1. Packages
  2. Azure Classic
  3. API Docs
  4. keyvault
  5. getCertificateData

We recommend using Azure Native.

Azure Classic v5.49.0 published on Tuesday, Aug 29, 2023 by Pulumi

azure.keyvault.getCertificateData

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure Classic v5.49.0 published on Tuesday, Aug 29, 2023 by Pulumi

    Use this data source to access data stored in an existing Key Vault Certificate.

    Note: This data source uses the GetSecret function of the Azure API, to get the key of the certificate. Therefore you need secret/get permission

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var exampleKeyVault = Azure.KeyVault.GetKeyVault.Invoke(new()
        {
            Name = "examplekv",
            ResourceGroupName = "some-resource-group",
        });
    
        var exampleCertificateData = Azure.KeyVault.GetCertificateData.Invoke(new()
        {
            Name = "secret-sauce",
            KeyVaultId = exampleKeyVault.Apply(getKeyVaultResult => getKeyVaultResult.Id),
        });
    
        return new Dictionary<string, object?>
        {
            ["examplePem"] = exampleCertificateData.Apply(getCertificateDataResult => getCertificateDataResult.Pem),
        };
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		exampleKeyVault, err := keyvault.LookupKeyVault(ctx, &keyvault.LookupKeyVaultArgs{
    			Name:              "examplekv",
    			ResourceGroupName: "some-resource-group",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		exampleCertificateData, err := keyvault.GetCertificateData(ctx, &keyvault.GetCertificateDataArgs{
    			Name:       "secret-sauce",
    			KeyVaultId: exampleKeyVault.Id,
    		}, nil)
    		if err != nil {
    			return err
    		}
    		ctx.Export("examplePem", exampleCertificateData.Pem)
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.keyvault.KeyvaultFunctions;
    import com.pulumi.azure.keyvault.inputs.GetKeyVaultArgs;
    import com.pulumi.azure.keyvault.inputs.GetCertificateDataArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var exampleKeyVault = KeyvaultFunctions.getKeyVault(GetKeyVaultArgs.builder()
                .name("examplekv")
                .resourceGroupName("some-resource-group")
                .build());
    
            final var exampleCertificateData = KeyvaultFunctions.getCertificateData(GetCertificateDataArgs.builder()
                .name("secret-sauce")
                .keyVaultId(exampleKeyVault.applyValue(getKeyVaultResult -> getKeyVaultResult.id()))
                .build());
    
            ctx.export("examplePem", exampleCertificateData.applyValue(getCertificateDataResult -> getCertificateDataResult.pem()));
        }
    }
    
    import pulumi
    import pulumi_azure as azure
    
    example_key_vault = azure.keyvault.get_key_vault(name="examplekv",
        resource_group_name="some-resource-group")
    example_certificate_data = azure.keyvault.get_certificate_data(name="secret-sauce",
        key_vault_id=example_key_vault.id)
    pulumi.export("examplePem", example_certificate_data.pem)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const exampleKeyVault = azure.keyvault.getKeyVault({
        name: "examplekv",
        resourceGroupName: "some-resource-group",
    });
    const exampleCertificateData = exampleKeyVault.then(exampleKeyVault => azure.keyvault.getCertificateData({
        name: "secret-sauce",
        keyVaultId: exampleKeyVault.id,
    }));
    export const examplePem = exampleCertificateData.then(exampleCertificateData => exampleCertificateData.pem);
    
    variables:
      exampleKeyVault:
        fn::invoke:
          Function: azure:keyvault:getKeyVault
          Arguments:
            name: examplekv
            resourceGroupName: some-resource-group
      exampleCertificateData:
        fn::invoke:
          Function: azure:keyvault:getCertificateData
          Arguments:
            name: secret-sauce
            keyVaultId: ${exampleKeyVault.id}
    outputs:
      examplePem: ${exampleCertificateData.pem}
    

    Using getCertificateData

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getCertificateData(args: GetCertificateDataArgs, opts?: InvokeOptions): Promise<GetCertificateDataResult>
    function getCertificateDataOutput(args: GetCertificateDataOutputArgs, opts?: InvokeOptions): Output<GetCertificateDataResult>
    def get_certificate_data(key_vault_id: Optional[str] = None,
                             name: Optional[str] = None,
                             version: Optional[str] = None,
                             opts: Optional[InvokeOptions] = None) -> GetCertificateDataResult
    def get_certificate_data_output(key_vault_id: Optional[pulumi.Input[str]] = None,
                             name: Optional[pulumi.Input[str]] = None,
                             version: Optional[pulumi.Input[str]] = None,
                             opts: Optional[InvokeOptions] = None) -> Output[GetCertificateDataResult]
    func GetCertificateData(ctx *Context, args *GetCertificateDataArgs, opts ...InvokeOption) (*GetCertificateDataResult, error)
    func GetCertificateDataOutput(ctx *Context, args *GetCertificateDataOutputArgs, opts ...InvokeOption) GetCertificateDataResultOutput

    > Note: This function is named GetCertificateData in the Go SDK.

    public static class GetCertificateData 
    {
        public static Task<GetCertificateDataResult> InvokeAsync(GetCertificateDataArgs args, InvokeOptions? opts = null)
        public static Output<GetCertificateDataResult> Invoke(GetCertificateDataInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetCertificateDataResult> getCertificateData(GetCertificateDataArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: azure:keyvault/getCertificateData:getCertificateData
      arguments:
        # arguments dictionary

    The following arguments are supported:

    KeyVaultId string

    Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.

