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
                    CertificatePermissions = new[]
                    {
                        "Create",
                        "Delete",
                        "DeleteIssuers",
                        "Get",
                        "GetIssuers",
                        "Import",
                        "List",
                        "ListIssuers",
                        "ManageContacts",
                        "ManageIssuers",
                        "SetIssuers",
                        "Update",
                    },
                    KeyPermissions = new[]
                    {
                        "Backup",
                        "Create",
                        "Decrypt",
                        "Delete",
                        "Encrypt",
                        "Get",
                        "Import",
                        "List",
                        "Purge",
                        "Recover",
                        "Restore",
                        "Sign",
                        "UnwrapKey",
                        "Update",
                        "Verify",
                        "WrapKey",
                    },
                    SecretPermissions = new[]
                    {
                        "Backup",
                        "Delete",
                        "Get",
                        "List",
                        "Purge",
                        "Recover",
                        "Restore",
                        "Set",
                    },
                },
            },
        });
    
        var exampleCertificate = new Azure.KeyVault.Certificate("exampleCertificate", new()
        {
            KeyVaultId = exampleKeyVault.Id,
            KeyVaultCertificate = new Azure.KeyVault.Inputs.CertificateCertificateArgs
            {
                Contents = ReadFileBase64("certificate-to-import.pfx"),
                Password = "",
            },
        });
    
    });
    
    package main
    
    import (
    	"encoding/base64"
    	"os"
    
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func filebase64OrPanic(path string) string {
    	if fileData, err := os.ReadFile(path); err == nil {
    		return base64.StdEncoding.EncodeToString(fileData[:])
    	} else {
    		panic(err.Error())
    	}
    }
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		current, err := core.GetClientConfig(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
    			Location: pulumi.String("West Europe"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleKeyVault, err := keyvault.NewKeyVault(ctx, "exampleKeyVault", &keyvault.KeyVaultArgs{
    			Location:          exampleResourceGroup.Location,
    			ResourceGroupName: exampleResourceGroup.Name,
    			TenantId:          *pulumi.String(current.TenantId),
    			SkuName:           pulumi.String("premium"),
    			AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
    				&keyvault.KeyVaultAccessPolicyArgs{
    					TenantId: *pulumi.String(current.TenantId),
    					ObjectId: *pulumi.String(current.ObjectId),
    					CertificatePermissions: pulumi.StringArray{
    						pulumi.String("Create"),
    						pulumi.String("Delete"),
    						pulumi.String("DeleteIssuers"),
    						pulumi.String("Get"),
    						pulumi.String("GetIssuers"),
    						pulumi.String("Import"),
    						pulumi.String("List"),
    						pulumi.String("ListIssuers"),
    						pulumi.String("ManageContacts"),
    						pulumi.String("ManageIssuers"),
    						pulumi.String("SetIssuers"),
    						pulumi.String("Update"),
    					},
    					KeyPermissions: pulumi.StringArray{
    						pulumi.String("Backup"),
    						pulumi.String("Create"),
    						pulumi.String("Decrypt"),
    						pulumi.String("Delete"),
    						pulumi.String("Encrypt"),
    						pulumi.String("Get"),
    						pulumi.String("Import"),
    						pulumi.String("List"),
    						pulumi.String("Purge"),
    						pulumi.String("Recover"),
    						pulumi.String("Restore"),
    						pulumi.String("Sign"),
    						pulumi.String("UnwrapKey"),
    						pulumi.String("Update"),
    						pulumi.String("Verify"),
    						pulumi.String("WrapKey"),
    					},
    					SecretPermissions: pulumi.StringArray{
    						pulumi.String("Backup"),
    						pulumi.String("Delete"),
    						pulumi.String("Get"),
    						pulumi.String("List"),
    						pulumi.String("Purge"),
    						pulumi.String("Recover"),
    						pulumi.String("Restore"),
    						pulumi.String("Set"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = keyvault.NewCertificate(ctx, "exampleCertificate", &keyvault.CertificateArgs{
    			KeyVaultId: exampleKeyVault.ID(),
    			Certificate: &keyvault.CertificateCertificateArgs{
    				Contents: filebase64OrPanic("certificate-to-import.pfx"),
    				Password: pulumi.String(""),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.CoreFunctions;
    import com.pulumi.azure.core.ResourceGroup;
    import com.pulumi.azure.core.ResourceGroupArgs;
    import com.pulumi.azure.keyvault.KeyVault;
    import com.pulumi.azure.keyvault.KeyVaultArgs;
    import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
    import com.pulumi.azure.keyvault.Certificate;
    import com.pulumi.azure.keyvault.CertificateArgs;
    import com.pulumi.azure.keyvault.inputs.CertificateCertificateArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var current = CoreFunctions.getClientConfig();
    
            var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()        
                .location("West Europe")
                .build());
    
            var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()        
                .location(exampleResourceGroup.location())
                .resourceGroupName(exampleResourceGroup.name())
                .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
                .skuName("premium")
                .accessPolicies(KeyVaultAccessPolicyArgs.builder()
                    .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
                    .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
                    .certificatePermissions(                
                        "Create",
                        "Delete",
                        "DeleteIssuers",
                        "Get",
                        "GetIssuers",
                        "Import",
                        "List",
                        "ListIssuers",
                        "ManageContacts",
                        "ManageIssuers",
                        "SetIssuers",
                        "Update")
                    .keyPermissions(                
                        "Backup",
                        "Create",
                        "Decrypt",
                        "Delete",
                        "Encrypt",
                        "Get",
                        "Import",
                        "List",
                        "Purge",
                        "Recover",
                        "Restore",
                        "Sign",
                        "UnwrapKey",
                        "Update",
                        "Verify",
                        "WrapKey")
                    .secretPermissions(                
                        "Backup",
                        "Delete",
                        "Get",
                        "List",
                        "Purge",
                        "Recover",
                        "Restore",
                        "Set")
                    .build())
                .build());
    
            var exampleCertificate = new Certificate("exampleCertificate", CertificateArgs.builder()        
                .keyVaultId(exampleKeyVault.id())
                .certificate(CertificateCertificateArgs.builder()
                    .contents(Base64.getEncoder().encodeToString(Files.readAllBytes(Paths.get("certificate-to-import.pfx"))))
                    .password("")
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import base64
    import pulumi_azure as azure
    
    current = azure.core.get_client_config()
    example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
    example_key_vault = azure.keyvault.KeyVault("exampleKeyVault",
        location=example_resource_group.location,
        resource_group_name=example_resource_group.name,
        tenant_id=current.tenant_id,
        sku_name="premium",
        access_policies=[azure.keyvault.KeyVaultAccessPolicyArgs(
            tenant_id=current.tenant_id,
            object_id=current.object_id,
            certificate_permissions=[
                "Create",
                "Delete",
                "DeleteIssuers",
                "Get",
                "GetIssuers",
                "Import",
                "List",
                "ListIssuers",
                "ManageContacts",
                "ManageIssuers",
                "SetIssuers",
                "Update",
            ],
            key_permissions=[
                "Backup",
                "Create",
                "Decrypt",
                "Delete",
                "Encrypt",
                "Get",
                "Import",
                "List",
                "Purge",
                "Recover",
                "Restore",
                "Sign",
                "UnwrapKey",
                "Update",
                "Verify",
                "WrapKey",
            ],
            secret_permissions=[
                "Backup",
                "Delete",
                "Get",
                "List",
                "Purge",
                "Recover",
                "Restore",
                "Set",
            ],
        )])
    example_certificate = azure.keyvault.Certificate("exampleCertificate",
        key_vault_id=example_key_vault.id,
        certificate=azure.keyvault.CertificateCertificateArgs(
            contents=(lambda path: base64.b64encode(open(path).read().encode()).decode())("certificate-to-import.pfx"),
            password="",
        ))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    import * as fs from "fs";
    
