We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
Manages a Key Vault Certificate.
Example Usage
Importing a PFX
using System;
using System.IO;
using Pulumi;
using Azure = Pulumi.Azure;
class MyStack : Stack
{
private static string ReadFileBase64(string path) {
return Convert.ToBase64String(Encoding.UTF8.GetBytes(File.ReadAllText(path)))
}
public MyStack()
{
var current = Output.Create(Azure.Core.GetClientConfig.InvokeAsync());
var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new Azure.Core.ResourceGroupArgs
{
Location = "West Europe",
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("exampleKeyVault", new Azure.KeyVault.KeyVaultArgs
{
Location = exampleResourceGroup.Location,
ResourceGroupName = exampleResourceGroup.Name,
TenantId = current.Apply(current => current.TenantId),
SkuName = "premium",
AccessPolicies =
{
new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId = current.Apply(current => current.TenantId),
ObjectId = current.Apply(current => current.ObjectId),
CertificatePermissions =
{
"create",
"delete",
"deleteissuers",
"get",
"getissuers",
"import",
"list",
"listissuers",
"managecontacts",
"manageissuers",
"setissuers",
"update",
},
KeyPermissions =
{
"backup",
"create",
"decrypt",
"delete",
"encrypt",
"get",
"import",
"list",
"purge",
"recover",
"restore",
"sign",
"unwrapKey",
"update",
"verify",
"wrapKey",
},
SecretPermissions =
{
"backup",
"delete",
"get",
"list",
"purge",
"recover",
"restore",
"set",
},
},
},
});
var exampleCertificate = new Azure.KeyVault.Certificate("exampleCertificate", new Azure.KeyVault.CertificateArgs
{
KeyVaultId = exampleKeyVault.Id,
Certificate = new Azure.KeyVault.Inputs.CertificateCertificateArgs
{
Contents = ReadFileBase64("certificate-to-import.pfx"),
Password = "",
},
});
}
}
package main
import (
"encoding/base64"
"io/ioutil"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/keyvault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func filebase64OrPanic(path string) pulumi.StringPtrInput {
if fileData, err := ioutil.ReadFile(path); err == nil {
return pulumi.String(base64.StdEncoding.EncodeToString(fileData[:]))
} else {
panic(err.Error())
}
}
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := core.GetClientConfig(ctx, nil, nil)
if err != nil {
return err
}
exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "exampleKeyVault", &keyvault.KeyVaultArgs{
Location: exampleResourceGroup.Location,
ResourceGroupName: exampleResourceGroup.Name,
TenantId: pulumi.String(current.TenantId),
SkuName: pulumi.String("premium"),
AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
&keyvault.KeyVaultAccessPolicyArgs{
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(current.ObjectId),
CertificatePermissions: pulumi.StringArray{
pulumi.String("create"),
pulumi.String("delete"),
pulumi.String("deleteissuers"),
pulumi.String("get"),
pulumi.String("getissuers"),
pulumi.String("import"),
pulumi.String("list"),
pulumi.String("listissuers"),
pulumi.String("managecontacts"),
pulumi.String("manageissuers"),
pulumi.String("setissuers"),
pulumi.String("update"),
},
KeyPermissions: pulumi.StringArray{
pulumi.String("backup"),
pulumi.String("create"),
pulumi.String("decrypt"),
pulumi.String("delete"),
pulumi.String("encrypt"),
pulumi.String("get"),
pulumi.String("import"),
pulumi.String("list"),
pulumi.String("purge"),
pulumi.String("recover"),
pulumi.String("restore"),
pulumi.String("sign"),
pulumi.String("unwrapKey"),
pulumi.String("update"),
pulumi.String("verify"),
pulumi.String("wrapKey"),
},
SecretPermissions: pulumi.StringArray{
pulumi.String("backup"),
pulumi.String("delete"),
pulumi.String("get"),
pulumi.String("list"),
pulumi.String("purge"),
pulumi.String("recover"),
pulumi.String("restore"),
pulumi.String("set"),
},
},
},
})
if err != nil {
return err
}
_, err = keyvault.NewCertificate(ctx, "exampleCertificate", &keyvault.CertificateArgs{
KeyVaultId: exampleKeyVault.ID(),
Certificate: &keyvault.CertificateCertificateArgs{
Contents: filebase64OrPanic("certificate-to-import.pfx"),
Password: pulumi.String(""),
},
})
if err != nil {
return err
}
return nil
})
}
Example coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * from "fs";
const current = azure.core.getClientConfig({});
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleKeyVault = new azure.keyvault.KeyVault("exampleKeyVault", {
location: exampleResourceGroup.location,
resourceGroupName: exampleResourceGroup.name,
tenantId: current.then(current => current.tenantId),
skuName: "premium",
accessPolicies: [{
tenantId: current.then(current => current.tenantId),
objectId: current.then(current => current.objectId),
certificatePermissions: [
"create",
"delete",
"deleteissuers",
"get",
"getissuers",
"import",
"list",
"listissuers",
"managecontacts",
"manageissuers",
"setissuers",
"update",
],
keyPermissions: [
"backup",
"create",
"decrypt",
"delete",
"encrypt",
"get",
"import",
"list",
"purge",
"recover",
"restore",
"sign",
"unwrapKey",
"update",
"verify",
"wrapKey",
],
secretPermissions: [
"backup",
"delete",
"get",
"list",
"purge",
"recover",
"restore",
"set",
],
}],
});
const exampleCertificate = new azure.keyvault.Certificate("exampleCertificate", {
keyVaultId: exampleKeyVault.id,
certificate: {
contents: Buffer.from(fs.readFileSync("certificate-to-import.pfx"), 'binary').toString('base64'),
password: "",
},
});
import pulumi
import base64
import pulumi_azure as azure
current = azure.core.get_client_config()
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_key_vault = azure.keyvault.KeyVault("exampleKeyVault",
location=example_resource_group.location,
resource_group_name=example_resource_group.name,
tenant_id=current.tenant_id,
sku_name="premium",
access_policies=[azure.keyvault.KeyVaultAccessPolicyArgs(
tenant_id=current.tenant_id,
object_id=current.object_id,
certificate_permissions=[
"create",
"delete",
"deleteissuers",
"get",
"getissuers",
"import",
"list",
"listissuers",
"managecontacts",
"manageissuers",
"setissuers",
"update",
],
key_permissions=[
"backup",
"create",
"decrypt",
"delete",
"encrypt",
"get",
"import",
"list",
"purge",
"recover",
"restore",
"sign",
"unwrapKey",
"update",
"verify",
"wrapKey",
],
secret_permissions=[
"backup",
"delete",
"get",
"list",
"purge",
"recover",
"restore",
"set",
],
)])
example_certificate = azure.keyvault.Certificate("exampleCertificate",
key_vault_id=example_key_vault.id,
certificate=azure.keyvault.CertificateCertificateArgs(
contents=(lambda path: base64.b64encode(open(path).read().encode()).decode())("certificate-to-import.pfx"),
password="",
))
Example coming soon!
