getCertificate

Use this data source to access information about an existing Key Vault Certificate.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var exampleKeyVault = Azure.KeyVault.GetKeyVault.Invoke(new()
    {
        Name = "examplekv",
        ResourceGroupName = "some-resource-group",
    });

    var exampleCertificate = Azure.KeyVault.GetCertificate.Invoke(new()
    {
        Name = "secret-sauce",
        KeyVaultId = exampleKeyVault.Apply(getKeyVaultResult => getKeyVaultResult.Id),
    });

    return new Dictionary<string, object?>
    {
        ["certificateThumbprint"] = exampleCertificate.Apply(getCertificateResult => getCertificateResult.Thumbprint),
    };
});
package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleKeyVault, err := keyvault.LookupKeyVault(ctx, &keyvault.LookupKeyVaultArgs{
			Name:              "examplekv",
			ResourceGroupName: "some-resource-group",
		}, nil)
		if err != nil {
			return err
		}
		exampleCertificate, err := keyvault.LookupCertificate(ctx, &keyvault.LookupCertificateArgs{
			Name:       "secret-sauce",
			KeyVaultId: exampleKeyVault.Id,
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("certificateThumbprint", exampleCertificate.Thumbprint)
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.keyvault.KeyvaultFunctions;
import com.pulumi.azure.keyvault.inputs.GetKeyVaultArgs;
import com.pulumi.azure.appservice.inputs.GetCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var exampleKeyVault = KeyvaultFunctions.getKeyVault(GetKeyVaultArgs.builder()
            .name("examplekv")
            .resourceGroupName("some-resource-group")
            .build());

        final var exampleCertificate = KeyvaultFunctions.getCertificate(GetCertificateArgs.builder()
            .name("secret-sauce")
            .keyVaultId(exampleKeyVault.applyValue(getKeyVaultResult -> getKeyVaultResult.id()))
            .build());

        ctx.export("certificateThumbprint", exampleCertificate.applyValue(getCertificateResult -> getCertificateResult.thumbprint()));
    }
}
import pulumi
import pulumi_azure as azure

example_key_vault = azure.keyvault.get_key_vault(name="examplekv",
    resource_group_name="some-resource-group")
example_certificate = azure.keyvault.get_certificate(name="secret-sauce",
    key_vault_id=example_key_vault.id)
pulumi.export("certificateThumbprint", example_certificate.thumbprint)
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const exampleKeyVault = azure.keyvault.getKeyVault({
    name: "examplekv",
    resourceGroupName: "some-resource-group",
});
const exampleCertificate = exampleKeyVault.then(exampleKeyVault => azure.keyvault.getCertificate({
    name: "secret-sauce",
    keyVaultId: exampleKeyVault.id,
}));
export const certificateThumbprint = exampleCertificate.then(exampleCertificate => exampleCertificate.thumbprint);
variables:
  exampleKeyVault:
    Fn::Invoke:
      Function: azure:keyvault:getKeyVault
      Arguments:
        name: examplekv
        resourceGroupName: some-resource-group
  exampleCertificate:
    Fn::Invoke:
      Function: azure:keyvault:getCertificate
      Arguments:
        name: secret-sauce
        keyVaultId: ${exampleKeyVault.id}
outputs:
  certificateThumbprint: ${exampleCertificate.thumbprint}

Using getCertificate

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getCertificate(args: GetCertificateArgs, opts?: InvokeOptions): Promise<GetCertificateResult>
function getCertificateOutput(args: GetCertificateOutputArgs, opts?: InvokeOptions): Output<GetCertificateResult>
def get_certificate(key_vault_id: Optional[str] = None,
                    name: Optional[str] = None,
                    version: Optional[str] = None,
                    opts: Optional[InvokeOptions] = None) -> GetCertificateResult
def get_certificate_output(key_vault_id: Optional[pulumi.Input[str]] = None,
                    name: Optional[pulumi.Input[str]] = None,
                    version: Optional[pulumi.Input[str]] = None,
                    opts: Optional[InvokeOptions] = None) -> Output[GetCertificateResult]
func LookupCertificate(ctx *Context, args *LookupCertificateArgs, opts ...InvokeOption) (*LookupCertificateResult, error)
func LookupCertificateOutput(ctx *Context, args *LookupCertificateOutputArgs, opts ...InvokeOption) LookupCertificateResultOutput