    const current = azure.core.getClientConfig({});
    const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
    const exampleKeyVault = new azure.keyvault.KeyVault("exampleKeyVault", {
        location: exampleResourceGroup.location,
        resourceGroupName: exampleResourceGroup.name,
        tenantId: current.then(current => current.tenantId),
        skuName: "premium",
        accessPolicies: [{
            tenantId: current.then(current => current.tenantId),
            objectId: current.then(current => current.objectId),
            certificatePermissions: [
                "Create",
                "Delete",
                "DeleteIssuers",
                "Get",
                "GetIssuers",
                "Import",
                "List",
                "ListIssuers",
                "ManageContacts",
                "ManageIssuers",
                "SetIssuers",
                "Update",
            ],
            keyPermissions: [
                "Backup",
                "Create",
                "Decrypt",
                "Delete",
                "Encrypt",
                "Get",
                "Import",
                "List",
                "Purge",
                "Recover",
                "Restore",
                "Sign",
                "UnwrapKey",
                "Update",
                "Verify",
                "WrapKey",
            ],
            secretPermissions: [
                "Backup",
                "Delete",
                "Get",
                "List",
                "Purge",
                "Recover",
                "Restore",
                "Set",
            ],
        }],
    });
    const exampleCertificate = new azure.keyvault.Certificate("exampleCertificate", {
        keyVaultId: exampleKeyVault.id,
        certificate: {
            contents: fs.readFileSync("certificate-to-import.pfx", { encoding: "base64" }),
            password: "",
        },
    });
    

    Coming soon!

    Generating a new certificate

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var current = Azure.Core.GetClientConfig.Invoke();
    
        var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
        {
            Location = "West Europe",
        });
    
        var exampleKeyVault = new Azure.KeyVault.KeyVault("exampleKeyVault", new()
        {
            Location = exampleResourceGroup.Location,
            ResourceGroupName = exampleResourceGroup.Name,
            TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
            SkuName = "standard",
            SoftDeleteRetentionDays = 7,
            AccessPolicies = new[]
            {
                new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
                {
                    TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
                    ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
                    CertificatePermissions = new[]
                    {
                        "Create",
                        "Delete",
                        "DeleteIssuers",
                        "Get",
                        "GetIssuers",
                        "Import",
                        "List",
                        "ListIssuers",
                        "ManageContacts",
                        "ManageIssuers",
                        "Purge",
                        "SetIssuers",
                        "Update",
                    },
                    KeyPermissions = new[]
                    {
                        "Backup",
                        "Create",
                        "Decrypt",
                        "Delete",
                        "Encrypt",
                        "Get",
                        "Import",
                        "List",
                        "Purge",
                        "Recover",
                        "Restore",
                        "Sign",
                        "UnwrapKey",
                        "Update",
                        "Verify",
                        "WrapKey",
                    },
                    SecretPermissions = new[]
                    {
                        "Backup",
                        "Delete",
                        "Get",
                        "List",
                        "Purge",
                        "Recover",
                        "Restore",
                        "Set",
                    },
                },
            },
        });
    
        var exampleCertificate = new Azure.KeyVault.Certificate("exampleCertificate", new()
        {
            KeyVaultId = exampleKeyVault.Id,
            CertificatePolicy = new Azure.KeyVault.Inputs.CertificateCertificatePolicyArgs
            {
                IssuerParameters = new Azure.KeyVault.Inputs.CertificateCertificatePolicyIssuerParametersArgs
                {
                    Name = "Self",
                },
                KeyProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicyKeyPropertiesArgs
                {
                    Exportable = true,
                    KeySize = 2048,
                    KeyType = "RSA",
                    ReuseKey = true,
                },
                LifetimeActions = new[]
                {
                    new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionArgs
                    {
                        Action = new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionActionArgs
                        {
                            ActionType = "AutoRenew",
                        },
                        Trigger = new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionTriggerArgs
                        {
                            DaysBeforeExpiry = 30,
                        },
                    },
                },
                SecretProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicySecretPropertiesArgs
                {
                    ContentType = "application/x-pkcs12",
                },
                X509CertificateProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicyX509CertificatePropertiesArgs
                {
                    ExtendedKeyUsages = new[]
                    {
                        "1.3.6.1.5.5.7.3.1",
                    },
                    KeyUsages = new[]
                    {
                        "cRLSign",
                        "dataEncipherment",
                        "digitalSignature",
                        "keyAgreement",
                        "keyCertSign",
                        "keyEncipherment",
                    },
                    SubjectAlternativeNames = new Azure.KeyVault.Inputs.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs
                    {
                        DnsNames = new[]
                        {
                            "internal.contoso.com",
                            "domain.hello.world",
                        },
                    },
                    Subject = "CN=hello-world",
                    ValidityInMonths = 12,
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		current, err := core.GetClientConfig(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
    			Location: pulumi.String("West Europe"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleKeyVault, err := keyvault.NewKeyVault(ctx, "exampleKeyVault", &keyvault.KeyVaultArgs{
    			Location:                exampleResourceGroup.Location,
    			ResourceGroupName:       exampleResourceGroup.Name,
    			TenantId:                *pulumi.String(current.TenantId),
    			SkuName:                 pulumi.String("standard"),
    			SoftDeleteRetentionDays: pulumi.Int(7),
    			AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
    				&keyvault.KeyVaultAccessPolicyArgs{
    					TenantId: *pulumi.String(current.TenantId),
    					ObjectId: *pulumi.String(current.ObjectId),
    					CertificatePermissions: pulumi.StringArray{
    						pulumi.String("Create"),
    						pulumi.String("Delete"),
    						pulumi.String("DeleteIssuers"),
    						pulumi.String("Get"),
    						pulumi.String("GetIssuers"),
    						pulumi.String("Import"),
    						pulumi.String("List"),
    						pulumi.String("ListIssuers"),
    						pulumi.String("ManageContacts"),
    						pulumi.String("ManageIssuers"),
    						pulumi.String("Purge"),
    						pulumi.String("SetIssuers"),
    						pulumi.String("Update"),
    					},
    					KeyPermissions: pulumi.StringArray{
    						pulumi.String("Backup"),
    						pulumi.String("Create"),
    						pulumi.String("Decrypt"),
    						pulumi.String("Delete"),
    						pulumi.String("Encrypt"),
    						pulumi.String("Get"),
    						pulumi.String("Import"),
    						pulumi.String("List"),
    						pulumi.String("Purge"),
    						pulumi.String("Recover"),
    						pulumi.String("Restore"),
    						pulumi.String("Sign"),
    						pulumi.String("UnwrapKey"),
    						pulumi.String("Update"),
    						pulumi.String("Verify"),
    						pulumi.String("WrapKey"),
    					},
    					SecretPermissions: pulumi.StringArray{
    						pulumi.String("Backup"),
    						pulumi.String("Delete"),
    						pulumi.String("Get"),
    						pulumi.String("List"),
    						pulumi.String("Purge"),
    						pulumi.String("Recover"),
    						pulumi.String("Restore"),
    						pulumi.String("Set"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = keyvault.NewCertificate(ctx, "exampleCertificate", &keyvault.CertificateArgs{
    			KeyVaultId: exampleKeyVault.ID(),
    			CertificatePolicy: &keyvault.CertificateCertificatePolicyArgs{
    				IssuerParameters: &keyvault.CertificateCertificatePolicyIssuerParametersArgs{
    					Name: pulumi.String("Self"),
    				},
    				KeyProperties: &keyvault.CertificateCertificatePolicyKeyPropertiesArgs{
    					Exportable: pulumi.Bool(true),
    					KeySize:    pulumi.Int(2048),
    					KeyType:    pulumi.String("RSA"),
    					ReuseKey:   pulumi.Bool(true),
    				},
    				LifetimeActions: keyvault.CertificateCertificatePolicyLifetimeActionArray{
    					&keyvault.CertificateCertificatePolicyLifetimeActionArgs{
    						Action: &keyvault.CertificateCertificatePolicyLifetimeActionActionArgs{
    							ActionType: pulumi.String("AutoRenew"),
    						},
    						Trigger: &keyvault.CertificateCertificatePolicyLifetimeActionTriggerArgs{
    							DaysBeforeExpiry: pulumi.Int(30),
    						},
    					},
    				},
    				SecretProperties: &keyvault.CertificateCertificatePolicySecretPropertiesArgs{
    					ContentType: pulumi.String("application/x-pkcs12"),
    				},
    				X509CertificateProperties: &keyvault.CertificateCertificatePolicyX509CertificatePropertiesArgs{
    					ExtendedKeyUsages: pulumi.StringArray{
    						pulumi.String("1.3.6.1.5.5.7.3.1"),
    					},
    					KeyUsages: pulumi.StringArray{
    						pulumi.String("cRLSign"),
    						pulumi.String("dataEncipherment"),
    						pulumi.String("digitalSignature"),
    						pulumi.String("keyAgreement"),
    						pulumi.String("keyCertSign"),
    						pulumi.String("keyEncipherment"),
    					},
    					SubjectAlternativeNames: &keyvault.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs{
    						DnsNames: pulumi.StringArray{
    							pulumi.String("internal.contoso.com"),
    							pulumi.String("domain.hello.world"),
    						},
    					},
    					Subject:          pulumi.String("CN=hello-world"),
    					ValidityInMonths: pulumi.Int(12),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.CoreFunctions;
    import com.pulumi.azure.core.ResourceGroup;
    import com.pulumi.azure.core.ResourceGroupArgs;
    import com.pulumi.azure.keyvault.KeyVault;
    import com.pulumi.azure.keyvault.KeyVaultArgs;
    import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
    import com.pulumi.azure.keyvault.Certificate;
    import com.pulumi.azure.keyvault.CertificateArgs;
    import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyArgs;
    import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyIssuerParametersArgs;
    import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyKeyPropertiesArgs;
    import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicySecretPropertiesArgs;
    import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyX509CertificatePropertiesArgs;
    import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var current = CoreFunctions.getClientConfig();
    