Generating a new certificate
using Pulumi;
using Azure = Pulumi.Azure;
class MyStack : Stack
{
public MyStack()
{
var current = Output.Create(Azure.Core.GetClientConfig.InvokeAsync());
var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new Azure.Core.ResourceGroupArgs
{
Location = "West Europe",
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("exampleKeyVault", new Azure.KeyVault.KeyVaultArgs
{
Location = exampleResourceGroup.Location,
ResourceGroupName = exampleResourceGroup.Name,
TenantId = current.Apply(current => current.TenantId),
SkuName = "standard",
SoftDeleteRetentionDays = 7,
AccessPolicies =
{
new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId = current.Apply(current => current.TenantId),
ObjectId = current.Apply(current => current.ObjectId),
CertificatePermissions =
{
"create",
"delete",
"deleteissuers",
"get",
"getissuers",
"import",
"list",
"listissuers",
"managecontacts",
"manageissuers",
"purge",
"setissuers",
"update",
},
KeyPermissions =
{
"backup",
"create",
"decrypt",
"delete",
"encrypt",
"get",
"import",
"list",
"purge",
"recover",
"restore",
"sign",
"unwrapKey",
"update",
"verify",
"wrapKey",
},
SecretPermissions =
{
"backup",
"delete",
"get",
"list",
"purge",
"recover",
"restore",
"set",
},
},
},
});
var exampleCertificate = new Azure.KeyVault.Certificate("exampleCertificate", new Azure.KeyVault.CertificateArgs
{
KeyVaultId = exampleKeyVault.Id,
CertificatePolicy = new Azure.KeyVault.Inputs.CertificateCertificatePolicyArgs
{
IssuerParameters = new Azure.KeyVault.Inputs.CertificateCertificatePolicyIssuerParametersArgs
{
Name = "Self",
},
KeyProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicyKeyPropertiesArgs
{
Exportable = true,
KeySize = 2048,
KeyType = "RSA",
ReuseKey = true,
},
LifetimeActions =
{
new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionArgs
{
Action = new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionActionArgs
{
ActionType = "AutoRenew",
},
Trigger = new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionTriggerArgs
{
DaysBeforeExpiry = 30,
},
},
},
SecretProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicySecretPropertiesArgs
{
ContentType = "application/x-pkcs12",
},
X509CertificateProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicyX509CertificatePropertiesArgs
{
ExtendedKeyUsages =
{
"1.3.6.1.5.5.7.3.1",
},
KeyUsages =
{
"cRLSign",
"dataEncipherment",
"digitalSignature",
"keyAgreement",
"keyCertSign",
"keyEncipherment",
},
SubjectAlternativeNames = new Azure.KeyVault.Inputs.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs
{
DnsNames =
{
"internal.contoso.com",
"domain.hello.world",
},
},
Subject = "CN=hello-world",
ValidityInMonths = 12,
},
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/keyvault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := core.GetClientConfig(ctx, nil, nil)
if err != nil {
return err
}
exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "exampleKeyVault", &keyvault.KeyVaultArgs{
Location: exampleResourceGroup.Location,
ResourceGroupName: exampleResourceGroup.Name,
TenantId: pulumi.String(current.TenantId),
SkuName: pulumi.String("standard"),
SoftDeleteRetentionDays: pulumi.Int(7),
AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
&keyvault.KeyVaultAccessPolicyArgs{
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(current.ObjectId),
CertificatePermissions: pulumi.StringArray{
pulumi.String("create"),
pulumi.String("delete"),
pulumi.String("deleteissuers"),
pulumi.String("get"),
pulumi.String("getissuers"),
pulumi.String("import"),
pulumi.String("list"),
pulumi.String("listissuers"),
pulumi.String("managecontacts"),
pulumi.String("manageissuers"),
pulumi.String("purge"),
pulumi.String("setissuers"),
pulumi.String("update"),
},
KeyPermissions: pulumi.StringArray{
pulumi.String("backup"),
pulumi.String("create"),
pulumi.String("decrypt"),
pulumi.String("delete"),
pulumi.String("encrypt"),
pulumi.String("get"),
pulumi.String("import"),
pulumi.String("list"),
pulumi.String("purge"),
pulumi.String("recover"),
pulumi.String("restore"),
pulumi.String("sign"),
pulumi.String("unwrapKey"),
pulumi.String("update"),
pulumi.String("verify"),
pulumi.String("wrapKey"),
},
SecretPermissions: pulumi.StringArray{
pulumi.String("backup"),
pulumi.String("delete"),
pulumi.String("get"),
pulumi.String("list"),
pulumi.String("purge"),
pulumi.String("recover"),
pulumi.String("restore"),
pulumi.String("set"),
},
},
},
})
if err != nil {
return err
}
_, err = keyvault.NewCertificate(ctx, "exampleCertificate", &keyvault.CertificateArgs{
KeyVaultId: exampleKeyVault.ID(),
CertificatePolicy: &keyvault.CertificateCertificatePolicyArgs{
IssuerParameters: &keyvault.CertificateCertificatePolicyIssuerParametersArgs{
Name: pulumi.String("Self"),
},
KeyProperties: &keyvault.CertificateCertificatePolicyKeyPropertiesArgs{
Exportable: pulumi.Bool(true),
KeySize: pulumi.Int(2048),
KeyType: pulumi.String("RSA"),
ReuseKey: pulumi.Bool(true),
},
LifetimeActions: keyvault.CertificateCertificatePolicyLifetimeActionArray{
&keyvault.CertificateCertificatePolicyLifetimeActionArgs{
Action: &keyvault.CertificateCertificatePolicyLifetimeActionActionArgs{
ActionType: pulumi.String("AutoRenew"),
},
Trigger: &keyvault.CertificateCertificatePolicyLifetimeActionTriggerArgs{
DaysBeforeExpiry: pulumi.Int(30),
},
},
},
SecretProperties: &keyvault.CertificateCertificatePolicySecretPropertiesArgs{
ContentType: pulumi.String("application/x-pkcs12"),
},
X509CertificateProperties: &keyvault.CertificateCertificatePolicyX509CertificatePropertiesArgs{
ExtendedKeyUsages: pulumi.StringArray{
pulumi.String("1.3.6.1.5.5.7.3.1"),
},
KeyUsages: pulumi.StringArray{
pulumi.String("cRLSign"),
pulumi.String("dataEncipherment"),
pulumi.String("digitalSignature"),
pulumi.String("keyAgreement"),
pulumi.String("keyCertSign"),
pulumi.String("keyEncipherment"),
},
SubjectAlternativeNames: &keyvault.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs{
DnsNames: pulumi.StringArray{
pulumi.String("internal.contoso.com"),
pulumi.String("domain.hello.world"),
},
},
Subject: pulumi.String("CN=hello-world"),
ValidityInMonths: pulumi.Int(12),
},
},
})
if err != nil {
return err
}
return nil
})
}
Example coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const current = azure.core.getClientConfig({});
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleKeyVault = new azure.keyvault.KeyVault("exampleKeyVault", {
location: exampleResourceGroup.location,
resourceGroupName: exampleResourceGroup.name,
tenantId: current.then(current => current.tenantId),
skuName: "standard",
softDeleteRetentionDays: 7,
accessPolicies: [{
tenantId: current.then(current => current.tenantId),
objectId: current.then(current => current.objectId),
certificatePermissions: [
"create",
"delete",
"deleteissuers",
"get",
"getissuers",
"import",
"list",
"listissuers",
"managecontacts",
"manageissuers",
"purge",
"setissuers",
"update",
],
keyPermissions: [
"backup",
"create",
"decrypt",
"delete",
"encrypt",
"get",
"import",
"list",
"purge",
"recover",
"restore",
"sign",
"unwrapKey",
"update",
"verify",
"wrapKey",
],
secretPermissions: [
"backup",
"delete",
"get",
"list",
"purge",
"recover",
"restore",
"set",
],
}],
});
const exampleCertificate = new azure.keyvault.Certificate("exampleCertificate", {
keyVaultId: exampleKeyVault.id,
certificatePolicy: {
issuerParameters: {
name: "Self",
},
keyProperties: {
exportable: true,
keySize: 2048,
keyType: "RSA",
reuseKey: true,
},
lifetimeActions: [{
action: {
actionType: "AutoRenew",
},
trigger: {
daysBeforeExpiry: 30,
},
}],
secretProperties: {
contentType: "application/x-pkcs12",
},
x509CertificateProperties: {
extendedKeyUsages: ["1.3.6.1.5.5.7.3.1"],
keyUsages: [
"cRLSign",
"dataEncipherment",
"digitalSignature",
"keyAgreement",
"keyCertSign",
"keyEncipherment",
],
subjectAlternativeNames: {