> Note: This function is named LookupCertificate in the Go SDK.

public static class GetCertificate 
{
    public static Task<GetCertificateResult> InvokeAsync(GetCertificateArgs args, InvokeOptions? opts = null)
    public static Output<GetCertificateResult> Invoke(GetCertificateInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetCertificateResult> getCertificate(GetCertificateArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: azure:keyvault/getCertificate:getCertificate
  arguments:
    # arguments dictionary

The following arguments are supported:

KeyVaultId string

Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.

Name string

Specifies the name of the Key Vault Certificate.

Version string

Specifies the version of the certificate to look up. (Defaults to latest)

KeyVaultId string

Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.

Name string

Specifies the name of the Key Vault Certificate.

Version string

Specifies the version of the certificate to look up. (Defaults to latest)

keyVaultId String

Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.

name String

Specifies the name of the Key Vault Certificate.

version String

Specifies the version of the certificate to look up. (Defaults to latest)

keyVaultId string

Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.

name string

Specifies the name of the Key Vault Certificate.

version string

Specifies the version of the certificate to look up. (Defaults to latest)

key_vault_id str

Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.

name str

Specifies the name of the Key Vault Certificate.

version str

Specifies the version of the certificate to look up. (Defaults to latest)

keyVaultId String

Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.

name String

Specifies the name of the Key Vault Certificate.

version String

Specifies the version of the certificate to look up. (Defaults to latest)

getCertificate Result

The following output properties are available:

CertificateData string

The raw Key Vault Certificate data represented as a hexadecimal string.

CertificateDataBase64 string

The raw Key Vault Certificate data represented as a base64 string.

CertificatePolicies List<GetCertificateCertificatePolicy>

A certificate_policy block as defined below.

Expires string

Expiry date of certificate in RFC3339 format.

Id string

The provider-assigned unique ID for this managed resource.

KeyVaultId string
Name string

The name of the Certificate Issuer.

NotBefore string

Not Before date of certificate in RFC3339 format.

SecretId string

The ID of the associated Key Vault Secret.

Tags Dictionary<string, string>

A mapping of tags to assign to the resource.

Thumbprint string

The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.

Version string

The current version of the Key Vault Certificate.

VersionlessId string

The Base ID of the Key Vault Certificate.

VersionlessSecretId string

The Base ID of the Key Vault Secret.

CertificateData string

The raw Key Vault Certificate data represented as a hexadecimal string.

CertificateDataBase64 string

The raw Key Vault Certificate data represented as a base64 string.

CertificatePolicies []GetCertificateCertificatePolicy

A certificate_policy block as defined below.

Expires string

Expiry date of certificate in RFC3339 format.

Id string

The provider-assigned unique ID for this managed resource.

KeyVaultId string
Name string

The name of the Certificate Issuer.

NotBefore string

Not Before date of certificate in RFC3339 format.

SecretId string

The ID of the associated Key Vault Secret.

Tags map[string]string

A mapping of tags to assign to the resource.

Thumbprint string

The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.

Version string

The current version of the Key Vault Certificate.

VersionlessId string

The Base ID of the Key Vault Certificate.

VersionlessSecretId string

The Base ID of the Key Vault Secret.

certificateData String

The raw Key Vault Certificate data represented as a hexadecimal string.

certificateDataBase64 String

The raw Key Vault Certificate data represented as a base64 string.

certificatePolicies List<GetCertificateCertificatePolicy>

A certificate_policy block as defined below.

expires String

Expiry date of certificate in RFC3339 format.

id String

The provider-assigned unique ID for this managed resource.

keyVaultId String
name String

The name of the Certificate Issuer.

notBefore String

Not Before date of certificate in RFC3339 format.

secretId String

The ID of the associated Key Vault Secret.

tags Map<String,String>

A mapping of tags to assign to the resource.

thumbprint String

The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.

