azuread.ServicePrincipalCertificate
Explore with Pulumi AI
Manages a certificate associated with a service principal within Azure Active Directory.
API Permissions
The following API permissions are required in order to use this resource.
When authenticated with a service principal, this resource requires one of the following application roles: Application.ReadWrite.All
or Directory.ReadWrite.All
When authenticated with a user principal, this resource requires one of the following directory roles: Application Administrator
or Global Administrator
Create ServicePrincipalCertificate Resource
new ServicePrincipalCertificate(name: string, args: ServicePrincipalCertificateArgs, opts?: CustomResourceOptions);
@overload
def ServicePrincipalCertificate(resource_name: str,
opts: Optional[ResourceOptions] = None,
encoding: Optional[str] = None,
end_date: Optional[str] = None,
end_date_relative: Optional[str] = None,
key_id: Optional[str] = None,
service_principal_id: Optional[str] = None,
start_date: Optional[str] = None,
type: Optional[str] = None,
value: Optional[str] = None)
@overload
def ServicePrincipalCertificate(resource_name: str,
args: ServicePrincipalCertificateArgs,
opts: Optional[ResourceOptions] = None)
func NewServicePrincipalCertificate(ctx *Context, name string, args ServicePrincipalCertificateArgs, opts ...ResourceOption) (*ServicePrincipalCertificate, error)
public ServicePrincipalCertificate(string name, ServicePrincipalCertificateArgs args, CustomResourceOptions? opts = null)
public ServicePrincipalCertificate(String name, ServicePrincipalCertificateArgs args)
public ServicePrincipalCertificate(String name, ServicePrincipalCertificateArgs args, CustomResourceOptions options)
type: azuread:ServicePrincipalCertificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ServicePrincipalCertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ServicePrincipalCertificateArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ServicePrincipalCertificateArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ServicePrincipalCertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ServicePrincipalCertificateArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
ServicePrincipalCertificate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ServicePrincipalCertificate resource accepts the following input properties:
- Service
Principal stringId The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- Value string
The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument.- Encoding string
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- End
Date string The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). Changing this field forces a new resource to be created.- End
Date stringRelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be set. The maximum duration is determined by Azure AD.- Key
Id string A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created.
- Start
Date string The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.- Type string
The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created.
- Service
Principal stringId The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- Value string
The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument.- Encoding string
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- End
Date string The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). Changing this field forces a new resource to be created.- End
Date stringRelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be set. The maximum duration is determined by Azure AD.- Key
Id string A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created.
- Start
Date string The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.- Type string
The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created.
- service
Principal StringId The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- value String
The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument.- encoding String
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- end
Date String The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). Changing this field forces a new resource to be created.- end
Date StringRelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be set. The maximum duration is determined by Azure AD.- key
Id String A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created.
- start
Date String The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.- type String
The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created.
- service
Principal stringId The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- value string
The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument.- encoding string
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- end
Date string The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). Changing this field forces a new resource to be created.- end
Date stringRelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be set. The maximum duration is determined by Azure AD.- key
Id string A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created.
- start
Date string The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.- type string
The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created.
- service_
principal_ strid The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- value str
The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument.- encoding str
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- end_
date str The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). Changing this field forces a new resource to be created.- end_
date_ strrelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be set. The maximum duration is determined by Azure AD.- key_
id str A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created.
- start_
date str The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.- type str
The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created.
- service
Principal StringId The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- value String
The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument.- encoding String
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- end
Date String The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). Changing this field forces a new resource to be created.- end
Date StringRelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be set. The maximum duration is determined by Azure AD.- key
Id String A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created.
- start
Date String The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.- type String
The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created.
Outputs
All input properties are implicitly available as output properties. Additionally, the ServicePrincipalCertificate resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing ServicePrincipalCertificate Resource
Get an existing ServicePrincipalCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ServicePrincipalCertificateState, opts?: CustomResourceOptions): ServicePrincipalCertificate
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
encoding: Optional[str] = None,
end_date: Optional[str] = None,
end_date_relative: Optional[str] = None,
key_id: Optional[str] = None,
service_principal_id: Optional[str] = None,
start_date: Optional[str] = None,
type: Optional[str] = None,
value: Optional[str] = None) -> ServicePrincipalCertificate
func GetServicePrincipalCertificate(ctx *Context, name string, id IDInput, state *ServicePrincipalCertificateState, opts ...ResourceOption) (*ServicePrincipalCertificate, error)
public static ServicePrincipalCertificate Get(string name, Input<string> id, ServicePrincipalCertificateState? state, CustomResourceOptions? opts = null)
public static ServicePrincipalCertificate get(String name, Output<String> id, ServicePrincipalCertificateState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Encoding string
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- End
Date string The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). Changing this field forces a new resource to be created.- End
Date stringRelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be set. The maximum duration is determined by Azure AD.- Key
Id string A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created.
- Service
Principal stringId The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- Start
Date string The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.- Type string
The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created.- Value string
The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument.
- Encoding string
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- End
Date string The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). Changing this field forces a new resource to be created.- End
Date stringRelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be set. The maximum duration is determined by Azure AD.- Key
Id string A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created.
- Service
Principal stringId The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- Start
Date string The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.- Type string
The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created.- Value string
The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument.
- encoding String
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- end
Date String The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). Changing this field forces a new resource to be created.- end
Date StringRelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be set. The maximum duration is determined by Azure AD.- key
Id String A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created.
- service
Principal StringId The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- start
Date String The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.- type String
The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created.- value String
The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument.
- encoding string
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- end
Date string The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). Changing this field forces a new resource to be created.- end
Date stringRelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be set. The maximum duration is determined by Azure AD.- key
Id string A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created.
- service
Principal stringId The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- start
Date string The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.- type string
The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created.- value string
The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument.
- encoding str
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- end_
date str The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). Changing this field forces a new resource to be created.- end_
date_ strrelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be set. The maximum duration is determined by Azure AD.- key_
id str A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created.
- service_
principal_ strid The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- start_
date str The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.- type str
The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created.- value str
The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument.
- encoding String
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- end
Date String The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). Changing this field forces a new resource to be created.- end
Date StringRelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be set. The maximum duration is determined by Azure AD.- key
Id String A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created.
- service
Principal StringId The object ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- start
Date String The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.- type String
The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created.- value String
The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument.
Import
Certificates can be imported using the object ID of the associated service principal and the key ID of the certificate credential, e.g.
$ pulumi import azuread:index/servicePrincipalCertificate:ServicePrincipalCertificate test 00000000-0000-0000-0000-000000000000/certificate/11111111-1111-1111-1111-111111111111
-> This ID format is unique to Terraform and is composed of the service principal’s object ID, the string “certificate” and the certificate’s key ID in the format {ServicePrincipalObjectId}/certificate/{CertificateKeyId}
.
Package Details
- Repository
- Azure Active Directory (Azure AD) pulumi/pulumi-azuread
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
azuread
Terraform Provider.