dnsNames: [
"internal.contoso.com",
"domain.hello.world",
],
},
subject: "CN=hello-world",
validityInMonths: 12,
},
},
});
import pulumi
import pulumi_azure as azure
current = azure.core.get_client_config()
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_key_vault = azure.keyvault.KeyVault("exampleKeyVault",
location=example_resource_group.location,
resource_group_name=example_resource_group.name,
tenant_id=current.tenant_id,
sku_name="standard",
soft_delete_retention_days=7,
access_policies=[azure.keyvault.KeyVaultAccessPolicyArgs(
tenant_id=current.tenant_id,
object_id=current.object_id,
certificate_permissions=[
"create",
"delete",
"deleteissuers",
"get",
"getissuers",
"import",
"list",
"listissuers",
"managecontacts",
"manageissuers",
"purge",
"setissuers",
"update",
],
key_permissions=[
"backup",
"create",
"decrypt",
"delete",
"encrypt",
"get",
"import",
"list",
"purge",
"recover",
"restore",
"sign",
"unwrapKey",
"update",
"verify",
"wrapKey",
],
secret_permissions=[
"backup",
"delete",
"get",
"list",
"purge",
"recover",
"restore",
"set",
],
)])
example_certificate = azure.keyvault.Certificate("exampleCertificate",
key_vault_id=example_key_vault.id,
certificate_policy=azure.keyvault.CertificateCertificatePolicyArgs(
issuer_parameters=azure.keyvault.CertificateCertificatePolicyIssuerParametersArgs(
name="Self",
),
key_properties=azure.keyvault.CertificateCertificatePolicyKeyPropertiesArgs(
exportable=True,
key_size=2048,
key_type="RSA",
reuse_key=True,
),
lifetime_actions=[azure.keyvault.CertificateCertificatePolicyLifetimeActionArgs(
action=azure.keyvault.CertificateCertificatePolicyLifetimeActionActionArgs(
action_type="AutoRenew",
),
trigger=azure.keyvault.CertificateCertificatePolicyLifetimeActionTriggerArgs(
days_before_expiry=30,
),
)],
secret_properties=azure.keyvault.CertificateCertificatePolicySecretPropertiesArgs(
content_type="application/x-pkcs12",
),
x509_certificate_properties=azure.keyvault.CertificateCertificatePolicyX509CertificatePropertiesArgs(
extended_key_usages=["1.3.6.1.5.5.7.3.1"],
key_usages=[
"cRLSign",
"dataEncipherment",
"digitalSignature",
"keyAgreement",
"keyCertSign",
"keyEncipherment",
],
subject_alternative_names=azure.keyvault.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs(
dns_names=[
"internal.contoso.com",
"domain.hello.world",
],
),
subject="CN=hello-world",
validity_in_months=12,
),
))
Example coming soon!
Create Certificate Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Certificate(name: string, args: CertificateArgs, opts?: CustomResourceOptions);@overload
def Certificate(resource_name: str,
args: CertificateArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Certificate(resource_name: str,
opts: Optional[ResourceOptions] = None,
key_vault_id: Optional[str] = None,
certificate: Optional[CertificateCertificateArgs] = None,
certificate_policy: Optional[CertificateCertificatePolicyArgs] = None,
name: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)func NewCertificate(ctx *Context, name string, args CertificateArgs, opts ...ResourceOption) (*Certificate, error)public Certificate(string name, CertificateArgs args, CustomResourceOptions? opts = null)
public Certificate(String name, CertificateArgs args)
public Certificate(String name, CertificateArgs args, CustomResourceOptions options)
type: azure:keyvault:Certificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var examplecertificateResourceResourceFromKeyvaultcertificate = new Azure.KeyVault.Certificate("examplecertificateResourceResourceFromKeyvaultcertificate", new()
{
KeyVaultId = "string",
KeyVaultCertificate = new Azure.KeyVault.Inputs.CertificateCertificateArgs
{
Contents = "string",
Password = "string",
},
CertificatePolicy = new Azure.KeyVault.Inputs.CertificateCertificatePolicyArgs
{
IssuerParameters = new Azure.KeyVault.Inputs.CertificateCertificatePolicyIssuerParametersArgs
{
Name = "string",
},
KeyProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicyKeyPropertiesArgs
{
Exportable = false,
KeyType = "string",
ReuseKey = false,
Curve = "string",
KeySize = 0,
},
SecretProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicySecretPropertiesArgs
{
ContentType = "string",
},
LifetimeActions = new[]
{
new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionArgs
{
Action = new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionActionArgs
{
ActionType = "string",
},
Trigger = new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionTriggerArgs
{
DaysBeforeExpiry = 0,
LifetimePercentage = 0,
},
},
},
X509CertificateProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicyX509CertificatePropertiesArgs
{
KeyUsages = new[]
{
"string",
},
Subject = "string",
ValidityInMonths = 0,
ExtendedKeyUsages = new[]
{
"string",
},
SubjectAlternativeNames = new Azure.KeyVault.Inputs.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs
{
DnsNames = new[]
{
"string",
},
Emails = new[]
{
"string",
},
Upns = new[]
{
"string",
},
},
},
},
Name = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := keyvault.NewCertificate(ctx, "examplecertificateResourceResourceFromKeyvaultcertificate", &keyvault.CertificateArgs{
KeyVaultId: pulumi.String("string"),
Certificate: &keyvault.CertificateCertificateArgs{
Contents: pulumi.String("string"),
Password: pulumi.String("string"),
},
CertificatePolicy: &keyvault.CertificateCertificatePolicyArgs{
IssuerParameters: &keyvault.CertificateCertificatePolicyIssuerParametersArgs{
Name: pulumi.String("string"),
},
KeyProperties: &keyvault.CertificateCertificatePolicyKeyPropertiesArgs{
Exportable: pulumi.Bool(false),
KeyType: pulumi.String("string"),
ReuseKey: pulumi.Bool(false),
Curve: pulumi.String("string"),
KeySize: pulumi.Int(0),
},
SecretProperties: &keyvault.CertificateCertificatePolicySecretPropertiesArgs{
ContentType: pulumi.String("string"),
},
LifetimeActions: keyvault.CertificateCertificatePolicyLifetimeActionArray{
&keyvault.CertificateCertificatePolicyLifetimeActionArgs{
Action: &keyvault.CertificateCertificatePolicyLifetimeActionActionArgs{
ActionType: pulumi.String("string"),
},
Trigger: &keyvault.CertificateCertificatePolicyLifetimeActionTriggerArgs{
DaysBeforeExpiry: pulumi.Int(0),
LifetimePercentage: pulumi.Int(0),
},
},
},
X509CertificateProperties: &keyvault.CertificateCertificatePolicyX509CertificatePropertiesArgs{
KeyUsages: pulumi.StringArray{
pulumi.String("string"),
},
Subject: pulumi.String("string"),
ValidityInMonths: pulumi.Int(0),
ExtendedKeyUsages: pulumi.StringArray{
pulumi.String("string"),
},
SubjectAlternativeNames: &keyvault.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs{
DnsNames: pulumi.StringArray{
pulumi.String("string"),
},
Emails: pulumi.StringArray{
pulumi.String("string"),
},
Upns: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
Name: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var examplecertificateResourceResourceFromKeyvaultcertificate = new com.pulumi.azure.keyvault.Certificate("examplecertificateResourceResourceFromKeyvaultcertificate", com.pulumi.azure.keyvault.CertificateArgs.builder()
.keyVaultId("string")
.certificate(CertificateCertificateArgs.builder()
.contents("string")
.password("string")
.build())
.certificatePolicy(CertificateCertificatePolicyArgs.builder()
.issuerParameters(CertificateCertificatePolicyIssuerParametersArgs.builder()
.name("string")
.build())
.keyProperties(CertificateCertificatePolicyKeyPropertiesArgs.builder()
.exportable(false)
.keyType("string")
.reuseKey(false)
.curve("string")
.keySize(0)
.build())
.secretProperties(CertificateCertificatePolicySecretPropertiesArgs.builder()
.contentType("string")
.build())
.lifetimeActions(CertificateCertificatePolicyLifetimeActionArgs.builder()
.action(CertificateCertificatePolicyLifetimeActionActionArgs.builder()
.actionType("string")
.build())