            var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()        
                .location("West Europe")
                .build());
    
            var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()        
                .location(exampleResourceGroup.location())
                .resourceGroupName(exampleResourceGroup.name())
                .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
                .skuName("standard")
                .softDeleteRetentionDays(7)
                .accessPolicies(KeyVaultAccessPolicyArgs.builder()
                    .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
                    .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
                    .certificatePermissions(                
                        "Create",
                        "Delete",
                        "DeleteIssuers",
                        "Get",
                        "GetIssuers",
                        "Import",
                        "List",
                        "ListIssuers",
                        "ManageContacts",
                        "ManageIssuers",
                        "Purge",
                        "SetIssuers",
                        "Update")
                    .keyPermissions(                
                        "Backup",
                        "Create",
                        "Decrypt",
                        "Delete",
                        "Encrypt",
                        "Get",
                        "Import",
                        "List",
                        "Purge",
                        "Recover",
                        "Restore",
                        "Sign",
                        "UnwrapKey",
                        "Update",
                        "Verify",
                        "WrapKey")
                    .secretPermissions(                
                        "Backup",
                        "Delete",
                        "Get",
                        "List",
                        "Purge",
                        "Recover",
                        "Restore",
                        "Set")
                    .build())
                .build());
    
            var exampleCertificate = new Certificate("exampleCertificate", CertificateArgs.builder()        
                .keyVaultId(exampleKeyVault.id())
                .certificatePolicy(CertificateCertificatePolicyArgs.builder()
                    .issuerParameters(CertificateCertificatePolicyIssuerParametersArgs.builder()
                        .name("Self")
                        .build())
                    .keyProperties(CertificateCertificatePolicyKeyPropertiesArgs.builder()
                        .exportable(true)
                        .keySize(2048)
                        .keyType("RSA")
                        .reuseKey(true)
                        .build())
                    .lifetimeActions(CertificateCertificatePolicyLifetimeActionArgs.builder()
                        .action(CertificateCertificatePolicyLifetimeActionActionArgs.builder()
                            .actionType("AutoRenew")
                            .build())
                        .trigger(CertificateCertificatePolicyLifetimeActionTriggerArgs.builder()
                            .daysBeforeExpiry(30)
                            .build())
                        .build())
                    .secretProperties(CertificateCertificatePolicySecretPropertiesArgs.builder()
                        .contentType("application/x-pkcs12")
                        .build())
                    .x509CertificateProperties(CertificateCertificatePolicyX509CertificatePropertiesArgs.builder()
                        .extendedKeyUsages("1.3.6.1.5.5.7.3.1")
                        .keyUsages(                    
                            "cRLSign",
                            "dataEncipherment",
                            "digitalSignature",
                            "keyAgreement",
                            "keyCertSign",
                            "keyEncipherment")
                        .subjectAlternativeNames(CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs.builder()
                            .dnsNames(                        
                                "internal.contoso.com",
                                "domain.hello.world")
                            .build())
                        .subject("CN=hello-world")
                        .validityInMonths(12)
                        .build())
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure as azure
    
