Docs Home
Azure Active Directory (Azure AD) v6.2.0 published on Tuesday, Jan 21, 2025 by Pulumi
azuread.ServicePrincipalTokenSigningCertificate
Explore with Pulumi AI
Azure Active Directory (Azure AD) v6.2.0 published on Tuesday, Jan 21, 2025 by Pulumi
Example Usage
Using default settings
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
const example = new azuread.Application("example", {displayName: "example"});
const exampleServicePrincipal = new azuread.ServicePrincipal("example", {clientId: example.clientId});
const exampleServicePrincipalTokenSigningCertificate = new azuread.ServicePrincipalTokenSigningCertificate("example", {servicePrincipalId: exampleServicePrincipal.id});
import pulumi
import pulumi_azuread as azuread
example = azuread.Application("example", display_name="example")
example_service_principal = azuread.ServicePrincipal("example", client_id=example.client_id)
example_service_principal_token_signing_certificate = azuread.ServicePrincipalTokenSigningCertificate("example", service_principal_id=example_service_principal.id)
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := azuread.NewApplication(ctx, "example", &azuread.ApplicationArgs{
DisplayName: pulumi.String("example"),
})
if err != nil {
return err
}
exampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, "example", &azuread.ServicePrincipalArgs{
ClientId: example.ClientId,
})
if err != nil {
return err
}
_, err = azuread.NewServicePrincipalTokenSigningCertificate(ctx, "example", &azuread.ServicePrincipalTokenSigningCertificateArgs{
ServicePrincipalId: exampleServicePrincipal.ID(),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var example = new AzureAD.Application("example", new()
{
DisplayName = "example",
});
var exampleServicePrincipal = new AzureAD.ServicePrincipal("example", new()
{
ClientId = example.ClientId,
});
var exampleServicePrincipalTokenSigningCertificate = new AzureAD.ServicePrincipalTokenSigningCertificate("example", new()
{
ServicePrincipalId = exampleServicePrincipal.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.Application;
import com.pulumi.azuread.ApplicationArgs;
import com.pulumi.azuread.ServicePrincipal;
import com.pulumi.azuread.ServicePrincipalArgs;
import com.pulumi.azuread.ServicePrincipalTokenSigningCertificate;
import com.pulumi.azuread.ServicePrincipalTokenSigningCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Application("example", ApplicationArgs.builder()
.displayName("example")
.build());
var exampleServicePrincipal = new ServicePrincipal("exampleServicePrincipal", ServicePrincipalArgs.builder()
.clientId(example.clientId())
.build());
var exampleServicePrincipalTokenSigningCertificate = new ServicePrincipalTokenSigningCertificate("exampleServicePrincipalTokenSigningCertificate", ServicePrincipalTokenSigningCertificateArgs.builder()
.servicePrincipalId(exampleServicePrincipal.id())
.build());
}
}
resources:
example:
type: azuread:Application
properties:
displayName: example
exampleServicePrincipal:
type: azuread:ServicePrincipal
name: example
properties:
clientId: ${example.clientId}
exampleServicePrincipalTokenSigningCertificate:
type: azuread:ServicePrincipalTokenSigningCertificate
name: example
properties:
servicePrincipalId: ${exampleServicePrincipal.id}
Using custom settings
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
const example = new azuread.Application("example", {displayName: "example"});
const exampleServicePrincipal = new azuread.ServicePrincipal("example", {clientId: example.clientId});
const exampleServicePrincipalTokenSigningCertificate = new azuread.ServicePrincipalTokenSigningCertificate("example", {
servicePrincipalId: exampleServicePrincipal.id,
displayName: "CN=example.com",
endDate: "2023-05-01T01:02:03Z",
});
import pulumi
import pulumi_azuread as azuread
example = azuread.Application("example", display_name="example")
example_service_principal = azuread.ServicePrincipal("example", client_id=example.client_id)
example_service_principal_token_signing_certificate = azuread.ServicePrincipalTokenSigningCertificate("example",
service_principal_id=example_service_principal.id,
display_name="CN=example.com",
end_date="2023-05-01T01:02:03Z")
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := azuread.NewApplication(ctx, "example", &azuread.ApplicationArgs{
DisplayName: pulumi.String("example"),
})
if err != nil {
return err
}
exampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, "example", &azuread.ServicePrincipalArgs{
ClientId: example.ClientId,
})
if err != nil {
return err
}
_, err = azuread.NewServicePrincipalTokenSigningCertificate(ctx, "example", &azuread.ServicePrincipalTokenSigningCertificateArgs{
ServicePrincipalId: exampleServicePrincipal.ID(),