.trigger(CertificateCertificatePolicyLifetimeActionTriggerArgs.builder()
.daysBeforeExpiry(0)
.lifetimePercentage(0)
.build())
.build())
.x509CertificateProperties(CertificateCertificatePolicyX509CertificatePropertiesArgs.builder()
.keyUsages("string")
.subject("string")
.validityInMonths(0)
.extendedKeyUsages("string")
.subjectAlternativeNames(CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs.builder()
.dnsNames("string")
.emails("string")
.upns("string")
.build())
.build())
.build())
.name("string")
.tags(Map.of("string", "string"))
.build());
examplecertificate_resource_resource_from_keyvaultcertificate = azure.keyvault.Certificate("examplecertificateResourceResourceFromKeyvaultcertificate",
key_vault_id="string",
certificate={
"contents": "string",
"password": "string",
},
certificate_policy={
"issuer_parameters": {
"name": "string",
},
"key_properties": {
"exportable": False,
"key_type": "string",
"reuse_key": False,
"curve": "string",
"key_size": 0,
},
"secret_properties": {
"content_type": "string",
},
"lifetime_actions": [{
"action": {
"action_type": "string",
},
"trigger": {
"days_before_expiry": 0,
"lifetime_percentage": 0,
},
}],
"x509_certificate_properties": {
"key_usages": ["string"],
"subject": "string",
"validity_in_months": 0,
"extended_key_usages": ["string"],
"subject_alternative_names": {
"dns_names": ["string"],
"emails": ["string"],
"upns": ["string"],
},
},
},
name="string",
tags={
"string": "string",
})
const examplecertificateResourceResourceFromKeyvaultcertificate = new azure.keyvault.Certificate("examplecertificateResourceResourceFromKeyvaultcertificate", {
keyVaultId: "string",
certificate: {
contents: "string",
password: "string",
},
certificatePolicy: {
issuerParameters: {
name: "string",
},
keyProperties: {
exportable: false,
keyType: "string",
reuseKey: false,
curve: "string",
keySize: 0,
},
secretProperties: {
contentType: "string",
},
lifetimeActions: [{
action: {
actionType: "string",
},
trigger: {
daysBeforeExpiry: 0,
lifetimePercentage: 0,
},
}],
x509CertificateProperties: {
keyUsages: ["string"],
subject: "string",
validityInMonths: 0,
extendedKeyUsages: ["string"],
subjectAlternativeNames: {
dnsNames: ["string"],
emails: ["string"],
upns: ["string"],
},
},
},
name: "string",
tags: {
string: "string",
},
});
type: azure:keyvault:Certificate
properties:
certificate:
contents: string
password: string
certificatePolicy:
issuerParameters:
name: string
keyProperties:
curve: string
exportable: false
keySize: 0
keyType: string
reuseKey: false
lifetimeActions:
- action:
actionType: string
trigger:
daysBeforeExpiry: 0
lifetimePercentage: 0
secretProperties:
contentType: string
x509CertificateProperties:
extendedKeyUsages:
- string
keyUsages:
- string
subject: string
subjectAlternativeNames:
dnsNames:
- string
emails:
- string
upns:
- string
validityInMonths: 0
keyVaultId: string
name: string
tags:
string: string
Certificate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Certificate resource accepts the following input properties:
- Key
Vault stringId - The ID of the Key Vault where the Certificate should be created.
- Certificate
Policy CertificateCertificate Policy - A
certificate_policyblock as defined below. - Key
Vault CertificateCertificate Certificate - A
certificateblock as defined below, used to Import an existing certificate. - Name string
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- Dictionary<string, string>
- A mapping of tags to assign to the resource.
- Key
Vault stringId - The ID of the Key Vault where the Certificate should be created.
- Certificate
Certificate
Certificate Args - A
certificateblock as defined below, used to Import an existing certificate. - Certificate
Policy CertificateCertificate Policy Args - A
certificate_policyblock as defined below. - Name string
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- map[string]string
- A mapping of tags to assign to the resource.
- key
Vault StringId - The ID of the Key Vault where the Certificate should be created.
- certificate
Certificate
Certificate - A
certificateblock as defined below, used to Import an existing certificate. - certificate
Policy CertificateCertificate Policy - A
certificate_policyblock as defined below. - name String
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- Map<String,String>
- A mapping of tags to assign to the resource.
- key
Vault stringId - The ID of the Key Vault where the Certificate should be created.
- certificate
Certificate
Certificate - A
certificateblock as defined below, used to Import an existing certificate. - certificate
Policy CertificateCertificate Policy - A
certificate_policyblock as defined below. - name string
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- {[key: string]: string}
- A mapping of tags to assign to the resource.
- key_
vault_ strid - The ID of the Key Vault where the Certificate should be created.
- certificate
Certificate
Certificate Args - A
certificateblock as defined below, used to Import an existing certificate. - certificate_
policy CertificateCertificate Policy Args - A
certificate_policyblock as defined below. - name str
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- Mapping[str, str]
- A mapping of tags to assign to the resource.
- key
Vault StringId - The ID of the Key Vault where the Certificate should be created.
- certificate Property Map
- A
certificateblock as defined below, used to Import an existing certificate. - certificate
Policy Property Map - A
certificate_policyblock as defined below. - name String
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- Map<String>
- A mapping of tags to assign to the resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:
- Certificate
Attributes List<CertificateCertificate Attribute> - A
certificate_attributeblock as defined below. - Certificate
Data string - The raw Key Vault Certificate data represented as a hexadecimal string.
- Certificate
Data stringBase64 - The Base64 encoded Key Vault Certificate data.
- Id string
- The provider-assigned unique ID for this managed resource.
- Secret
Id string - The ID of the associated Key Vault Secret.
- Thumbprint string
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- Version string
- The current version of the Key Vault Certificate.
- Versionless
Id string - The Base ID of the Key Vault Certificate.
- Versionless
Secret stringId - The Base ID of the Key Vault Secret.
- Certificate
Attributes []CertificateCertificate Attribute - A
certificate_attributeblock as defined below. - Certificate
Data string - The raw Key Vault Certificate data represented as a hexadecimal string.
- Certificate
Data stringBase64 - The Base64 encoded Key Vault Certificate data.
- Id string
- The provider-assigned unique ID for this managed resource.
- Secret
Id string - The ID of the associated Key Vault Secret.
- Thumbprint string
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- Version string
- The current version of the Key Vault Certificate.
- Versionless
Id string - The Base ID of the Key Vault Certificate.
- Versionless
Secret stringId - The Base ID of the Key Vault Secret.
- certificate
Attributes List<CertificateCertificate Attribute> - A
certificate_attributeblock as defined below. - certificate
Data String - The raw Key Vault Certificate data represented as a hexadecimal string.
- certificate
Data StringBase64 - The Base64 encoded Key Vault Certificate data.
- id String
- The provider-assigned unique ID for this managed resource.
- secret
Id String - The ID of the associated Key Vault Secret.
- thumbprint String
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- version String
- The current version of the Key Vault Certificate.
- versionless
Id String - The Base ID of the Key Vault Certificate.
- versionless
Secret StringId - The Base ID of the Key Vault Secret.