    current = azure.core.get_client_config()
    example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
    example_key_vault = azure.keyvault.KeyVault("exampleKeyVault",
        location=example_resource_group.location,
        resource_group_name=example_resource_group.name,
        tenant_id=current.tenant_id,
        sku_name="standard",
        soft_delete_retention_days=7,
        access_policies=[azure.keyvault.KeyVaultAccessPolicyArgs(
            tenant_id=current.tenant_id,
            object_id=current.object_id,
            certificate_permissions=[
                "Create",
                "Delete",
                "DeleteIssuers",
                "Get",
                "GetIssuers",
                "Import",
                "List",
                "ListIssuers",
                "ManageContacts",
                "ManageIssuers",
                "Purge",
                "SetIssuers",
                "Update",
            ],
            key_permissions=[
                "Backup",
                "Create",
                "Decrypt",
                "Delete",
                "Encrypt",
                "Get",
                "Import",
                "List",
                "Purge",
                "Recover",
                "Restore",
                "Sign",
                "UnwrapKey",
                "Update",
                "Verify",
                "WrapKey",
            ],
            secret_permissions=[
                "Backup",
                "Delete",
                "Get",
                "List",
                "Purge",
                "Recover",
                "Restore",
                "Set",
            ],
        )])
    example_certificate = azure.keyvault.Certificate("exampleCertificate",
        key_vault_id=example_key_vault.id,
        certificate_policy=azure.keyvault.CertificateCertificatePolicyArgs(
            issuer_parameters=azure.keyvault.CertificateCertificatePolicyIssuerParametersArgs(
                name="Self",
            ),
            key_properties=azure.keyvault.CertificateCertificatePolicyKeyPropertiesArgs(
                exportable=True,
                key_size=2048,
                key_type="RSA",
                reuse_key=True,
            ),
            lifetime_actions=[azure.keyvault.CertificateCertificatePolicyLifetimeActionArgs(
                action=azure.keyvault.CertificateCertificatePolicyLifetimeActionActionArgs(
                    action_type="AutoRenew",
                ),
                trigger=azure.keyvault.CertificateCertificatePolicyLifetimeActionTriggerArgs(
                    days_before_expiry=30,
                ),
            )],
            secret_properties=azure.keyvault.CertificateCertificatePolicySecretPropertiesArgs(
                content_type="application/x-pkcs12",
            ),
            x509_certificate_properties=azure.keyvault.CertificateCertificatePolicyX509CertificatePropertiesArgs(
                extended_key_usages=["1.3.6.1.5.5.7.3.1"],
                key_usages=[
                    "cRLSign",
                    "dataEncipherment",
                    "digitalSignature",
                    "keyAgreement",
                    "keyCertSign",
                    "keyEncipherment",
                ],
                subject_alternative_names=azure.keyvault.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs(
                    dns_names=[
                        "internal.contoso.com",
                        "domain.hello.world",
                    ],
                ),
                subject="CN=hello-world",
                validity_in_months=12,
            ),
        ))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const current = azure.core.getClientConfig({});
    const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
    const exampleKeyVault = new azure.keyvault.KeyVault("exampleKeyVault", {
        location: exampleResourceGroup.location,
        resourceGroupName: exampleResourceGroup.name,
        tenantId: current.then(current => current.tenantId),
        skuName: "standard",
        softDeleteRetentionDays: 7,
        accessPolicies: [{
            tenantId: current.then(current => current.tenantId),
            objectId: current.then(current => current.objectId),
            certificatePermissions: [
                "Create",
                "Delete",
                "DeleteIssuers",
                "Get",
                "GetIssuers",
                "Import",
                "List",
                "ListIssuers",
                "ManageContacts",
                "ManageIssuers",
                "Purge",
                "SetIssuers",
                "Update",
            ],
            keyPermissions: [
                "Backup",
                "Create",
                "Decrypt",
                "Delete",
                "Encrypt",
                "Get",
                "Import",
                "List",
                "Purge",
                "Recover",
                "Restore",
                "Sign",
                "UnwrapKey",
                "Update",
                "Verify",
                "WrapKey",
            ],
            secretPermissions: [
                "Backup",
                "Delete",
                "Get",
                "List",
                "Purge",
                "Recover",
                "Restore",
                "Set",
            ],
        }],
    });
    const exampleCertificate = new azure.keyvault.Certificate("exampleCertificate", {
        keyVaultId: exampleKeyVault.id,
        certificatePolicy: {
            issuerParameters: {
                name: "Self",
            },
            keyProperties: {
                exportable: true,
                keySize: 2048,
                keyType: "RSA",
                reuseKey: true,
            },
            lifetimeActions: [{
                action: {
                    actionType: "AutoRenew",
                },
                trigger: {
                    daysBeforeExpiry: 30,
                },
            }],
            secretProperties: {
                contentType: "application/x-pkcs12",
            },
            x509CertificateProperties: {
                extendedKeyUsages: ["1.3.6.1.5.5.7.3.1"],
                keyUsages: [
                    "cRLSign",
                    "dataEncipherment",
                    "digitalSignature",
                    "keyAgreement",
                    "keyCertSign",
                    "keyEncipherment",
                ],
                subjectAlternativeNames: {
                    dnsNames: [
                        "internal.contoso.com",
                        "domain.hello.world",
                    ],
                },
                subject: "CN=hello-world",
                validityInMonths: 12,
            },
        },
    });
    
    resources:
      exampleResourceGroup:
        type: azure:core:ResourceGroup
        properties:
          location: West Europe
      exampleKeyVault:
        type: azure:keyvault:KeyVault
        properties:
          location: ${exampleResourceGroup.location}
          resourceGroupName: ${exampleResourceGroup.name}
          tenantId: ${current.tenantId}
          skuName: standard
          softDeleteRetentionDays: 7
          accessPolicies:
            - tenantId: ${current.tenantId}
              objectId: ${current.objectId}
              certificatePermissions:
                - Create
                - Delete
                - DeleteIssuers
                - Get
                - GetIssuers
                - Import
                - List
                - ListIssuers
                - ManageContacts
                - ManageIssuers
                - Purge
                - SetIssuers
                - Update
              keyPermissions:
                - Backup
                - Create
                - Decrypt
                - Delete
                - Encrypt
                - Get
                - Import
                - List
                - Purge
                - Recover
                - Restore
                - Sign
                - UnwrapKey
                - Update
                - Verify
                - WrapKey
              secretPermissions:
                - Backup
                - Delete
                - Get
                - List
                - Purge
                - Recover
                - Restore
                - Set
      exampleCertificate:
        type: azure:keyvault:Certificate
        properties:
          keyVaultId: ${exampleKeyVault.id}
          certificatePolicy:
            issuerParameters:
              name: Self
            keyProperties:
              exportable: true
              keySize: 2048
              keyType: RSA
              reuseKey: true
            lifetimeActions:
              - action:
                  actionType: AutoRenew
                trigger:
                  daysBeforeExpiry: 30
            secretProperties:
              contentType: application/x-pkcs12
            x509CertificateProperties:
              extendedKeyUsages:
                - 1.3.6.1.5.5.7.3.1
              keyUsages:
                - cRLSign
                - dataEncipherment
                - digitalSignature
                - keyAgreement
                - keyCertSign
                - keyEncipherment
              subjectAlternativeNames:
                dnsNames:
                  - internal.contoso.com
                  - domain.hello.world
              subject: CN=hello-world
              validityInMonths: 12
    variables:
      current:
        fn::invoke:
          Function: azure:core:getClientConfig
          Arguments: {}
    

    Create Certificate Resource

    new Certificate(name: string, args: CertificateArgs, opts?: CustomResourceOptions);
    @overload
    def Certificate(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    certificate: Optional[CertificateCertificateArgs] = None,
                    certificate_policy: Optional[CertificateCertificatePolicyArgs] = None,
                    key_vault_id: Optional[str] = None,
                    name: Optional[str] = None,
                    tags: Optional[Mapping[str, str]] = None)
    @overload
    def Certificate(resource_name: str,
                    args: CertificateArgs,
                    opts: Optional[ResourceOptions] = None)
    func NewCertificate(ctx *Context, name string, args CertificateArgs, opts ...ResourceOption) (*Certificate, error)
    public Certificate(string name, CertificateArgs args, CustomResourceOptions? opts = null)
    public Certificate(String name, CertificateArgs args)
    public Certificate(String name, CertificateArgs args, CustomResourceOptions options)
    
    type: azure:keyvault:Certificate
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Certificate Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Certificate resource accepts the following input properties:

    KeyVaultId string
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    CertificatePolicy CertificateCertificatePolicy

    A certificate_policy block as defined below. Changing this will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    KeyVaultCertificate CertificateCertificate
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    Name string
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    Tags Dictionary<string, string>
    A mapping of tags to assign to the resource.
    KeyVaultId string
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    Certificate CertificateCertificateArgs
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    CertificatePolicy CertificateCertificatePolicyArgs

    A certificate_policy block as defined below. Changing this will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    Name string
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    Tags map[string]string
    A mapping of tags to assign to the resource.
    keyVaultId String
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    certificate CertificateCertificate
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    certificatePolicy CertificateCertificatePolicy

    A certificate_policy block as defined below. Changing this will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    name String
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    tags Map<String,String>
    A mapping of tags to assign to the resource.
    keyVaultId string
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    certificate CertificateCertificate
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    certificatePolicy CertificateCertificatePolicy

    A certificate_policy block as defined below. Changing this will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    name string
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    tags {[key: string]: string}
    A mapping of tags to assign to the resource.
    key_vault_id str
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    certificate CertificateCertificateArgs
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    certificate_policy CertificateCertificatePolicyArgs

    A certificate_policy block as defined below. Changing this will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    name str
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    tags Mapping[str, str]
    A mapping of tags to assign to the resource.
    keyVaultId String
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    certificate Property Map
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    certificatePolicy Property Map

