azure logo
Azure Classic v5.43.0, May 6 23

azure.keyvault.getCertificateData

Explore with Pulumi AI

Use this data source to access data stored in an existing Key Vault Certificate.

Note: This data source uses the GetSecret function of the Azure API, to get the key of the certificate. Therefore you need secret/get permission

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var exampleKeyVault = Azure.KeyVault.GetKeyVault.Invoke(new()
    {
        Name = "examplekv",
        ResourceGroupName = "some-resource-group",
    });

    var exampleCertificateData = Azure.KeyVault.GetCertificateData.Invoke(new()
    {
        Name = "secret-sauce",
        KeyVaultId = exampleKeyVault.Apply(getKeyVaultResult => getKeyVaultResult.Id),
    });

    return new Dictionary<string, object?>
    {
        ["examplePem"] = exampleCertificateData.Apply(getCertificateDataResult => getCertificateDataResult.Pem),
    };
});
package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleKeyVault, err := keyvault.LookupKeyVault(ctx, &keyvault.LookupKeyVaultArgs{
			Name:              "examplekv",
			ResourceGroupName: "some-resource-group",
		}, nil)
		if err != nil {
			return err
		}
		exampleCertificateData, err := keyvault.GetCertificateData(ctx, &keyvault.GetCertificateDataArgs{
			Name:       "secret-sauce",
			KeyVaultId: exampleKeyVault.Id,
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("examplePem", exampleCertificateData.Pem)
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.keyvault.KeyvaultFunctions;
import com.pulumi.azure.keyvault.inputs.GetKeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.GetCertificateDataArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var exampleKeyVault = KeyvaultFunctions.getKeyVault(GetKeyVaultArgs.builder()
            .name("examplekv")
            .resourceGroupName("some-resource-group")
            .build());

        final var exampleCertificateData = KeyvaultFunctions.getCertificateData(GetCertificateDataArgs.builder()
            .name("secret-sauce")
            .keyVaultId(exampleKeyVault.applyValue(getKeyVaultResult -> getKeyVaultResult.id()))
            .build());

        ctx.export("examplePem", exampleCertificateData.applyValue(getCertificateDataResult -> getCertificateDataResult.pem()));
    }
}
import pulumi
import pulumi_azure as azure

example_key_vault = azure.keyvault.get_key_vault(name="examplekv",
    resource_group_name="some-resource-group")
example_certificate_data = azure.keyvault.get_certificate_data(name="secret-sauce",
    key_vault_id=example_key_vault.id)
pulumi.export("examplePem", example_certificate_data.pem)
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const exampleKeyVault = azure.keyvault.getKeyVault({
    name: "examplekv",
    resourceGroupName: "some-resource-group",
});
const exampleCertificateData = exampleKeyVault.then(exampleKeyVault => azure.keyvault.getCertificateData({
    name: "secret-sauce",
    keyVaultId: exampleKeyVault.id,
}));
export const examplePem = exampleCertificateData.then(exampleCertificateData => exampleCertificateData.pem);
variables:
  exampleKeyVault:
    fn::invoke:
      Function: azure:keyvault:getKeyVault
      Arguments:
        name: examplekv
        resourceGroupName: some-resource-group
  exampleCertificateData:
    fn::invoke:
      Function: azure:keyvault:getCertificateData
      Arguments:
        name: secret-sauce
        keyVaultId: ${exampleKeyVault.id}
outputs:
  examplePem: ${exampleCertificateData.pem}

Using getCertificateData

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getCertificateData(args: GetCertificateDataArgs, opts?: InvokeOptions): Promise<GetCertificateDataResult>
function getCertificateDataOutput(args: GetCertificateDataOutputArgs, opts?: InvokeOptions): Output<GetCertificateDataResult>
def get_certificate_data(key_vault_id: Optional[str] = None,
                         name: Optional[str] = None,
                         version: Optional[str] = None,
                         opts: Optional[InvokeOptions] = None) -> GetCertificateDataResult
def get_certificate_data_output(key_vault_id: Optional[pulumi.Input[str]] = None,
                         name: Optional[pulumi.Input[str]] = None,
                         version: Optional[pulumi.Input[str]] = None,
                         opts: Optional[InvokeOptions] = None) -> Output[GetCertificateDataResult]
func GetCertificateData(ctx *Context, args *GetCertificateDataArgs, opts ...InvokeOption) (*GetCertificateDataResult, error)
func GetCertificateDataOutput(ctx *Context, args *GetCertificateDataOutputArgs, opts ...InvokeOption) GetCertificateDataResultOutput

> Note: This function is named GetCertificateData in the Go SDK.

public static class GetCertificateData 
{
    public static Task<GetCertificateDataResult> InvokeAsync(GetCertificateDataArgs args, InvokeOptions? opts = null)
    public static Output<GetCertificateDataResult> Invoke(GetCertificateDataInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetCertificateDataResult> getCertificateData(GetCertificateDataArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: azure:keyvault/getCertificateData:getCertificateData
  arguments:
    # arguments dictionary

The following arguments are supported:

KeyVaultId string

Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.