- certificate
Attributes CertificateCertificate Attribute[] - A
certificate_attributeblock as defined below. - certificate
Data string - The raw Key Vault Certificate data represented as a hexadecimal string.
- certificate
Data stringBase64 - The Base64 encoded Key Vault Certificate data.
- id string
- The provider-assigned unique ID for this managed resource.
- secret
Id string - The ID of the associated Key Vault Secret.
- thumbprint string
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- version string
- The current version of the Key Vault Certificate.
- versionless
Id string - The Base ID of the Key Vault Certificate.
- versionless
Secret stringId - The Base ID of the Key Vault Secret.
- certificate_
attributes Sequence[CertificateCertificate Attribute] - A
certificate_attributeblock as defined below. - certificate_
data str - The raw Key Vault Certificate data represented as a hexadecimal string.
- certificate_
data_ strbase64 - The Base64 encoded Key Vault Certificate data.
- id str
- The provider-assigned unique ID for this managed resource.
- secret_
id str - The ID of the associated Key Vault Secret.
- thumbprint str
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- version str
- The current version of the Key Vault Certificate.
- versionless_
id str - The Base ID of the Key Vault Certificate.
- versionless_
secret_ strid - The Base ID of the Key Vault Secret.
- certificate
Attributes List<Property Map> - A
certificate_attributeblock as defined below. - certificate
Data String - The raw Key Vault Certificate data represented as a hexadecimal string.
- certificate
Data StringBase64 - The Base64 encoded Key Vault Certificate data.
- id String
- The provider-assigned unique ID for this managed resource.
- secret
Id String - The ID of the associated Key Vault Secret.
- thumbprint String
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- version String
- The current version of the Key Vault Certificate.
- versionless
Id String - The Base ID of the Key Vault Certificate.
- versionless
Secret StringId - The Base ID of the Key Vault Secret.
Look up Existing Certificate Resource
Get an existing Certificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CertificateState, opts?: CustomResourceOptions): Certificate@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
certificate: Optional[CertificateCertificateArgs] = None,
certificate_attributes: Optional[Sequence[CertificateCertificateAttributeArgs]] = None,
certificate_data: Optional[str] = None,
certificate_data_base64: Optional[str] = None,
certificate_policy: Optional[CertificateCertificatePolicyArgs] = None,
key_vault_id: Optional[str] = None,
name: Optional[str] = None,
secret_id: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
thumbprint: Optional[str] = None,
version: Optional[str] = None,
versionless_id: Optional[str] = None,
versionless_secret_id: Optional[str] = None) -> Certificatefunc GetCertificate(ctx *Context, name string, id IDInput, state *CertificateState, opts ...ResourceOption) (*Certificate, error)public static Certificate Get(string name, Input<string> id, CertificateState? state, CustomResourceOptions? opts = null)public static Certificate get(String name, Output<String> id, CertificateState state, CustomResourceOptions options)resources: _: type: azure:keyvault:Certificate get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Certificate
Attributes List<CertificateCertificate Attribute> - A
certificate_attributeblock as defined below. - Certificate
Data string - The raw Key Vault Certificate data represented as a hexadecimal string.
- Certificate
Data stringBase64 - The Base64 encoded Key Vault Certificate data.
- Certificate
Policy CertificateCertificate Policy - A
certificate_policyblock as defined below. - Key
Vault CertificateCertificate Certificate - A
certificateblock as defined below, used to Import an existing certificate. - Key
Vault stringId - The ID of the Key Vault where the Certificate should be created.
- Name string
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- Secret
Id string - The ID of the associated Key Vault Secret.
- Dictionary<string, string>
- A mapping of tags to assign to the resource.
- Thumbprint string
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- Version string
- The current version of the Key Vault Certificate.
- Versionless
Id string - The Base ID of the Key Vault Certificate.
- Versionless
Secret stringId - The Base ID of the Key Vault Secret.
- Certificate
Certificate
Certificate Args - A
certificateblock as defined below, used to Import an existing certificate. - Certificate
Attributes []CertificateCertificate Attribute Args - A
certificate_attributeblock as defined below. - Certificate
Data string - The raw Key Vault Certificate data represented as a hexadecimal string.
- Certificate
Data stringBase64 - The Base64 encoded Key Vault Certificate data.
- Certificate
Policy CertificateCertificate Policy Args - A
certificate_policyblock as defined below. - Key
Vault stringId - The ID of the Key Vault where the Certificate should be created.
- Name string
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- Secret
Id string - The ID of the associated Key Vault Secret.
- map[string]string
- A mapping of tags to assign to the resource.
- Thumbprint string
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- Version string
- The current version of the Key Vault Certificate.
- Versionless
Id string - The Base ID of the Key Vault Certificate.
- Versionless
Secret stringId - The Base ID of the Key Vault Secret.
- certificate
Certificate
Certificate - A
certificateblock as defined below, used to Import an existing certificate. - certificate
Attributes List<CertificateCertificate Attribute> - A
certificate_attributeblock as defined below. - certificate
Data String - The raw Key Vault Certificate data represented as a hexadecimal string.
- certificate
Data StringBase64 - The Base64 encoded Key Vault Certificate data.
- certificate
Policy CertificateCertificate Policy - A
certificate_policyblock as defined below. - key
Vault StringId - The ID of the Key Vault where the Certificate should be created.
- name String
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- secret
Id String - The ID of the associated Key Vault Secret.
- Map<String,String>
- A mapping of tags to assign to the resource.
- thumbprint String
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- version String
- The current version of the Key Vault Certificate.
- versionless
Id String - The Base ID of the Key Vault Certificate.
- versionless
Secret StringId - The Base ID of the Key Vault Secret.
- certificate
Certificate
Certificate - A
certificateblock as defined below, used to Import an existing certificate. - certificate
Attributes CertificateCertificate Attribute[] - A
certificate_attributeblock as defined below. - certificate
Data string - The raw Key Vault Certificate data represented as a hexadecimal string.
- certificate
Data stringBase64 - The Base64 encoded Key Vault Certificate data.
- certificate
Policy CertificateCertificate Policy - A
certificate_policyblock as defined below. - key
Vault stringId - The ID of the Key Vault where the Certificate should be created.
- name string
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- secret
Id string - The ID of the associated Key Vault Secret.
- {[key: string]: string}
- A mapping of tags to assign to the resource.
- thumbprint string
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- version string
- The current version of the Key Vault Certificate.
- versionless
Id string - The Base ID of the Key Vault Certificate.
- versionless
Secret stringId - The Base ID of the Key Vault Secret.
- certificate
Certificate
Certificate Args - A
certificateblock as defined below, used to Import an existing certificate. - certificate_
attributes Sequence[CertificateCertificate Attribute Args] - A
certificate_attributeblock as defined below. - certificate_
data str - The raw Key Vault Certificate data represented as a hexadecimal string.
- certificate_
data_ strbase64 - The Base64 encoded Key Vault Certificate data.
- certificate_
policy CertificateCertificate Policy Args - A
certificate_policyblock as defined below. - key_
vault_ strid - The ID of the Key Vault where the Certificate should be created.
- name str
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- secret_
id str - The ID of the associated Key Vault Secret.
- Mapping[str, str]
- A mapping of tags to assign to the resource.
- thumbprint str
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- version str
- The current version of the Key Vault Certificate.
- versionless_
id str - The Base ID of the Key Vault Certificate.
- versionless_
secret_ strid - The Base ID of the Key Vault Secret.
- certificate Property Map
- A
certificateblock as defined below, used to Import an existing certificate. - certificate
Attributes List<Property Map> - A
certificate_attributeblock as defined below. - certificate
Data String - The raw Key Vault Certificate data represented as a hexadecimal string.
- certificate
Data StringBase64 - The Base64 encoded Key Vault Certificate data.