    A certificate_policy block as defined below. Changing this will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    name String
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    tags Map<String>
    A mapping of tags to assign to the resource.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:

    CertificateAttributes List<CertificateCertificateAttribute>
    A certificate_attribute block as defined below.
    CertificateData string
    The raw Key Vault Certificate data represented as a hexadecimal string.
    CertificateDataBase64 string
    The Base64 encoded Key Vault Certificate data.
    Id string
    The provider-assigned unique ID for this managed resource.
    ResourceManagerId string
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    ResourceManagerVersionlessId string
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    SecretId string
    The ID of the associated Key Vault Secret.
    Thumbprint string
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    Version string
    The current version of the Key Vault Certificate.
    VersionlessId string
    The Base ID of the Key Vault Certificate.
    VersionlessSecretId string
    The Base ID of the Key Vault Secret.
    CertificateAttributes []CertificateCertificateAttribute
    A certificate_attribute block as defined below.
    CertificateData string
    The raw Key Vault Certificate data represented as a hexadecimal string.
    CertificateDataBase64 string
    The Base64 encoded Key Vault Certificate data.
    Id string
    The provider-assigned unique ID for this managed resource.
    ResourceManagerId string
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    ResourceManagerVersionlessId string
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    SecretId string
    The ID of the associated Key Vault Secret.
    Thumbprint string
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    Version string
    The current version of the Key Vault Certificate.
    VersionlessId string
    The Base ID of the Key Vault Certificate.
    VersionlessSecretId string
    The Base ID of the Key Vault Secret.
    certificateAttributes List<CertificateCertificateAttribute>
    A certificate_attribute block as defined below.
    certificateData String
    The raw Key Vault Certificate data represented as a hexadecimal string.
    certificateDataBase64 String
    The Base64 encoded Key Vault Certificate data.
    id String
    The provider-assigned unique ID for this managed resource.
    resourceManagerId String
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    resourceManagerVersionlessId String
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    secretId String
    The ID of the associated Key Vault Secret.
    thumbprint String
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    version String
    The current version of the Key Vault Certificate.
    versionlessId String
    The Base ID of the Key Vault Certificate.
    versionlessSecretId String
    The Base ID of the Key Vault Secret.
    certificateAttributes CertificateCertificateAttribute[]
    A certificate_attribute block as defined below.
    certificateData string
    The raw Key Vault Certificate data represented as a hexadecimal string.
    certificateDataBase64 string
    The Base64 encoded Key Vault Certificate data.
    id string
    The provider-assigned unique ID for this managed resource.
    resourceManagerId string
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    resourceManagerVersionlessId string
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    secretId string
    The ID of the associated Key Vault Secret.
    thumbprint string
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    version string
    The current version of the Key Vault Certificate.
    versionlessId string
    The Base ID of the Key Vault Certificate.
    versionlessSecretId string
    The Base ID of the Key Vault Secret.
    certificate_attributes Sequence[CertificateCertificateAttribute]
    A certificate_attribute block as defined below.
    certificate_data str
    The raw Key Vault Certificate data represented as a hexadecimal string.
    certificate_data_base64 str
    The Base64 encoded Key Vault Certificate data.
    id str
    The provider-assigned unique ID for this managed resource.
    resource_manager_id str
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    resource_manager_versionless_id str
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    secret_id str
    The ID of the associated Key Vault Secret.
    thumbprint str
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    version str
    The current version of the Key Vault Certificate.
    versionless_id str
    The Base ID of the Key Vault Certificate.
    versionless_secret_id str
    The Base ID of the Key Vault Secret.
    certificateAttributes List<Property Map>
    A certificate_attribute block as defined below.
    certificateData String
    The raw Key Vault Certificate data represented as a hexadecimal string.
    certificateDataBase64 String
    The Base64 encoded Key Vault Certificate data.
    id String
    The provider-assigned unique ID for this managed resource.
    resourceManagerId String
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    resourceManagerVersionlessId String
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    secretId String
    The ID of the associated Key Vault Secret.
    thumbprint String
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    version String
    The current version of the Key Vault Certificate.
    versionlessId String
    The Base ID of the Key Vault Certificate.
    versionlessSecretId String
    The Base ID of the Key Vault Secret.

    Look up Existing Certificate Resource

    Get an existing Certificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: CertificateState, opts?: CustomResourceOptions): Certificate
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            certificate: Optional[CertificateCertificateArgs] = None,
            certificate_attributes: Optional[Sequence[CertificateCertificateAttributeArgs]] = None,
            certificate_data: Optional[str] = None,
            certificate_data_base64: Optional[str] = None,
            certificate_policy: Optional[CertificateCertificatePolicyArgs] = None,
            key_vault_id: Optional[str] = None,
            name: Optional[str] = None,
            resource_manager_id: Optional[str] = None,
            resource_manager_versionless_id: Optional[str] = None,
            secret_id: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None,
            thumbprint: Optional[str] = None,
            version: Optional[str] = None,
            versionless_id: Optional[str] = None,
            versionless_secret_id: Optional[str] = None) -> Certificate
    func GetCertificate(ctx *Context, name string, id IDInput, state *CertificateState, opts ...ResourceOption) (*Certificate, error)
    public static Certificate Get(string name, Input<string> id, CertificateState? state, CustomResourceOptions? opts = null)
    public static Certificate get(String name, Output<String> id, CertificateState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    CertificateAttributes List<CertificateCertificateAttribute>
    A certificate_attribute block as defined below.
    CertificateData string
    The raw Key Vault Certificate data represented as a hexadecimal string.
    CertificateDataBase64 string
    The Base64 encoded Key Vault Certificate data.
    CertificatePolicy CertificateCertificatePolicy

    A certificate_policy block as defined below. Changing this will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    KeyVaultCertificate CertificateCertificate
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    KeyVaultId string
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    Name string
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    ResourceManagerId string
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    ResourceManagerVersionlessId string
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    SecretId string
    The ID of the associated Key Vault Secret.
    Tags Dictionary<string, string>
    A mapping of tags to assign to the resource.
    Thumbprint string
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    Version string
    The current version of the Key Vault Certificate.
    VersionlessId string
    The Base ID of the Key Vault Certificate.
    VersionlessSecretId string
    The Base ID of the Key Vault Secret.
    Certificate CertificateCertificateArgs
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    CertificateAttributes []CertificateCertificateAttributeArgs
    A certificate_attribute block as defined below.
    CertificateData string
    The raw Key Vault Certificate data represented as a hexadecimal string.
    CertificateDataBase64 string
    The Base64 encoded Key Vault Certificate data.
    CertificatePolicy CertificateCertificatePolicyArgs

    A certificate_policy block as defined below. Changing this will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    KeyVaultId string
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    Name string
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    ResourceManagerId string
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    ResourceManagerVersionlessId string
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    SecretId string
    The ID of the associated Key Vault Secret.
    Tags map[string]string
    A mapping of tags to assign to the resource.
    Thumbprint string
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    Version string
    The current version of the Key Vault Certificate.
    VersionlessId string
    The Base ID of the Key Vault Certificate.
    VersionlessSecretId string
    The Base ID of the Key Vault Secret.
    certificate CertificateCertificate
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    certificateAttributes List<CertificateCertificateAttribute>
    A certificate_attribute block as defined below.
    certificateData String
    The raw Key Vault Certificate data represented as a hexadecimal string.
    certificateDataBase64 String
    The Base64 encoded Key Vault Certificate data.
    certificatePolicy CertificateCertificatePolicy

