We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
Use this data source to access data stored in an existing Key Vault Certificate.
Note: This data source uses the
GetSecretfunction of the Azure API, to get the key of the certificate. Therefore you need secret/get permission
Example Usage
using Pulumi;
using Azure = Pulumi.Azure;
class MyStack : Stack
{
public MyStack()
{
var exampleKeyVault = Output.Create(Azure.KeyVault.GetKeyVault.InvokeAsync(new Azure.KeyVault.GetKeyVaultArgs
{
Name = "examplekv",
ResourceGroupName = "some-resource-group",
}));
var exampleCertificateData = exampleKeyVault.Apply(exampleKeyVault => Output.Create(Azure.KeyVault.GetCertificateData.InvokeAsync(new Azure.KeyVault.GetCertificateDataArgs
{
Name = "secret-sauce",
KeyVaultId = exampleKeyVault.Id,
})));
this.ExamplePem = exampleCertificateData.Apply(exampleCertificateData => exampleCertificateData.Pem);
}
[Output("examplePem")]
public Output<string> ExamplePem { get; set; }
}
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/keyvault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleKeyVault, err := keyvault.LookupKeyVault(ctx, &keyvault.LookupKeyVaultArgs{
Name: "examplekv",
ResourceGroupName: "some-resource-group",
}, nil)
if err != nil {
return err
}
exampleCertificateData, err := keyvault.GetCertificateData(ctx, &keyvault.GetCertificateDataArgs{
Name: "secret-sauce",
KeyVaultId: exampleKeyVault.Id,
}, nil)
if err != nil {
return err
}
ctx.Export("examplePem", exampleCertificateData.Pem)
return nil
})
}
Example coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const exampleKeyVault = azure.keyvault.getKeyVault({
name: "examplekv",
resourceGroupName: "some-resource-group",
});
const exampleCertificateData = exampleKeyVault.then(exampleKeyVault => azure.keyvault.getCertificateData({
name: "secret-sauce",
keyVaultId: exampleKeyVault.id,
}));
export const examplePem = exampleCertificateData.then(exampleCertificateData => exampleCertificateData.pem);
import pulumi
import pulumi_azure as azure
example_key_vault = azure.keyvault.get_key_vault(name="examplekv",
resource_group_name="some-resource-group")
example_certificate_data = azure.keyvault.get_certificate_data(name="secret-sauce",
key_vault_id=example_key_vault.id)
pulumi.export("examplePem", example_certificate_data.pem)
Example coming soon!
Using getCertificateData
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getCertificateData(args: GetCertificateDataArgs, opts?: InvokeOptions): Promise<GetCertificateDataResult>
function getCertificateDataOutput(args: GetCertificateDataOutputArgs, opts?: InvokeOptions): Output<GetCertificateDataResult>def get_certificate_data(key_vault_id: Optional[str] = None,
name: Optional[str] = None,
version: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetCertificateDataResult
def get_certificate_data_output(key_vault_id: Optional[pulumi.Input[str]] = None,
name: Optional[pulumi.Input[str]] = None,
version: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetCertificateDataResult]func GetCertificateData(ctx *Context, args *GetCertificateDataArgs, opts ...InvokeOption) (*GetCertificateDataResult, error)
func GetCertificateDataOutput(ctx *Context, args *GetCertificateDataOutputArgs, opts ...InvokeOption) GetCertificateDataResultOutput> Note: This function is named GetCertificateData in the Go SDK.
public static class GetCertificateData
{
public static Task<GetCertificateDataResult> InvokeAsync(GetCertificateDataArgs args, InvokeOptions? opts = null)
public static Output<GetCertificateDataResult> Invoke(GetCertificateDataInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetCertificateDataResult> getCertificateData(GetCertificateDataArgs args, InvokeOptions options)
public static Output<GetCertificateDataResult> getCertificateData(GetCertificateDataArgs args, InvokeOptions options)
fn::invoke:
function: azure:keyvault/getCertificateData:getCertificateData
arguments:
# arguments dictionaryThe following arguments are supported:
- Key
Vault stringId - Specifies the ID of the Key Vault instance where the Secret resides, available on the
azure.keyvault.KeyVaultData Source / Resource. - Name string
- Specifies the name of the Key Vault Secret.
- Version string
- Specifies the version of the certificate to look up. (Defaults to latest)
- Key
Vault stringId - Specifies the ID of the Key Vault instance where the Secret resides, available on the
azure.keyvault.KeyVaultData Source / Resource. - Name string
- Specifies the name of the Key Vault Secret.