- certificate
Policy Property Map - A
certificate_policyblock as defined below. - key
Vault StringId - The ID of the Key Vault where the Certificate should be created.
- name String
- Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created.
- secret
Id String - The ID of the associated Key Vault Secret.
- Map<String>
- A mapping of tags to assign to the resource.
- thumbprint String
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string.
- version String
- The current version of the Key Vault Certificate.
- versionless
Id String - The Base ID of the Key Vault Certificate.
- versionless
Secret StringId - The Base ID of the Key Vault Secret.
Supporting Types
CertificateCertificate, CertificateCertificateArgs
CertificateCertificateAttribute, CertificateCertificateAttributeArgs
- Created string
- The create time of the Key Vault Certificate.
- Enabled bool
- whether the Key Vault Certificate is enabled.
- Expires string
- The expires time of the Key Vault Certificate.
- Not
Before string - The not before valid time of the Key Vault Certificate.
- Recovery
Level string - The deletion recovery level of the Key Vault Certificate.
- Updated string
- The recent update time of the Key Vault Certificate.
- Created string
- The create time of the Key Vault Certificate.
- Enabled bool
- whether the Key Vault Certificate is enabled.
- Expires string
- The expires time of the Key Vault Certificate.
- Not
Before string - The not before valid time of the Key Vault Certificate.
- Recovery
Level string - The deletion recovery level of the Key Vault Certificate.
- Updated string
- The recent update time of the Key Vault Certificate.
- created String
- The create time of the Key Vault Certificate.
- enabled Boolean
- whether the Key Vault Certificate is enabled.
- expires String
- The expires time of the Key Vault Certificate.
- not
Before String - The not before valid time of the Key Vault Certificate.
- recovery
Level String - The deletion recovery level of the Key Vault Certificate.
- updated String
- The recent update time of the Key Vault Certificate.
- created string
- The create time of the Key Vault Certificate.
- enabled boolean
- whether the Key Vault Certificate is enabled.
- expires string
- The expires time of the Key Vault Certificate.
- not
Before string - The not before valid time of the Key Vault Certificate.
- recovery
Level string - The deletion recovery level of the Key Vault Certificate.
- updated string
- The recent update time of the Key Vault Certificate.
- created str
- The create time of the Key Vault Certificate.
- enabled bool
- whether the Key Vault Certificate is enabled.
- expires str
- The expires time of the Key Vault Certificate.
- not_
before str - The not before valid time of the Key Vault Certificate.
- recovery_
level str - The deletion recovery level of the Key Vault Certificate.
- updated str
- The recent update time of the Key Vault Certificate.
- created String
- The create time of the Key Vault Certificate.
- enabled Boolean
- whether the Key Vault Certificate is enabled.
- expires String
- The expires time of the Key Vault Certificate.
- not
Before String - The not before valid time of the Key Vault Certificate.
- recovery
Level String - The deletion recovery level of the Key Vault Certificate.
- updated String
- The recent update time of the Key Vault Certificate.
CertificateCertificatePolicy, CertificateCertificatePolicyArgs
- Issuer
Parameters CertificateCertificate Policy Issuer Parameters - A
issuer_parametersblock as defined below. - Key
Properties CertificateCertificate Policy Key Properties - A
key_propertiesblock as defined below. - Secret
Properties CertificateCertificate Policy Secret Properties - A
secret_propertiesblock as defined below. - Lifetime
Actions List<CertificateCertificate Policy Lifetime Action> - A
lifetime_actionblock as defined below. - X509Certificate
Properties CertificateCertificate Policy X509Certificate Properties - A
x509_certificate_propertiesblock as defined below. Required whencertificateblock is not specified.
- Issuer
Parameters CertificateCertificate Policy Issuer Parameters - A
issuer_parametersblock as defined below. - Key
Properties CertificateCertificate Policy Key Properties - A
key_propertiesblock as defined below. - Secret
Properties CertificateCertificate Policy Secret Properties - A
secret_propertiesblock as defined below. - Lifetime
Actions []CertificateCertificate Policy Lifetime Action - A
lifetime_actionblock as defined below. - X509Certificate
Properties CertificateCertificate Policy X509Certificate Properties - A
x509_certificate_propertiesblock as defined below. Required whencertificateblock is not specified.
- issuer
Parameters CertificateCertificate Policy Issuer Parameters - A
issuer_parametersblock as defined below. - key
Properties CertificateCertificate Policy Key Properties - A
key_propertiesblock as defined below. - secret
Properties CertificateCertificate Policy Secret Properties - A
secret_propertiesblock as defined below. - lifetime
Actions List<CertificateCertificate Policy Lifetime Action> - A
lifetime_actionblock as defined below. - x509Certificate
Properties CertificateCertificate Policy X509Certificate Properties - A
x509_certificate_propertiesblock as defined below. Required whencertificateblock is not specified.
- issuer
Parameters CertificateCertificate Policy Issuer Parameters - A
issuer_parametersblock as defined below. - key
Properties CertificateCertificate Policy Key Properties - A
key_propertiesblock as defined below. - secret
Properties CertificateCertificate Policy Secret Properties - A
secret_propertiesblock as defined below. - lifetime
Actions CertificateCertificate Policy Lifetime Action[] - A
lifetime_actionblock as defined below. - x509Certificate
Properties CertificateCertificate Policy X509Certificate Properties - A
x509_certificate_propertiesblock as defined below. Required whencertificateblock is not specified.
- issuer_
parameters CertificateCertificate Policy Issuer Parameters - A
issuer_parametersblock as defined below. - key_
properties CertificateCertificate Policy Key Properties - A
key_propertiesblock as defined below. - secret_
properties CertificateCertificate Policy Secret Properties - A
secret_propertiesblock as defined below. - lifetime_
actions Sequence[CertificateCertificate Policy Lifetime Action] - A
lifetime_actionblock as defined below. - x509_
certificate_ Certificateproperties Certificate Policy X509Certificate Properties - A
x509_certificate_propertiesblock as defined below. Required whencertificateblock is not specified.
- issuer
Parameters Property Map - A
issuer_parametersblock as defined below. - key
Properties Property Map - A
key_propertiesblock as defined below. - secret
Properties Property Map - A
secret_propertiesblock as defined below. - lifetime
Actions List<Property Map> - A
lifetime_actionblock as defined below. - x509Certificate
Properties Property Map - A
x509_certificate_propertiesblock as defined below. Required whencertificateblock is not specified.
CertificateCertificatePolicyIssuerParameters, CertificateCertificatePolicyIssuerParametersArgs
- Name string
- The name of the Certificate Issuer. Possible values include
Self(for self-signed certificate), orUnknown(for a certificate issuing authority likeLet's Encryptand Azure direct supported ones). Changing this forces a new resource to be created.
- Name string
- The name of the Certificate Issuer. Possible values include
Self(for self-signed certificate), orUnknown(for a certificate issuing authority likeLet's Encryptand Azure direct supported ones). Changing this forces a new resource to be created.
- name String
- The name of the Certificate Issuer. Possible values include
Self(for self-signed certificate), orUnknown(for a certificate issuing authority likeLet's Encryptand Azure direct supported ones). Changing this forces a new resource to be created.
- name string
- The name of the Certificate Issuer. Possible values include
Self(for self-signed certificate), orUnknown(for a certificate issuing authority likeLet's Encryptand Azure direct supported ones). Changing this forces a new resource to be created.
- name str
- The name of the Certificate Issuer. Possible values include
Self(for self-signed certificate), orUnknown(for a certificate issuing authority likeLet's Encryptand Azure direct supported ones). Changing this forces a new resource to be created.
- name String
- The name of the Certificate Issuer. Possible values include
Self(for self-signed certificate), orUnknown(for a certificate issuing authority likeLet's Encryptand Azure direct supported ones). Changing this forces a new resource to be created.