version String

The current version of the Key Vault Certificate.

versionlessId String

The Base ID of the Key Vault Certificate.

versionlessSecretId String

The Base ID of the Key Vault Secret.

certificateData string

The raw Key Vault Certificate data represented as a hexadecimal string.

certificateDataBase64 string

The raw Key Vault Certificate data represented as a base64 string.

certificatePolicies GetCertificateCertificatePolicy[]

A certificate_policy block as defined below.

expires string

Expiry date of certificate in RFC3339 format.

id string

The provider-assigned unique ID for this managed resource.

keyVaultId string
name string

The name of the Certificate Issuer.

notBefore string

Not Before date of certificate in RFC3339 format.

secretId string

The ID of the associated Key Vault Secret.

tags {[key: string]: string}

A mapping of tags to assign to the resource.

thumbprint string

The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.

version string

The current version of the Key Vault Certificate.

versionlessId string

The Base ID of the Key Vault Certificate.

versionlessSecretId string

The Base ID of the Key Vault Secret.

certificate_data str

The raw Key Vault Certificate data represented as a hexadecimal string.

certificate_data_base64 str

The raw Key Vault Certificate data represented as a base64 string.

certificate_policies Sequence[GetCertificateCertificatePolicy]

A certificate_policy block as defined below.

expires str

Expiry date of certificate in RFC3339 format.

id str

The provider-assigned unique ID for this managed resource.

key_vault_id str
name str

The name of the Certificate Issuer.

not_before str

Not Before date of certificate in RFC3339 format.

secret_id str

The ID of the associated Key Vault Secret.

tags Mapping[str, str]

A mapping of tags to assign to the resource.

thumbprint str

The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.

version str

The current version of the Key Vault Certificate.

versionless_id str

The Base ID of the Key Vault Certificate.

versionless_secret_id str

The Base ID of the Key Vault Secret.

certificateData String

The raw Key Vault Certificate data represented as a hexadecimal string.

certificateDataBase64 String

The raw Key Vault Certificate data represented as a base64 string.

certificatePolicies List<Property Map>

A certificate_policy block as defined below.

expires String

Expiry date of certificate in RFC3339 format.

id String

The provider-assigned unique ID for this managed resource.

keyVaultId String
name String

The name of the Certificate Issuer.

notBefore String

Not Before date of certificate in RFC3339 format.

secretId String

The ID of the associated Key Vault Secret.

tags Map<String>

A mapping of tags to assign to the resource.

thumbprint String

The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.

version String

The current version of the Key Vault Certificate.

versionlessId String

The Base ID of the Key Vault Certificate.

versionlessSecretId String

The Base ID of the Key Vault Secret.

Supporting Types

GetCertificateCertificatePolicy

IssuerParameters []GetCertificateCertificatePolicyIssuerParameter

A issuer_parameters block as defined below.

KeyProperties []GetCertificateCertificatePolicyKeyProperty

A key_properties block as defined below.

LifetimeActions []GetCertificateCertificatePolicyLifetimeAction

A lifetime_action block as defined below.

SecretProperties []GetCertificateCertificatePolicySecretProperty

A secret_properties block as defined below.

X509CertificateProperties []GetCertificateCertificatePolicyX509CertificateProperty

An x509_certificate_properties block as defined below.

issuerParameters GetCertificateCertificatePolicyIssuerParameter[]

A issuer_parameters block as defined below.

keyProperties GetCertificateCertificatePolicyKeyProperty[]

A key_properties block as defined below.

lifetimeActions GetCertificateCertificatePolicyLifetimeAction[]

A lifetime_action block as defined below.

secretProperties GetCertificateCertificatePolicySecretProperty[]

A secret_properties block as defined below.

x509CertificateProperties GetCertificateCertificatePolicyX509CertificateProperty[]

An x509_certificate_properties block as defined below.

issuerParameters List<Property Map>

A issuer_parameters block as defined below.

keyProperties List<Property Map>

A key_properties block as defined below.

lifetimeActions List<Property Map>

A lifetime_action block as defined below.

secretProperties List<Property Map>

A secret_properties block as defined below.

x509CertificateProperties List<Property Map>

An x509_certificate_properties block as defined below.