Name string

Specifies the name of the Key Vault Secret.

Version string

Specifies the version of the certificate to look up. (Defaults to latest)

KeyVaultId string

Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.

Name string

Specifies the name of the Key Vault Secret.

Version string

Specifies the version of the certificate to look up. (Defaults to latest)

keyVaultId String

Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.

name String

Specifies the name of the Key Vault Secret.

version String

Specifies the version of the certificate to look up. (Defaults to latest)

keyVaultId string

Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.

name string

Specifies the name of the Key Vault Secret.

version string

Specifies the version of the certificate to look up. (Defaults to latest)

key_vault_id str

Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.

name str

Specifies the name of the Key Vault Secret.

version str

Specifies the version of the certificate to look up. (Defaults to latest)

keyVaultId String

Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.

name String

Specifies the name of the Key Vault Secret.

version String

Specifies the version of the certificate to look up. (Defaults to latest)

getCertificateData Result

The following output properties are available:

CertificatesCount int

Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).

Expires string

Expiry date of certificate in RFC3339 format.

Hex string

The raw Key Vault Certificate data represented as a hexadecimal string.

Id string

The provider-assigned unique ID for this managed resource.

Key string

The Key Vault Certificate Key.

KeyVaultId string
Name string
NotBefore string

Not Before date of certificate in RFC3339 format.

Pem string

The Key Vault Certificate in PEM format.

Tags Dictionary<string, string>

A mapping of tags to assign to the resource.

Version string
CertificatesCount int

Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).

Expires string

Expiry date of certificate in RFC3339 format.

Hex string

The raw Key Vault Certificate data represented as a hexadecimal string.

Id string

The provider-assigned unique ID for this managed resource.

Key string

The Key Vault Certificate Key.

KeyVaultId string
Name string
NotBefore string

Not Before date of certificate in RFC3339 format.

Pem string

The Key Vault Certificate in PEM format.

Tags map[string]string

A mapping of tags to assign to the resource.

Version string
certificatesCount Integer

Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).

expires String

Expiry date of certificate in RFC3339 format.

hex String

The raw Key Vault Certificate data represented as a hexadecimal string.

id String

The provider-assigned unique ID for this managed resource.

key String

The Key Vault Certificate Key.

keyVaultId String
name String
notBefore String

Not Before date of certificate in RFC3339 format.

pem String

The Key Vault Certificate in PEM format.

tags Map<String,String>

A mapping of tags to assign to the resource.

version String
certificatesCount number

Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).

expires string

Expiry date of certificate in RFC3339 format.

hex string

The raw Key Vault Certificate data represented as a hexadecimal string.

id string

The provider-assigned unique ID for this managed resource.

key string

The Key Vault Certificate Key.

keyVaultId string
name string
notBefore string

Not Before date of certificate in RFC3339 format.

pem string

The Key Vault Certificate in PEM format.

tags {[key: string]: string}

A mapping of tags to assign to the resource.

version string
certificates_count int

Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).

expires str

Expiry date of certificate in RFC3339 format.

hex str

The raw Key Vault Certificate data represented as a hexadecimal string.

id str

The provider-assigned unique ID for this managed resource.

key str

The Key Vault Certificate Key.

key_vault_id str
name str
not_before str

Not Before date of certificate in RFC3339 format.

pem str

The Key Vault Certificate in PEM format.

tags Mapping[str, str]

A mapping of tags to assign to the resource.

version str
certificatesCount Number

Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).

expires String

Expiry date of certificate in RFC3339 format.

hex String

The raw Key Vault Certificate data represented as a hexadecimal string.

id String

The provider-assigned unique ID for this managed resource.

key String

The Key Vault Certificate Key.

keyVaultId String
name String
notBefore String

Not Before date of certificate in RFC3339 format.

pem String

The Key Vault Certificate in PEM format.

tags Map<String>

A mapping of tags to assign to the resource.

version String

Package Details

Repository
Azure Classic pulumi/pulumi-azure
License
Apache-2.0
Notes

This Pulumi package is based on the azurerm Terraform Provider.