CertificateCertificatePolicyKeyProperties, CertificateCertificatePolicyKeyPropertiesArgs
- Exportable bool
- Is this certificate exportable? Changing this forces a new resource to be created.
- Key
Type string - Specifies the type of key, such as
RSAorEC. Changing this forces a new resource to be created. - Reuse
Key bool - Is the key reusable? Changing this forces a new resource to be created.
- Curve string
- Specifies the curve to use when creating an
ECkey. Possible values areP-256,P-256K,P-384, andP-521. This field will be required in a future release ifkey_typeisECorEC-HSM. Changing this forces a new resource to be created. - Key
Size int - The size of the key used in the certificate. Possible values include
2048,3072, and4096forRSAkeys, or256,384, and521forECkeys. This property is required when using RSA keys. Changing this forces a new resource to be created.
- Exportable bool
- Is this certificate exportable? Changing this forces a new resource to be created.
- Key
Type string - Specifies the type of key, such as
RSAorEC. Changing this forces a new resource to be created. - Reuse
Key bool - Is the key reusable? Changing this forces a new resource to be created.
- Curve string
- Specifies the curve to use when creating an
ECkey. Possible values areP-256,P-256K,P-384, andP-521. This field will be required in a future release ifkey_typeisECorEC-HSM. Changing this forces a new resource to be created. - Key
Size int - The size of the key used in the certificate. Possible values include
2048,3072, and4096forRSAkeys, or256,384, and521forECkeys. This property is required when using RSA keys. Changing this forces a new resource to be created.
- exportable Boolean
- Is this certificate exportable? Changing this forces a new resource to be created.
- key
Type String - Specifies the type of key, such as
RSAorEC. Changing this forces a new resource to be created. - reuse
Key Boolean - Is the key reusable? Changing this forces a new resource to be created.
- curve String
- Specifies the curve to use when creating an
ECkey. Possible values areP-256,P-256K,P-384, andP-521. This field will be required in a future release ifkey_typeisECorEC-HSM. Changing this forces a new resource to be created. - key
Size Integer - The size of the key used in the certificate. Possible values include
2048,3072, and4096forRSAkeys, or256,384, and521forECkeys. This property is required when using RSA keys. Changing this forces a new resource to be created.
- exportable boolean
- Is this certificate exportable? Changing this forces a new resource to be created.
- key
Type string - Specifies the type of key, such as
RSAorEC. Changing this forces a new resource to be created. - reuse
Key boolean - Is the key reusable? Changing this forces a new resource to be created.
- curve string
- Specifies the curve to use when creating an
ECkey. Possible values areP-256,P-256K,P-384, andP-521. This field will be required in a future release ifkey_typeisECorEC-HSM. Changing this forces a new resource to be created. - key
Size number - The size of the key used in the certificate. Possible values include
2048,3072, and4096forRSAkeys, or256,384, and521forECkeys. This property is required when using RSA keys. Changing this forces a new resource to be created.
- exportable bool
- Is this certificate exportable? Changing this forces a new resource to be created.
- key_
type str - Specifies the type of key, such as
RSAorEC. Changing this forces a new resource to be created. - reuse_
key bool - Is the key reusable? Changing this forces a new resource to be created.
- curve str
- Specifies the curve to use when creating an
ECkey. Possible values areP-256,P-256K,P-384, andP-521. This field will be required in a future release ifkey_typeisECorEC-HSM. Changing this forces a new resource to be created. - key_
size int - The size of the key used in the certificate. Possible values include
2048,3072, and4096forRSAkeys, or256,384, and521forECkeys. This property is required when using RSA keys. Changing this forces a new resource to be created.
- exportable Boolean
- Is this certificate exportable? Changing this forces a new resource to be created.
- key
Type String - Specifies the type of key, such as
RSAorEC. Changing this forces a new resource to be created. - reuse
Key Boolean - Is the key reusable? Changing this forces a new resource to be created.
- curve String
- Specifies the curve to use when creating an
ECkey. Possible values areP-256,P-256K,P-384, andP-521. This field will be required in a future release ifkey_typeisECorEC-HSM. Changing this forces a new resource to be created. - key
Size Number - The size of the key used in the certificate. Possible values include
2048,3072, and4096forRSAkeys, or256,384, and521forECkeys. This property is required when using RSA keys. Changing this forces a new resource to be created.
CertificateCertificatePolicyLifetimeAction, CertificateCertificatePolicyLifetimeActionArgs
- Action
Certificate
Certificate Policy Lifetime Action Action - A
actionblock as defined below. - Trigger
Certificate
Certificate Policy Lifetime Action Trigger - A
triggerblock as defined below.
- Action
Certificate
Certificate Policy Lifetime Action Action - A
actionblock as defined below. - Trigger
Certificate
Certificate Policy Lifetime Action Trigger - A
triggerblock as defined below.
- action
Certificate
Certificate Policy Lifetime Action Action - A
actionblock as defined below. - trigger
Certificate
Certificate Policy Lifetime Action Trigger - A
triggerblock as defined below.
- action
Certificate
Certificate Policy Lifetime Action Action - A
actionblock as defined below. - trigger
Certificate
Certificate Policy Lifetime Action Trigger - A
triggerblock as defined below.
- action
Certificate
Certificate Policy Lifetime Action Action - A
actionblock as defined below. - trigger
Certificate
Certificate Policy Lifetime Action Trigger - A
triggerblock as defined below.
- action Property Map
- A
actionblock as defined below. - trigger Property Map
- A
triggerblock as defined below.
CertificateCertificatePolicyLifetimeActionAction, CertificateCertificatePolicyLifetimeActionActionArgs
- Action
Type string - The Type of action to be performed when the lifetime trigger is triggerec. Possible values include
AutoRenewandEmailContacts. Changing this forces a new resource to be created.
- Action
Type string - The Type of action to be performed when the lifetime trigger is triggerec. Possible values include
AutoRenewandEmailContacts. Changing this forces a new resource to be created.
- action
Type String - The Type of action to be performed when the lifetime trigger is triggerec. Possible values include
AutoRenewandEmailContacts. Changing this forces a new resource to be created.
- action
Type string - The Type of action to be performed when the lifetime trigger is triggerec. Possible values include
AutoRenewandEmailContacts. Changing this forces a new resource to be created.
- action_
type str - The Type of action to be performed when the lifetime trigger is triggerec. Possible values include
AutoRenewandEmailContacts. Changing this forces a new resource to be created.
- action
Type String - The Type of action to be performed when the lifetime trigger is triggerec. Possible values include
AutoRenewandEmailContacts. Changing this forces a new resource to be created.
CertificateCertificatePolicyLifetimeActionTrigger, CertificateCertificatePolicyLifetimeActionTriggerArgs
- Days
Before intExpiry - The number of days before the Certificate expires that the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with
lifetime_percentage. - Lifetime
Percentage int - The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with
days_before_expiry.
- Days
Before intExpiry - The number of days before the Certificate expires that the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with
lifetime_percentage. - Lifetime
Percentage int - The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with
days_before_expiry.
- days
Before IntegerExpiry - The number of days before the Certificate expires that the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with
lifetime_percentage. - lifetime
Percentage Integer - The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with
days_before_expiry.
- days
Before numberExpiry - The number of days before the Certificate expires that the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with
lifetime_percentage. - lifetime
Percentage number - The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with
days_before_expiry.
- days_
before_ intexpiry - The number of days before the Certificate expires that the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with
lifetime_percentage. - lifetime_
percentage int - The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with
days_before_expiry.
- days
Before NumberExpiry - The number of days before the Certificate expires that the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with
lifetime_percentage. - lifetime
Percentage Number - The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Changing this forces a new resource to be created. Conflicts with
days_before_expiry.