GetCertificateCertificatePolicyIssuerParameter

Name string

Specifies the name of the Key Vault Certificate.

Name string

Specifies the name of the Key Vault Certificate.

name String

Specifies the name of the Key Vault Certificate.

name string

Specifies the name of the Key Vault Certificate.

name str

Specifies the name of the Key Vault Certificate.

name String

Specifies the name of the Key Vault Certificate.

GetCertificateCertificatePolicyKeyProperty

Curve string
Exportable bool

Is this Certificate Exportable?

KeySize int

The size of the Key used in the Certificate.

KeyType string

Specifies the Type of Key, for example RSA.

ReuseKey bool

Is the key reusable?

Curve string
Exportable bool

Is this Certificate Exportable?

KeySize int

The size of the Key used in the Certificate.

KeyType string

Specifies the Type of Key, for example RSA.

ReuseKey bool

Is the key reusable?

curve String
exportable Boolean

Is this Certificate Exportable?

keySize Integer

The size of the Key used in the Certificate.

keyType String

Specifies the Type of Key, for example RSA.

reuseKey Boolean

Is the key reusable?

curve string
exportable boolean

Is this Certificate Exportable?

keySize number

The size of the Key used in the Certificate.

keyType string

Specifies the Type of Key, for example RSA.

reuseKey boolean

Is the key reusable?

curve str
exportable bool

Is this Certificate Exportable?

key_size int

The size of the Key used in the Certificate.

key_type str

Specifies the Type of Key, for example RSA.

reuse_key bool

Is the key reusable?

curve String
exportable Boolean

Is this Certificate Exportable?

keySize Number

The size of the Key used in the Certificate.

keyType String

Specifies the Type of Key, for example RSA.

reuseKey Boolean

Is the key reusable?

GetCertificateCertificatePolicyLifetimeAction

actions List<Property Map>

A action block as defined below.

triggers List<Property Map>

A trigger block as defined below.

GetCertificateCertificatePolicyLifetimeActionAction

ActionType string

The Type of action to be performed when the lifetime trigger is triggerec.

ActionType string

The Type of action to be performed when the lifetime trigger is triggerec.

actionType String

The Type of action to be performed when the lifetime trigger is triggerec.

actionType string

The Type of action to be performed when the lifetime trigger is triggerec.

action_type str

The Type of action to be performed when the lifetime trigger is triggerec.

actionType String

The Type of action to be performed when the lifetime trigger is triggerec.

GetCertificateCertificatePolicyLifetimeActionTrigger

DaysBeforeExpiry int

The number of days before the Certificate expires that the action associated with this Trigger should run.

LifetimePercentage int

The percentage at which during the Certificates Lifetime the action associated with this Trigger should run.

DaysBeforeExpiry int

The number of days before the Certificate expires that the action associated with this Trigger should run.

LifetimePercentage int

The percentage at which during the Certificates Lifetime the action associated with this Trigger should run.

daysBeforeExpiry Integer

The number of days before the Certificate expires that the action associated with this Trigger should run.

lifetimePercentage Integer

The percentage at which during the Certificates Lifetime the action associated with this Trigger should run.

daysBeforeExpiry number

The number of days before the Certificate expires that the action associated with this Trigger should run.

lifetimePercentage number

The percentage at which during the Certificates Lifetime the action associated with this Trigger should run.

days_before_expiry int

The number of days before the Certificate expires that the action associated with this Trigger should run.

lifetime_percentage int

The percentage at which during the Certificates Lifetime the action associated with this Trigger should run.

daysBeforeExpiry Number

The number of days before the Certificate expires that the action associated with this Trigger should run.

lifetimePercentage Number

The percentage at which during the Certificates Lifetime the action associated with this Trigger should run.

GetCertificateCertificatePolicySecretProperty

ContentType string

The Content-Type of the Certificate, for example application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.

ContentType string

The Content-Type of the Certificate, for example application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.

contentType String

The Content-Type of the Certificate, for example application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.

contentType string

The Content-Type of the Certificate, for example application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.

content_type str

The Content-Type of the Certificate, for example application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.

contentType String

The Content-Type of the Certificate, for example application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.