DisplayName: pulumi.String("CN=example.com"),
EndDate: pulumi.String("2023-05-01T01:02:03Z"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var example = new AzureAD.Application("example", new()
{
DisplayName = "example",
});
var exampleServicePrincipal = new AzureAD.ServicePrincipal("example", new()
{
ClientId = example.ClientId,
});
var exampleServicePrincipalTokenSigningCertificate = new AzureAD.ServicePrincipalTokenSigningCertificate("example", new()
{
ServicePrincipalId = exampleServicePrincipal.Id,
DisplayName = "CN=example.com",
EndDate = "2023-05-01T01:02:03Z",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.Application;
import com.pulumi.azuread.ApplicationArgs;
import com.pulumi.azuread.ServicePrincipal;
import com.pulumi.azuread.ServicePrincipalArgs;
import com.pulumi.azuread.ServicePrincipalTokenSigningCertificate;
import com.pulumi.azuread.ServicePrincipalTokenSigningCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Application("example", ApplicationArgs.builder()
.displayName("example")
.build());
var exampleServicePrincipal = new ServicePrincipal("exampleServicePrincipal", ServicePrincipalArgs.builder()
.clientId(example.clientId())
.build());
var exampleServicePrincipalTokenSigningCertificate = new ServicePrincipalTokenSigningCertificate("exampleServicePrincipalTokenSigningCertificate", ServicePrincipalTokenSigningCertificateArgs.builder()
.servicePrincipalId(exampleServicePrincipal.id())
.displayName("CN=example.com")
.endDate("2023-05-01T01:02:03Z")
.build());
}
}
resources:
example:
type: azuread:Application
properties:
displayName: example
exampleServicePrincipal:
type: azuread:ServicePrincipal
name: example
properties:
clientId: ${example.clientId}
exampleServicePrincipalTokenSigningCertificate:
type: azuread:ServicePrincipalTokenSigningCertificate
name: example
properties:
servicePrincipalId: ${exampleServicePrincipal.id}
displayName: CN=example.com
endDate: 2023-05-01T01:02:03Z
Create ServicePrincipalTokenSigningCertificate Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ServicePrincipalTokenSigningCertificate(name: string, args: ServicePrincipalTokenSigningCertificateArgs, opts?: CustomResourceOptions);@overload
def ServicePrincipalTokenSigningCertificate(resource_name: str,
args: ServicePrincipalTokenSigningCertificateArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ServicePrincipalTokenSigningCertificate(resource_name: str,
opts: Optional[ResourceOptions] = None,
service_principal_id: Optional[str] = None,
display_name: Optional[str] = None,
end_date: Optional[str] = None)func NewServicePrincipalTokenSigningCertificate(ctx *Context, name string, args ServicePrincipalTokenSigningCertificateArgs, opts ...ResourceOption) (*ServicePrincipalTokenSigningCertificate, error)public ServicePrincipalTokenSigningCertificate(string name, ServicePrincipalTokenSigningCertificateArgs args, CustomResourceOptions? opts = null)
public ServicePrincipalTokenSigningCertificate(String name, ServicePrincipalTokenSigningCertificateArgs args)
public ServicePrincipalTokenSigningCertificate(String name, ServicePrincipalTokenSigningCertificateArgs args, CustomResourceOptions options)
type: azuread:ServicePrincipalTokenSigningCertificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ServicePrincipalTokenSigningCertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ServicePrincipalTokenSigningCertificateArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ServicePrincipalTokenSigningCertificateArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ServicePrincipalTokenSigningCertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ServicePrincipalTokenSigningCertificateArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var servicePrincipalTokenSigningCertificateResource = new AzureAD.ServicePrincipalTokenSigningCertificate("servicePrincipalTokenSigningCertificateResource", new()
{
ServicePrincipalId = "string",
DisplayName = "string",
EndDate = "string",
});
example, err := azuread.NewServicePrincipalTokenSigningCertificate(ctx, "servicePrincipalTokenSigningCertificateResource", &azuread.ServicePrincipalTokenSigningCertificateArgs{
ServicePrincipalId: pulumi.String("string"),
DisplayName: pulumi.String("string"),
EndDate: pulumi.String("string"),
})
var servicePrincipalTokenSigningCertificateResource = new ServicePrincipalTokenSigningCertificate("servicePrincipalTokenSigningCertificateResource", ServicePrincipalTokenSigningCertificateArgs.builder()
.servicePrincipalId("string")
.displayName("string")
.endDate("string")
.build());
service_principal_token_signing_certificate_resource = azuread.ServicePrincipalTokenSigningCertificate("servicePrincipalTokenSigningCertificateResource",
service_principal_id="string",
display_name="string",
end_date="string")