CertificateCertificatePolicySecretProperties, CertificateCertificatePolicySecretPropertiesArgs
- Content
Type string - The Content-Type of the Certificate, such as
application/x-pkcs12for a PFX orapplication/x-pem-filefor a PEM. Changing this forces a new resource to be created.
- Content
Type string - The Content-Type of the Certificate, such as
application/x-pkcs12for a PFX orapplication/x-pem-filefor a PEM. Changing this forces a new resource to be created.
- content
Type String - The Content-Type of the Certificate, such as
application/x-pkcs12for a PFX orapplication/x-pem-filefor a PEM. Changing this forces a new resource to be created.
- content
Type string - The Content-Type of the Certificate, such as
application/x-pkcs12for a PFX orapplication/x-pem-filefor a PEM. Changing this forces a new resource to be created.
- content_
type str - The Content-Type of the Certificate, such as
application/x-pkcs12for a PFX orapplication/x-pem-filefor a PEM. Changing this forces a new resource to be created.
- content
Type String - The Content-Type of the Certificate, such as
application/x-pkcs12for a PFX orapplication/x-pem-filefor a PEM. Changing this forces a new resource to be created.
CertificateCertificatePolicyX509CertificateProperties, CertificateCertificatePolicyX509CertificatePropertiesArgs
- Key
Usages List<string> - A list of uses associated with this Key. Possible values include
cRLSign,dataEncipherment,decipherOnly,digitalSignature,encipherOnly,keyAgreement,keyCertSign,keyEnciphermentandnonRepudiationand are case-sensitive. Changing this forces a new resource to be created. - Subject string
- The Certificate's Subject. Changing this forces a new resource to be created.
- Validity
In intMonths - The Certificates Validity Period in Months. Changing this forces a new resource to be created.
- Extended
Key List<string>Usages - A list of Extended/Enhanced Key Usages. Changing this forces a new resource to be created.
- Subject
Alternative CertificateNames Certificate Policy X509Certificate Properties Subject Alternative Names - A
subject_alternative_namesblock as defined below.
- Key
Usages []string - A list of uses associated with this Key. Possible values include
cRLSign,dataEncipherment,decipherOnly,digitalSignature,encipherOnly,keyAgreement,keyCertSign,keyEnciphermentandnonRepudiationand are case-sensitive. Changing this forces a new resource to be created. - Subject string
- The Certificate's Subject. Changing this forces a new resource to be created.
- Validity
In intMonths - The Certificates Validity Period in Months. Changing this forces a new resource to be created.
- Extended
Key []stringUsages - A list of Extended/Enhanced Key Usages. Changing this forces a new resource to be created.
- Subject
Alternative CertificateNames Certificate Policy X509Certificate Properties Subject Alternative Names - A
subject_alternative_namesblock as defined below.
- key
Usages List<String> - A list of uses associated with this Key. Possible values include
cRLSign,dataEncipherment,decipherOnly,digitalSignature,encipherOnly,keyAgreement,keyCertSign,keyEnciphermentandnonRepudiationand are case-sensitive. Changing this forces a new resource to be created. - subject String
- The Certificate's Subject. Changing this forces a new resource to be created.
- validity
In IntegerMonths - The Certificates Validity Period in Months. Changing this forces a new resource to be created.
- extended
Key List<String>Usages - A list of Extended/Enhanced Key Usages. Changing this forces a new resource to be created.
- subject
Alternative CertificateNames Certificate Policy X509Certificate Properties Subject Alternative Names - A
subject_alternative_namesblock as defined below.
- key
Usages string[] - A list of uses associated with this Key. Possible values include
cRLSign,dataEncipherment,decipherOnly,digitalSignature,encipherOnly,keyAgreement,keyCertSign,keyEnciphermentandnonRepudiationand are case-sensitive. Changing this forces a new resource to be created. - subject string
- The Certificate's Subject. Changing this forces a new resource to be created.
- validity
In numberMonths - The Certificates Validity Period in Months. Changing this forces a new resource to be created.
- extended
Key string[]Usages - A list of Extended/Enhanced Key Usages. Changing this forces a new resource to be created.
- subject
Alternative CertificateNames Certificate Policy X509Certificate Properties Subject Alternative Names - A
subject_alternative_namesblock as defined below.
- key_
usages Sequence[str] - A list of uses associated with this Key. Possible values include
cRLSign,dataEncipherment,decipherOnly,digitalSignature,encipherOnly,keyAgreement,keyCertSign,keyEnciphermentandnonRepudiationand are case-sensitive. Changing this forces a new resource to be created. - subject str
- The Certificate's Subject. Changing this forces a new resource to be created.
- validity_
in_ intmonths - The Certificates Validity Period in Months. Changing this forces a new resource to be created.
- extended_
key_ Sequence[str]usages - A list of Extended/Enhanced Key Usages. Changing this forces a new resource to be created.
- subject_
alternative_ Certificatenames Certificate Policy X509Certificate Properties Subject Alternative Names - A
subject_alternative_namesblock as defined below.
- key
Usages List<String> - A list of uses associated with this Key. Possible values include
cRLSign,dataEncipherment,decipherOnly,digitalSignature,encipherOnly,keyAgreement,keyCertSign,keyEnciphermentandnonRepudiationand are case-sensitive. Changing this forces a new resource to be created. - subject String
- The Certificate's Subject. Changing this forces a new resource to be created.
- validity
In NumberMonths - The Certificates Validity Period in Months. Changing this forces a new resource to be created.
- extended
Key List<String>Usages - A list of Extended/Enhanced Key Usages. Changing this forces a new resource to be created.
- subject
Alternative Property MapNames - A
subject_alternative_namesblock as defined below.
CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames, CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs
- Dns
Names List<string> - A list of alternative DNS names (FQDNs) identified by the Certificate. Changing this forces a new resource to be created.
- Emails List<string>
- A list of email addresses identified by this Certificate. Changing this forces a new resource to be created.
- Upns List<string>
- A list of User Principal Names identified by the Certificate. Changing this forces a new resource to be created.
- Dns
Names []string - A list of alternative DNS names (FQDNs) identified by the Certificate. Changing this forces a new resource to be created.
- Emails []string
- A list of email addresses identified by this Certificate. Changing this forces a new resource to be created.
- Upns []string
- A list of User Principal Names identified by the Certificate. Changing this forces a new resource to be created.
- dns
Names List<String> - A list of alternative DNS names (FQDNs) identified by the Certificate. Changing this forces a new resource to be created.
- emails List<String>
- A list of email addresses identified by this Certificate. Changing this forces a new resource to be created.
- upns List<String>
- A list of User Principal Names identified by the Certificate. Changing this forces a new resource to be created.
- dns
Names string[] - A list of alternative DNS names (FQDNs) identified by the Certificate. Changing this forces a new resource to be created.
- emails string[]
- A list of email addresses identified by this Certificate. Changing this forces a new resource to be created.
- upns string[]
- A list of User Principal Names identified by the Certificate. Changing this forces a new resource to be created.
- dns_
names Sequence[str] - A list of alternative DNS names (FQDNs) identified by the Certificate. Changing this forces a new resource to be created.
- emails Sequence[str]
- A list of email addresses identified by this Certificate. Changing this forces a new resource to be created.
- upns Sequence[str]
- A list of User Principal Names identified by the Certificate. Changing this forces a new resource to be created.
- dns
Names List<String> - A list of alternative DNS names (FQDNs) identified by the Certificate. Changing this forces a new resource to be created.
- emails List<String>
- A list of email addresses identified by this Certificate. Changing this forces a new resource to be created.
- upns List<String>
- A list of User Principal Names identified by the Certificate. Changing this forces a new resource to be created.
Import
Key Vault Certificates can be imported using the resource id, e.g.
$ pulumi import azure:keyvault/certificate:Certificate example "https://example-keyvault.vault.azure.net/certificates/example/fdf067c93bbb4b22bff4d8b7a9a56217"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.
We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