    A certificate_policy block as defined below. Changing this will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    keyVaultId String
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    name String
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    resourceManagerId String
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    resourceManagerVersionlessId String
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    secretId String
    The ID of the associated Key Vault Secret.
    tags Map<String,String>
    A mapping of tags to assign to the resource.
    thumbprint String
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    version String
    The current version of the Key Vault Certificate.
    versionlessId String
    The Base ID of the Key Vault Certificate.
    versionlessSecretId String
    The Base ID of the Key Vault Secret.
    certificate CertificateCertificate
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    certificateAttributes CertificateCertificateAttribute[]
    A certificate_attribute block as defined below.
    certificateData string
    The raw Key Vault Certificate data represented as a hexadecimal string.
    certificateDataBase64 string
    The Base64 encoded Key Vault Certificate data.
    certificatePolicy CertificateCertificatePolicy

    A certificate_policy block as defined below. Changing this will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    keyVaultId string
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    name string
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    resourceManagerId string
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    resourceManagerVersionlessId string
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    secretId string
    The ID of the associated Key Vault Secret.
    tags {[key: string]: string}
    A mapping of tags to assign to the resource.
    thumbprint string
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    version string
    The current version of the Key Vault Certificate.
    versionlessId string
    The Base ID of the Key Vault Certificate.
    versionlessSecretId string
    The Base ID of the Key Vault Secret.
    certificate CertificateCertificateArgs
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    certificate_attributes Sequence[CertificateCertificateAttributeArgs]
    A certificate_attribute block as defined below.
    certificate_data str
    The raw Key Vault Certificate data represented as a hexadecimal string.
    certificate_data_base64 str
    The Base64 encoded Key Vault Certificate data.
    certificate_policy CertificateCertificatePolicyArgs

    A certificate_policy block as defined below. Changing this will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    key_vault_id str
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    name str
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    resource_manager_id str
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    resource_manager_versionless_id str
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    secret_id str
    The ID of the associated Key Vault Secret.
    tags Mapping[str, str]
    A mapping of tags to assign to the resource.
    thumbprint str
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    version str
    The current version of the Key Vault Certificate.
    versionless_id str
    The Base ID of the Key Vault Certificate.
    versionless_secret_id str
    The Base ID of the Key Vault Secret.
    certificate Property Map
    A certificate block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate.
    certificateAttributes List<Property Map>
    A certificate_attribute block as defined below.
    certificateData String
    The raw Key Vault Certificate data represented as a hexadecimal string.
    certificateDataBase64 String
    The Base64 encoded Key Vault Certificate data.
    certificatePolicy Property Map

    A certificate_policy block as defined below. Changing this will create a new version of the Key Vault Certificate.

    NOTE: When creating a Key Vault Certificate, at least one of certificate or certificate_policy is required. Provide certificate to import an existing certificate, certificate_policy to generate a new certificate.

    keyVaultId String
    The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created.
    name String
    Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
    resourceManagerId String
    The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services.
    resourceManagerVersionlessId String
    The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated.
    secretId String
    The ID of the associated Key Vault Secret.
    tags Map<String>
    A mapping of tags to assign to the resource.
    thumbprint String
    The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
    version String
    The current version of the Key Vault Certificate.
    versionlessId String
    The Base ID of the Key Vault Certificate.
    versionlessSecretId String
    The Base ID of the Key Vault Secret.

    Supporting Types

    CertificateCertificate, CertificateCertificateArgs

    Contents string
    The base64-encoded certificate contents.
    Password string

    The password associated with the certificate.

    NOTE: A PEM certificate is already base64 encoded. To successfully import, the contents property should include a PEM encoded X509 certificate and a private_key in pkcs8 format. There should only be linux style \n line endings and the whole block should have the PEM begin/end blocks around the certificate data and the private key data.

    To convert a private key to pkcs8 format with openssl use:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    

    The PEM content should look something like:

    Contents string
    The base64-encoded certificate contents.
    Password string

    The password associated with the certificate.

    NOTE: A PEM certificate is already base64 encoded. To successfully import, the contents property should include a PEM encoded X509 certificate and a private_key in pkcs8 format. There should only be linux style \n line endings and the whole block should have the PEM begin/end blocks around the certificate data and the private key data.

    To convert a private key to pkcs8 format with openssl use:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    

    The PEM content should look something like:

    contents String
    The base64-encoded certificate contents.
    password String

    The password associated with the certificate.

    NOTE: A PEM certificate is already base64 encoded. To successfully import, the contents property should include a PEM encoded X509 certificate and a private_key in pkcs8 format. There should only be linux style \n line endings and the whole block should have the PEM begin/end blocks around the certificate data and the private key data.

    To convert a private key to pkcs8 format with openssl use:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    

    The PEM content should look something like:

    contents string
    The base64-encoded certificate contents.
    password string

    The password associated with the certificate.

    NOTE: A PEM certificate is already base64 encoded. To successfully import, the contents property should include a PEM encoded X509 certificate and a private_key in pkcs8 format. There should only be linux style \n line endings and the whole block should have the PEM begin/end blocks around the certificate data and the private key data.

    To convert a private key to pkcs8 format with openssl use:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    

    The PEM content should look something like:

    contents str
    The base64-encoded certificate contents.
    password str

    The password associated with the certificate.

    NOTE: A PEM certificate is already base64 encoded. To successfully import, the contents property should include a PEM encoded X509 certificate and a private_key in pkcs8 format. There should only be linux style \n line endings and the whole block should have the PEM begin/end blocks around the certificate data and the private key data.

    To convert a private key to pkcs8 format with openssl use:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    

    The PEM content should look something like:

    contents String
    The base64-encoded certificate contents.
    password String

    The password associated with the certificate.

    NOTE: A PEM certificate is already base64 encoded. To successfully import, the contents property should include a PEM encoded X509 certificate and a private_key in pkcs8 format. There should only be linux style \n line endings and the whole block should have the PEM begin/end blocks around the certificate data and the private key data.

    To convert a private key to pkcs8 format with openssl use:

    import * as pulumi from "@pulumi/pulumi";
    
    import pulumi
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    

    return await Deployment.RunAsync(() => { });

    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
        }
    }
    
    {}
    

    The PEM content should look something like:

    CertificateCertificateAttribute, CertificateCertificateAttributeArgs

    Created string
    The create time of the Key Vault Certificate.
    Enabled bool
    whether the Key Vault Certificate is enabled.
    Expires string
    The expires time of the Key Vault Certificate.
    NotBefore string
    The not before valid time of the Key Vault Certificate.
    RecoveryLevel string
    The deletion recovery level of the Key Vault Certificate.
    Updated string
    The recent update time of the Key Vault Certificate.
    Created string
    The create time of the Key Vault Certificate.
    Enabled bool
    whether the Key Vault Certificate is enabled.
    Expires string
    The expires time of the Key Vault Certificate.
    NotBefore string
    The not before valid time of the Key Vault Certificate.
    RecoveryLevel string
    The deletion recovery level of the Key Vault Certificate.
    Updated string
    The recent update time of the Key Vault Certificate.
    created String
    The create time of the Key Vault Certificate.
    enabled Boolean
    whether the Key Vault Certificate is enabled.
    expires String
    The expires time of the Key Vault Certificate.
    notBefore String
    The not before valid time of the Key Vault Certificate.
    recoveryLevel String
    The deletion recovery level of the Key Vault Certificate.
    updated String
    The recent update time of the Key Vault Certificate.
    created string
    The create time of the Key Vault Certificate.
    enabled boolean
    whether the Key Vault Certificate is enabled.
    expires string
    The expires time of the Key Vault Certificate.
    notBefore string
    The not before valid time of the Key Vault Certificate.
    recoveryLevel string
    The deletion recovery level of the Key Vault Certificate.
    updated string
    The recent update time of the Key Vault Certificate.
    created str
    The create time of the Key Vault Certificate.
    enabled bool
    whether the Key Vault Certificate is enabled.
    expires str
    The expires time of the Key Vault Certificate.
    not_before str
    The not before valid time of the Key Vault Certificate.
    recovery_level str
    The deletion recovery level of the Key Vault Certificate.
    updated str
    The recent update time of the Key Vault Certificate.
    created String
    The create time of the Key Vault Certificate.
    enabled Boolean
    whether the Key Vault Certificate is enabled.
    expires String
    The expires time of the Key Vault Certificate.
    notBefore String
    The not before valid time of the Key Vault Certificate.
    recoveryLevel String
    The deletion recovery level of the Key Vault Certificate.
    updated String
    The recent update time of the Key Vault Certificate.