- Version string
- Specifies the version of the certificate to look up. (Defaults to latest)
- key
Vault StringId - Specifies the ID of the Key Vault instance where the Secret resides, available on the
azure.keyvault.KeyVaultData Source / Resource. - name String
- Specifies the name of the Key Vault Secret.
- version String
- Specifies the version of the certificate to look up. (Defaults to latest)
- key
Vault stringId - Specifies the ID of the Key Vault instance where the Secret resides, available on the
azure.keyvault.KeyVaultData Source / Resource. - name string
- Specifies the name of the Key Vault Secret.
- version string
- Specifies the version of the certificate to look up. (Defaults to latest)
- key_
vault_ strid - Specifies the ID of the Key Vault instance where the Secret resides, available on the
azure.keyvault.KeyVaultData Source / Resource. - name str
- Specifies the name of the Key Vault Secret.
- version str
- Specifies the version of the certificate to look up. (Defaults to latest)
- key
Vault StringId - Specifies the ID of the Key Vault instance where the Secret resides, available on the
azure.keyvault.KeyVaultData Source / Resource. - name String
- Specifies the name of the Key Vault Secret.
- version String
- Specifies the version of the certificate to look up. (Defaults to latest)
getCertificateData Result
The following output properties are available:
- Certificates
Count int - Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).
- Expires string
- Expiry date of certificate in RFC3339 format.
- Hex string
- The raw Key Vault Certificate data represented as a hexadecimal string.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key string
- The Key Vault Certificate Key.
- Key
Vault stringId - Name string
- Not
Before string - Not Before date of certificate in RFC3339 format.
- Pem string
- The Key Vault Certificate in PEM format.
- Dictionary<string, string>
- A mapping of tags to assign to the resource.
- Version string
- Certificates
Count int - Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).
- Expires string
- Expiry date of certificate in RFC3339 format.
- Hex string
- The raw Key Vault Certificate data represented as a hexadecimal string.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key string
- The Key Vault Certificate Key.
- Key
Vault stringId - Name string
- Not
Before string - Not Before date of certificate in RFC3339 format.
- Pem string
- The Key Vault Certificate in PEM format.
- map[string]string
- A mapping of tags to assign to the resource.
- Version string
- certificates
Count Integer - Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).
- expires String
- Expiry date of certificate in RFC3339 format.
- hex String
- The raw Key Vault Certificate data represented as a hexadecimal string.
- id String
- The provider-assigned unique ID for this managed resource.
- key String
- The Key Vault Certificate Key.
- key
Vault StringId - name String
- not
Before String - Not Before date of certificate in RFC3339 format.
- pem String
- The Key Vault Certificate in PEM format.
- Map<String,String>
- A mapping of tags to assign to the resource.
- version String
- certificates
Count number - Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).
- expires string
- Expiry date of certificate in RFC3339 format.
- hex string
- The raw Key Vault Certificate data represented as a hexadecimal string.
- id string
- The provider-assigned unique ID for this managed resource.
- key string
- The Key Vault Certificate Key.
- key
Vault stringId - name string
- not
Before string - Not Before date of certificate in RFC3339 format.
- pem string
- The Key Vault Certificate in PEM format.
- {[key: string]: string}
- A mapping of tags to assign to the resource.
- version string
- certificates_
count int - Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).
- expires str
- Expiry date of certificate in RFC3339 format.
- hex str
- The raw Key Vault Certificate data represented as a hexadecimal string.
- id str
- The provider-assigned unique ID for this managed resource.
- key str
- The Key Vault Certificate Key.
- key_
vault_ strid - name str
- not_
before str - Not Before date of certificate in RFC3339 format.
- pem str
- The Key Vault Certificate in PEM format.
- Mapping[str, str]
- A mapping of tags to assign to the resource.
- version str
- certificates
Count Number - Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).
- expires String
- Expiry date of certificate in RFC3339 format.
- hex String
- The raw Key Vault Certificate data represented as a hexadecimal string.
- id String
- The provider-assigned unique ID for this managed resource.
- key String
- The Key Vault Certificate Key.
- key
Vault StringId - name String
- not
Before String - Not Before date of certificate in RFC3339 format.
- pem String
- The Key Vault Certificate in PEM format.
- Map<String>
- A mapping of tags to assign to the resource.
- version String
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.
We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
