Docs
PackagesWe recommend using Azure Native.
azure.keyvault.getCertificateData
Explore with Pulumi AI
Use this data source to access data stored in an existing Key Vault Certificate.
Note: This data source uses the
GetSecretfunction of the Azure API, to get the key of the certificate. Therefore you need secret/get permission
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var exampleKeyVault = Azure.KeyVault.GetKeyVault.Invoke(new()
{
Name = "examplekv",
ResourceGroupName = "some-resource-group",
});
var exampleCertificateData = Azure.KeyVault.GetCertificateData.Invoke(new()
{
Name = "secret-sauce",
KeyVaultId = exampleKeyVault.Apply(getKeyVaultResult => getKeyVaultResult.Id),
});
return new Dictionary<string, object?>
{
["examplePem"] = exampleCertificateData.Apply(getCertificateDataResult => getCertificateDataResult.Pem),
};
});
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleKeyVault, err := keyvault.LookupKeyVault(ctx, &keyvault.LookupKeyVaultArgs{
Name: "examplekv",
ResourceGroupName: "some-resource-group",
}, nil)
if err != nil {
return err
}
exampleCertificateData, err := keyvault.GetCertificateData(ctx, &keyvault.GetCertificateDataArgs{
Name: "secret-sauce",
KeyVaultId: exampleKeyVault.Id,
}, nil)
if err != nil {
return err
}
ctx.Export("examplePem", exampleCertificateData.Pem)
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.keyvault.KeyvaultFunctions;
import com.pulumi.azure.keyvault.inputs.GetKeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.GetCertificateDataArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var exampleKeyVault = KeyvaultFunctions.getKeyVault(GetKeyVaultArgs.builder()
.name("examplekv")
.resourceGroupName("some-resource-group")
.build());
final var exampleCertificateData = KeyvaultFunctions.getCertificateData(GetCertificateDataArgs.builder()
.name("secret-sauce")
.keyVaultId(exampleKeyVault.applyValue(getKeyVaultResult -> getKeyVaultResult.id()))
.build());
ctx.export("examplePem", exampleCertificateData.applyValue(getCertificateDataResult -> getCertificateDataResult.pem()));
}
}
import pulumi
import pulumi_azure as azure
example_key_vault = azure.keyvault.get_key_vault(name="examplekv",
resource_group_name="some-resource-group")
example_certificate_data = azure.keyvault.get_certificate_data(name="secret-sauce",
key_vault_id=example_key_vault.id)
pulumi.export("examplePem", example_certificate_data.pem)
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const exampleKeyVault = azure.keyvault.getKeyVault({
name: "examplekv",
resourceGroupName: "some-resource-group",
});
const exampleCertificateData = exampleKeyVault.then(exampleKeyVault => azure.keyvault.getCertificateData({
name: "secret-sauce",
keyVaultId: exampleKeyVault.id,
}));
export const examplePem = exampleCertificateData.then(exampleCertificateData => exampleCertificateData.pem);
variables:
exampleKeyVault:
fn::invoke:
Function: azure:keyvault:getKeyVault
Arguments:
name: examplekv
resourceGroupName: some-resource-group
exampleCertificateData:
fn::invoke:
Function: azure:keyvault:getCertificateData
Arguments:
name: secret-sauce
keyVaultId: ${exampleKeyVault.id}
outputs:
examplePem: ${exampleCertificateData.pem}
Using getCertificateData
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getCertificateData(args: GetCertificateDataArgs, opts?: InvokeOptions): Promise<GetCertificateDataResult>
function getCertificateDataOutput(args: GetCertificateDataOutputArgs, opts?: InvokeOptions): Output<GetCertificateDataResult>def get_certificate_data(key_vault_id: Optional[str] = None,
name: Optional[str] = None,
version: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetCertificateDataResult
def get_certificate_data_output(key_vault_id: Optional[pulumi.Input[str]] = None,
name: Optional[pulumi.Input[str]] = None,
version: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetCertificateDataResult]func GetCertificateData(ctx *Context, args *GetCertificateDataArgs, opts ...InvokeOption) (*GetCertificateDataResult, error)
func GetCertificateDataOutput(ctx *Context, args *GetCertificateDataOutputArgs, opts ...InvokeOption) GetCertificateDataResultOutput> Note: This function is named GetCertificateData in the Go SDK.
public static class GetCertificateData
{
public static Task<GetCertificateDataResult> InvokeAsync(GetCertificateDataArgs args, InvokeOptions? opts = null)
public static Output<GetCertificateDataResult> Invoke(GetCertificateDataInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetCertificateDataResult> getCertificateData(GetCertificateDataArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: azure:keyvault/getCertificateData:getCertificateData
arguments:
# arguments dictionaryThe following arguments are supported:
- Key
Vault stringId Specifies the ID of the Key Vault instance where the Secret resides, available on the
azure.keyvault.KeyVaultData Source / Resource.- Name string
Specifies the name of the Key Vault Secret.