    CertificateCertificatePolicy, CertificateCertificatePolicyArgs

    IssuerParameters CertificateCertificatePolicyIssuerParameters
    A issuer_parameters block as defined below.
    KeyProperties CertificateCertificatePolicyKeyProperties
    A key_properties block as defined below.
    SecretProperties CertificateCertificatePolicySecretProperties
    A secret_properties block as defined below.
    LifetimeActions List<CertificateCertificatePolicyLifetimeAction>
    A lifetime_action block as defined below.
    X509CertificateProperties CertificateCertificatePolicyX509CertificateProperties
    A x509_certificate_properties block as defined below. Required when certificate block is not specified.
    IssuerParameters CertificateCertificatePolicyIssuerParameters
    A issuer_parameters block as defined below.
    KeyProperties CertificateCertificatePolicyKeyProperties
    A key_properties block as defined below.
    SecretProperties CertificateCertificatePolicySecretProperties
    A secret_properties block as defined below.
    LifetimeActions []CertificateCertificatePolicyLifetimeAction
    A lifetime_action block as defined below.
    X509CertificateProperties CertificateCertificatePolicyX509CertificateProperties
    A x509_certificate_properties block as defined below. Required when certificate block is not specified.
    issuerParameters CertificateCertificatePolicyIssuerParameters
    A issuer_parameters block as defined below.
    keyProperties CertificateCertificatePolicyKeyProperties
    A key_properties block as defined below.
    secretProperties CertificateCertificatePolicySecretProperties
    A secret_properties block as defined below.
    lifetimeActions List<CertificateCertificatePolicyLifetimeAction>
    A lifetime_action block as defined below.
    x509CertificateProperties CertificateCertificatePolicyX509CertificateProperties
    A x509_certificate_properties block as defined below. Required when certificate block is not specified.
    issuerParameters CertificateCertificatePolicyIssuerParameters
    A issuer_parameters block as defined below.
    keyProperties CertificateCertificatePolicyKeyProperties
    A key_properties block as defined below.
    secretProperties CertificateCertificatePolicySecretProperties
    A secret_properties block as defined below.
    lifetimeActions CertificateCertificatePolicyLifetimeAction[]
    A lifetime_action block as defined below.
    x509CertificateProperties CertificateCertificatePolicyX509CertificateProperties
    A x509_certificate_properties block as defined below. Required when certificate block is not specified.
    issuer_parameters CertificateCertificatePolicyIssuerParameters
    A issuer_parameters block as defined below.
    key_properties CertificateCertificatePolicyKeyProperties
    A key_properties block as defined below.
    secret_properties CertificateCertificatePolicySecretProperties
    A secret_properties block as defined below.
    lifetime_actions Sequence[CertificateCertificatePolicyLifetimeAction]
    A lifetime_action block as defined below.
    x509_certificate_properties CertificateCertificatePolicyX509CertificateProperties
    A x509_certificate_properties block as defined below. Required when certificate block is not specified.
    issuerParameters Property Map
    A issuer_parameters block as defined below.
    keyProperties Property Map
    A key_properties block as defined below.
    secretProperties Property Map
    A secret_properties block as defined below.
    lifetimeActions List<Property Map>
    A lifetime_action block as defined below.
    x509CertificateProperties Property Map
    A x509_certificate_properties block as defined below. Required when certificate block is not specified.

    CertificateCertificatePolicyIssuerParameters, CertificateCertificatePolicyIssuerParametersArgs

    Name string
    The name of the Certificate Issuer. Possible values include Self (for self-signed certificate), or Unknown (for a certificate issuing authority like Let's Encrypt and Azure direct supported ones).
    Name string
    The name of the Certificate Issuer. Possible values include Self (for self-signed certificate), or Unknown (for a certificate issuing authority like Let's Encrypt and Azure direct supported ones).
    name String
    The name of the Certificate Issuer. Possible values include Self (for self-signed certificate), or Unknown (for a certificate issuing authority like Let's Encrypt and Azure direct supported ones).
    name string
    The name of the Certificate Issuer. Possible values include Self (for self-signed certificate), or Unknown (for a certificate issuing authority like Let's Encrypt and Azure direct supported ones).
    name str
    The name of the Certificate Issuer. Possible values include Self (for self-signed certificate), or Unknown (for a certificate issuing authority like Let's Encrypt and Azure direct supported ones).
    name String
    The name of the Certificate Issuer. Possible values include Self (for self-signed certificate), or Unknown (for a certificate issuing authority like Let's Encrypt and Azure direct supported ones).

    CertificateCertificatePolicyKeyProperties, CertificateCertificatePolicyKeyPropertiesArgs

    Exportable bool
    Is this certificate exportable?
    KeyType string
    Specifies the type of key. Possible values are EC, EC-HSM, RSA, RSA-HSM and oct.
    ReuseKey bool
    Is the key reusable?
    Curve string
    Specifies the curve to use when creating an EC key. Possible values are P-256, P-256K, P-384, and P-521. This field will be required in a future release if key_type is EC or EC-HSM.
    KeySize int
    The size of the key used in the certificate. Possible values include 2048, 3072, and 4096 for RSA keys, or 256, 384, and 521 for EC keys. This property is required when using RSA keys.
    Exportable bool
    Is this certificate exportable?
    KeyType string
    Specifies the type of key. Possible values are EC, EC-HSM, RSA, RSA-HSM and oct.
    ReuseKey bool
    Is the key reusable?
    Curve string
    Specifies the curve to use when creating an EC key. Possible values are P-256, P-256K, P-384, and P-521. This field will be required in a future release if key_type is EC or EC-HSM.
    KeySize int
    The size of the key used in the certificate. Possible values include 2048, 3072, and 4096 for RSA keys, or 256, 384, and 521 for EC keys. This property is required when using RSA keys.
    exportable Boolean
    Is this certificate exportable?
    keyType String
    Specifies the type of key. Possible values are EC, EC-HSM, RSA, RSA-HSM and oct.
    reuseKey Boolean
    Is the key reusable?
    curve String
    Specifies the curve to use when creating an EC key. Possible values are P-256, P-256K, P-384, and P-521. This field will be required in a future release if key_type is EC or EC-HSM.
    keySize Integer
    The size of the key used in the certificate. Possible values include 2048, 3072, and 4096 for RSA keys, or 256, 384, and 521 for EC keys. This property is required when using RSA keys.
    exportable boolean
    Is this certificate exportable?
    keyType string
    Specifies the type of key. Possible values are EC, EC-HSM, RSA, RSA-HSM and oct.
    reuseKey boolean
    Is the key reusable?
    curve string
    Specifies the curve to use when creating an EC key. Possible values are P-256, P-256K, P-384, and P-521. This field will be required in a future release if key_type is EC or EC-HSM.
    keySize number
    The size of the key used in the certificate. Possible values include 2048, 3072, and 4096 for RSA keys, or 256, 384, and 521 for EC keys. This property is required when using RSA keys.
    exportable bool
    Is this certificate exportable?
    key_type str
    Specifies the type of key. Possible values are EC, EC-HSM, RSA, RSA-HSM and oct.
    reuse_key bool
    Is the key reusable?
    curve str
    Specifies the curve to use when creating an EC key. Possible values are P-256, P-256K, P-384, and P-521. This field will be required in a future release if key_type is EC or EC-HSM.
    key_size int
    The size of the key used in the certificate. Possible values include 2048, 3072, and 4096 for RSA keys, or 256, 384, and 521 for EC keys. This property is required when using RSA keys.
    exportable Boolean
    Is this certificate exportable?
    keyType String
    Specifies the type of key. Possible values are EC, EC-HSM, RSA, RSA-HSM and oct.
    reuseKey Boolean
    Is the key reusable?
    curve String
    Specifies the curve to use when creating an EC key. Possible values are P-256, P-256K, P-384, and P-521. This field will be required in a future release if key_type is EC or EC-HSM.
    keySize Number
    The size of the key used in the certificate. Possible values include 2048, 3072, and 4096 for RSA keys, or 256, 384, and 521 for EC keys. This property is required when using RSA keys.