GetCertificateCertificatePolicyX509CertificateProperty

ExtendedKeyUsages List<string>

A list of Extended/Enhanced Key Usages.

KeyUsages List<string>

A list of uses associated with this Key.

Subject string

The Certificate's Subject.

SubjectAlternativeNames List<GetCertificateCertificatePolicyX509CertificatePropertySubjectAlternativeName>

A subject_alternative_names block as defined below.

ValidityInMonths int

The Certificates Validity Period in Months.

ExtendedKeyUsages []string

A list of Extended/Enhanced Key Usages.

KeyUsages []string

A list of uses associated with this Key.

Subject string

The Certificate's Subject.

SubjectAlternativeNames []GetCertificateCertificatePolicyX509CertificatePropertySubjectAlternativeName

A subject_alternative_names block as defined below.

ValidityInMonths int

The Certificates Validity Period in Months.

extendedKeyUsages List<String>

A list of Extended/Enhanced Key Usages.

keyUsages List<String>

A list of uses associated with this Key.

subject String

The Certificate's Subject.

subjectAlternativeNames List<GetCertificateCertificatePolicyX509CertificatePropertySubjectAlternativeName>

A subject_alternative_names block as defined below.

validityInMonths Integer

The Certificates Validity Period in Months.

extendedKeyUsages string[]

A list of Extended/Enhanced Key Usages.

keyUsages string[]

A list of uses associated with this Key.

subject string

The Certificate's Subject.

subjectAlternativeNames GetCertificateCertificatePolicyX509CertificatePropertySubjectAlternativeName[]

A subject_alternative_names block as defined below.

validityInMonths number

The Certificates Validity Period in Months.

extended_key_usages Sequence[str]

A list of Extended/Enhanced Key Usages.

key_usages Sequence[str]

A list of uses associated with this Key.

subject str

The Certificate's Subject.

subject_alternative_names Sequence[GetCertificateCertificatePolicyX509CertificatePropertySubjectAlternativeName]

A subject_alternative_names block as defined below.

validity_in_months int

The Certificates Validity Period in Months.

extendedKeyUsages List<String>

A list of Extended/Enhanced Key Usages.

keyUsages List<String>

A list of uses associated with this Key.

subject String

The Certificate's Subject.

subjectAlternativeNames List<Property Map>

A subject_alternative_names block as defined below.

validityInMonths Number

The Certificates Validity Period in Months.

GetCertificateCertificatePolicyX509CertificatePropertySubjectAlternativeName

DnsNames List<string>

A list of alternative DNS names (FQDNs) identified by the Certificate.

Emails List<string>

A list of email addresses identified by this Certificate.

Upns List<string>

A list of User Principal Names identified by the Certificate.

DnsNames []string

A list of alternative DNS names (FQDNs) identified by the Certificate.

Emails []string

A list of email addresses identified by this Certificate.

Upns []string

A list of User Principal Names identified by the Certificate.

dnsNames List<String>

A list of alternative DNS names (FQDNs) identified by the Certificate.

emails List<String>

A list of email addresses identified by this Certificate.

upns List<String>

A list of User Principal Names identified by the Certificate.

dnsNames string[]

A list of alternative DNS names (FQDNs) identified by the Certificate.

emails string[]

A list of email addresses identified by this Certificate.

upns string[]

A list of User Principal Names identified by the Certificate.

dns_names Sequence[str]

A list of alternative DNS names (FQDNs) identified by the Certificate.

emails Sequence[str]

A list of email addresses identified by this Certificate.

upns Sequence[str]

A list of User Principal Names identified by the Certificate.

dnsNames List<String>

A list of alternative DNS names (FQDNs) identified by the Certificate.

emails List<String>

A list of email addresses identified by this Certificate.

upns List<String>

A list of User Principal Names identified by the Certificate.

Package Details

Repository
https://github.com/pulumi/pulumi-azure
License
Apache-2.0
Notes

This Pulumi package is based on the azurerm Terraform Provider.