- Version string
Specifies the version of the certificate to look up. (Defaults to latest)
NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.
- Key
Vault stringId Specifies the ID of the Key Vault instance where the Secret resides, available on the
azure.keyvault.KeyVaultData Source / Resource.- Name string
Specifies the name of the Key Vault Secret.
- Version string
Specifies the version of the certificate to look up. (Defaults to latest)
NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.
- key
Vault StringId Specifies the ID of the Key Vault instance where the Secret resides, available on the
azure.keyvault.KeyVaultData Source / Resource.- name String
Specifies the name of the Key Vault Secret.
- version String
Specifies the version of the certificate to look up. (Defaults to latest)
NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.
- key
Vault stringId Specifies the ID of the Key Vault instance where the Secret resides, available on the
azure.keyvault.KeyVaultData Source / Resource.- name string
Specifies the name of the Key Vault Secret.
- version string
Specifies the version of the certificate to look up. (Defaults to latest)
NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.
- key_
vault_ strid Specifies the ID of the Key Vault instance where the Secret resides, available on the
azure.keyvault.KeyVaultData Source / Resource.- name str
Specifies the name of the Key Vault Secret.
- version str
Specifies the version of the certificate to look up. (Defaults to latest)
NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.
- key
Vault StringId Specifies the ID of the Key Vault instance where the Secret resides, available on the
azure.keyvault.KeyVaultData Source / Resource.- name String
Specifies the name of the Key Vault Secret.
- version String
Specifies the version of the certificate to look up. (Defaults to latest)
NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.
getCertificateData Result
The following output properties are available:
- Certificates
Count int Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).
- Expires string
Expiry date of certificate in RFC3339 format.
- Hex string
The raw Key Vault Certificate data represented as a hexadecimal string.
- Id string
The provider-assigned unique ID for this managed resource.
- Key string
The Key Vault Certificate Key.
- Key
Vault stringId - Name string
- Not
Before string Not Before date of certificate in RFC3339 format.
- Pem string
The Key Vault Certificate in PEM format.
- Dictionary<string, string>
A mapping of tags to assign to the resource.
- Version string
- Certificates
Count int Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).
- Expires string
Expiry date of certificate in RFC3339 format.
- Hex string
The raw Key Vault Certificate data represented as a hexadecimal string.
- Id string
The provider-assigned unique ID for this managed resource.
- Key string
The Key Vault Certificate Key.
- Key
Vault stringId - Name string
- Not
Before string Not Before date of certificate in RFC3339 format.
- Pem string
The Key Vault Certificate in PEM format.
- map[string]string
A mapping of tags to assign to the resource.
- Version string
- certificates
Count Integer Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).
- expires String
Expiry date of certificate in RFC3339 format.
- hex String
The raw Key Vault Certificate data represented as a hexadecimal string.
- id String
The provider-assigned unique ID for this managed resource.
- key String
The Key Vault Certificate Key.
- key
Vault StringId - name String
- not
Before String Not Before date of certificate in RFC3339 format.
- pem String
The Key Vault Certificate in PEM format.
- Map<String,String>
A mapping of tags to assign to the resource.
- version String
- certificates
Count number Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).
- expires string
Expiry date of certificate in RFC3339 format.
- hex string
The raw Key Vault Certificate data represented as a hexadecimal string.
- id string
The provider-assigned unique ID for this managed resource.
- key string
The Key Vault Certificate Key.
- key
Vault stringId - name string
- not
Before string Not Before date of certificate in RFC3339 format.
- pem string
The Key Vault Certificate in PEM format.
- {[key: string]: string}
A mapping of tags to assign to the resource.
- version string
- certificates_
count int Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).
- expires str
Expiry date of certificate in RFC3339 format.
- hex str
The raw Key Vault Certificate data represented as a hexadecimal string.
- id str
The provider-assigned unique ID for this managed resource.
- key str
The Key Vault Certificate Key.
- key_
vault_ strid - name str
- not_
before str Not Before date of certificate in RFC3339 format.
- pem str
The Key Vault Certificate in PEM format.
- Mapping[str, str]
A mapping of tags to assign to the resource.
- version str
- certificates
Count Number Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).
- expires String
Expiry date of certificate in RFC3339 format.
- hex String
The raw Key Vault Certificate data represented as a hexadecimal string.
- id String
The provider-assigned unique ID for this managed resource.
- key String
The Key Vault Certificate Key.
- key
Vault StringId - name String
- not
Before String Not Before date of certificate in RFC3339 format.
- pem String
The Key Vault Certificate in PEM format.
- Map<String>
A mapping of tags to assign to the resource.
- version String
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
azurermTerraform Provider.