    CertificateCertificatePolicyLifetimeAction, CertificateCertificatePolicyLifetimeActionArgs

    action Property Map
    A action block as defined below.
    trigger Property Map
    A trigger block as defined below.

    CertificateCertificatePolicyLifetimeActionAction, CertificateCertificatePolicyLifetimeActionActionArgs

    ActionType string
    The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts.
    ActionType string
    The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts.
    actionType String
    The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts.
    actionType string
    The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts.
    action_type str
    The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts.
    actionType String
    The Type of action to be performed when the lifetime trigger is triggerec. Possible values include AutoRenew and EmailContacts.

    CertificateCertificatePolicyLifetimeActionTrigger, CertificateCertificatePolicyLifetimeActionTriggerArgs

    DaysBeforeExpiry int
    The number of days before the Certificate expires that the action associated with this Trigger should run. Conflicts with lifetime_percentage.
    LifetimePercentage int
    The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Conflicts with days_before_expiry.
    DaysBeforeExpiry int
    The number of days before the Certificate expires that the action associated with this Trigger should run. Conflicts with lifetime_percentage.
    LifetimePercentage int
    The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Conflicts with days_before_expiry.
    daysBeforeExpiry Integer
    The number of days before the Certificate expires that the action associated with this Trigger should run. Conflicts with lifetime_percentage.
    lifetimePercentage Integer
    The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Conflicts with days_before_expiry.
    daysBeforeExpiry number
    The number of days before the Certificate expires that the action associated with this Trigger should run. Conflicts with lifetime_percentage.
    lifetimePercentage number
    The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Conflicts with days_before_expiry.
    days_before_expiry int
    The number of days before the Certificate expires that the action associated with this Trigger should run. Conflicts with lifetime_percentage.
    lifetime_percentage int
    The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Conflicts with days_before_expiry.
    daysBeforeExpiry Number
    The number of days before the Certificate expires that the action associated with this Trigger should run. Conflicts with lifetime_percentage.
    lifetimePercentage Number
    The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Conflicts with days_before_expiry.

    CertificateCertificatePolicySecretProperties, CertificateCertificatePolicySecretPropertiesArgs

    ContentType string
    The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.
    ContentType string
    The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.
    contentType String
    The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.
    contentType string
    The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.
    content_type str
    The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.
    contentType String
    The Content-Type of the Certificate, such as application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.

    CertificateCertificatePolicyX509CertificateProperties, CertificateCertificatePolicyX509CertificatePropertiesArgs

    KeyUsages List<string>
    A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive.
    Subject string
    The Certificate's Subject.
    ValidityInMonths int
    The Certificates Validity Period in Months.
    ExtendedKeyUsages List<string>
    A list of Extended/Enhanced Key Usages.
    SubjectAlternativeNames CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames
    A subject_alternative_names block as defined below.
    KeyUsages []string
    A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive.
    Subject string
    The Certificate's Subject.
    ValidityInMonths int
    The Certificates Validity Period in Months.
    ExtendedKeyUsages []string
    A list of Extended/Enhanced Key Usages.
    SubjectAlternativeNames CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames
    A subject_alternative_names block as defined below.
    keyUsages List<String>
    A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive.
    subject String
    The Certificate's Subject.
    validityInMonths Integer
    The Certificates Validity Period in Months.
    extendedKeyUsages List<String>
    A list of Extended/Enhanced Key Usages.
    subjectAlternativeNames CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames
    A subject_alternative_names block as defined below.
    keyUsages string[]
    A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive.
    subject string
    The Certificate's Subject.
    validityInMonths number
    The Certificates Validity Period in Months.
    extendedKeyUsages string[]
    A list of Extended/Enhanced Key Usages.
    subjectAlternativeNames CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames
    A subject_alternative_names block as defined below.
    key_usages Sequence[str]
    A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive.
    subject str
    The Certificate's Subject.
    validity_in_months int
    The Certificates Validity Period in Months.
    extended_key_usages Sequence[str]
    A list of Extended/Enhanced Key Usages.
    subject_alternative_names CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames
    A subject_alternative_names block as defined below.
    keyUsages List<String>
    A list of uses associated with this Key. Possible values include cRLSign, dataEncipherment, decipherOnly, digitalSignature, encipherOnly, keyAgreement, keyCertSign, keyEncipherment and nonRepudiation and are case-sensitive.
    subject String
    The Certificate's Subject.
    validityInMonths Number
    The Certificates Validity Period in Months.
    extendedKeyUsages List<String>
    A list of Extended/Enhanced Key Usages.
    subjectAlternativeNames Property Map
    A subject_alternative_names block as defined below.

    CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames, CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs

    DnsNames List<string>
    A list of alternative DNS names (FQDNs) identified by the Certificate.
    Emails List<string>
    A list of email addresses identified by this Certificate.
    Upns List<string>
    A list of User Principal Names identified by the Certificate.
    DnsNames []string
    A list of alternative DNS names (FQDNs) identified by the Certificate.
    Emails []string
    A list of email addresses identified by this Certificate.
    Upns []string
    A list of User Principal Names identified by the Certificate.
    dnsNames List<String>
    A list of alternative DNS names (FQDNs) identified by the Certificate.
    emails List<String>
    A list of email addresses identified by this Certificate.
    upns List<String>
    A list of User Principal Names identified by the Certificate.
    dnsNames string[]
    A list of alternative DNS names (FQDNs) identified by the Certificate.
    emails string[]
    A list of email addresses identified by this Certificate.
    upns string[]
    A list of User Principal Names identified by the Certificate.
    dns_names Sequence[str]
    A list of alternative DNS names (FQDNs) identified by the Certificate.
    emails Sequence[str]
    A list of email addresses identified by this Certificate.
    upns Sequence[str]
    A list of User Principal Names identified by the Certificate.
    dnsNames List<String>
    A list of alternative DNS names (FQDNs) identified by the Certificate.
    emails List<String>
    A list of email addresses identified by this Certificate.
    upns List<String>
    A list of User Principal Names identified by the Certificate.

    Import

    Key Vault Certificates can be imported using the resource id, e.g.

    $ pulumi import azure:keyvault/certificate:Certificate example "https://example-keyvault.vault.azure.net/certificates/example/fdf067c93bbb4b22bff4d8b7a9a56217"
    

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azurerm Terraform Provider.
    azure logo

    We recommend using Azure Native.

    Azure Classic v5.66.1 published on Wednesday, Feb 14, 2024 by Pulumi