    Name string

    Specifies the name of the Key Vault Secret.

    Version string

    Specifies the version of the certificate to look up. (Defaults to latest)

    NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.

    KeyVaultId string

    Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.

    Name string

    Specifies the name of the Key Vault Secret.

    Version string

    Specifies the version of the certificate to look up. (Defaults to latest)

    NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.

    keyVaultId String

    Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.

    name String

    Specifies the name of the Key Vault Secret.

    version String

    Specifies the version of the certificate to look up. (Defaults to latest)

    NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.

    keyVaultId string

    Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.

    name string

    Specifies the name of the Key Vault Secret.

    version string

    Specifies the version of the certificate to look up. (Defaults to latest)

    NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.

    key_vault_id str

    Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.

    name str

    Specifies the name of the Key Vault Secret.

    version str

    Specifies the version of the certificate to look up. (Defaults to latest)

    NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.

    keyVaultId String

    Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.

    name String

    Specifies the name of the Key Vault Secret.

    version String

    Specifies the version of the certificate to look up. (Defaults to latest)

    NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.

    getCertificateData Result

    The following output properties are available:

    CertificatesCount int

    Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).

    Expires string

    Expiry date of certificate in RFC3339 format.

    Hex string

    The raw Key Vault Certificate data represented as a hexadecimal string.

    Id string

    The provider-assigned unique ID for this managed resource.

    Key string

    The Key Vault Certificate Key.

    KeyVaultId string
    Name string
    NotBefore string

    Not Before date of certificate in RFC3339 format.

    Pem string

    The Key Vault Certificate in PEM format.

    Tags Dictionary<string, string>

    A mapping of tags to assign to the resource.

    Version string
    CertificatesCount int

    Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).

    Expires string

    Expiry date of certificate in RFC3339 format.

    Hex string

    The raw Key Vault Certificate data represented as a hexadecimal string.

    Id string

    The provider-assigned unique ID for this managed resource.

    Key string

    The Key Vault Certificate Key.

    KeyVaultId string
    Name string
    NotBefore string

    Not Before date of certificate in RFC3339 format.

    Pem string

    The Key Vault Certificate in PEM format.

    Tags map[string]string

    A mapping of tags to assign to the resource.

    Version string
    certificatesCount Integer

    Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).

    expires String

    Expiry date of certificate in RFC3339 format.

    hex String

    The raw Key Vault Certificate data represented as a hexadecimal string.

    id String

    The provider-assigned unique ID for this managed resource.

    key String

    The Key Vault Certificate Key.

    keyVaultId String
    name String
    notBefore String

    Not Before date of certificate in RFC3339 format.

    pem String

    The Key Vault Certificate in PEM format.

    tags Map<String,String>

    A mapping of tags to assign to the resource.

    version String
    certificatesCount number

    Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).

    expires string

    Expiry date of certificate in RFC3339 format.

    hex string

    The raw Key Vault Certificate data represented as a hexadecimal string.

    id string

    The provider-assigned unique ID for this managed resource.

    key string

    The Key Vault Certificate Key.

    keyVaultId string
    name string
    notBefore string

    Not Before date of certificate in RFC3339 format.

    pem string

    The Key Vault Certificate in PEM format.

    tags {[key: string]: string}

    A mapping of tags to assign to the resource.

    version string
    certificates_count int

    Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).

    expires str

    Expiry date of certificate in RFC3339 format.

    hex str

    The raw Key Vault Certificate data represented as a hexadecimal string.

    id str

    The provider-assigned unique ID for this managed resource.

    key str

    The Key Vault Certificate Key.

    key_vault_id str
    name str
    not_before str

    Not Before date of certificate in RFC3339 format.

    pem str

    The Key Vault Certificate in PEM format.

    tags Mapping[str, str]

    A mapping of tags to assign to the resource.

    version str
    certificatesCount Number

    Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).

    expires String

    Expiry date of certificate in RFC3339 format.

    hex String

    The raw Key Vault Certificate data represented as a hexadecimal string.

    id String

    The provider-assigned unique ID for this managed resource.

    key String

    The Key Vault Certificate Key.

    keyVaultId String
    name String
    notBefore String

    Not Before date of certificate in RFC3339 format.

    pem String

    The Key Vault Certificate in PEM format.

    tags Map<String>

    A mapping of tags to assign to the resource.

    version String

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the azurerm Terraform Provider.

    azure logo

    We recommend using Azure Native.

    Azure Classic v5.49.0 published on Tuesday, Aug 29, 2023 by Pulumi