const servicePrincipalTokenSigningCertificateResource = new azuread.ServicePrincipalTokenSigningCertificate("servicePrincipalTokenSigningCertificateResource", {
servicePrincipalId: "string",
displayName: "string",
endDate: "string",
});
type: azuread:ServicePrincipalTokenSigningCertificate
properties:
displayName: string
endDate: string
servicePrincipalId: string
ServicePrincipalTokenSigningCertificate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ServicePrincipalTokenSigningCertificate resource accepts the following input properties:
- Service
Principal stringId - The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- Display
Name string Specifies a friendly name for the certificate. Must start with
CN=. Changing this field forces a new resource to be created.If not specified, it will default to
CN=Microsoft Azure Federated SSO Certificate.- End
Date string - The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.
- Service
Principal stringId - The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- Display
Name string Specifies a friendly name for the certificate. Must start with
CN=. Changing this field forces a new resource to be created.If not specified, it will default to
CN=Microsoft Azure Federated SSO Certificate.- End
Date string - The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.
- service
Principal StringId - The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- display
Name String Specifies a friendly name for the certificate. Must start with
CN=. Changing this field forces a new resource to be created.If not specified, it will default to
CN=Microsoft Azure Federated SSO Certificate.- end
Date String - The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.
- service
Principal stringId - The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- display
Name string Specifies a friendly name for the certificate. Must start with
CN=. Changing this field forces a new resource to be created.If not specified, it will default to
CN=Microsoft Azure Federated SSO Certificate.- end
Date string - The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.
- service_
principal_ strid - The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- display_
name str Specifies a friendly name for the certificate. Must start with
CN=. Changing this field forces a new resource to be created.If not specified, it will default to
CN=Microsoft Azure Federated SSO Certificate.- end_
date str - The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.
- service
Principal StringId - The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- display
Name String Specifies a friendly name for the certificate. Must start with
CN=. Changing this field forces a new resource to be created.If not specified, it will default to
CN=Microsoft Azure Federated SSO Certificate.- end
Date String - The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.
Outputs
All input properties are implicitly available as output properties. Additionally, the ServicePrincipalTokenSigningCertificate resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Id string - A UUID used to uniquely identify the verify certificate.
- Start
Date string - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). - Thumbprint string
- A SHA-1 generated thumbprint of the token signing certificate, which can be used to set the preferred signing certificate for a service principal.
- Value string
- The certificate data, which is PEM encoded but does not include the header
-----BEGIN CERTIFICATE-----\nor the footer\n-----END CERTIFICATE-----.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Id string - A UUID used to uniquely identify the verify certificate.
- Start
Date string - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). - Thumbprint string
- A SHA-1 generated thumbprint of the token signing certificate, which can be used to set the preferred signing certificate for a service principal.
- Value string
- The certificate data, which is PEM encoded but does not include the header
-----BEGIN CERTIFICATE-----\nor the footer\n-----END CERTIFICATE-----.
- id String
- The provider-assigned unique ID for this managed resource.
- key
Id String - A UUID used to uniquely identify the verify certificate.
- start
Date String - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). - thumbprint String
- A SHA-1 generated thumbprint of the token signing certificate, which can be used to set the preferred signing certificate for a service principal.
- value String
- The certificate data, which is PEM encoded but does not include the header
-----BEGIN CERTIFICATE-----\nor the footer\n-----END CERTIFICATE-----.
- id string
- The provider-assigned unique ID for this managed resource.
- key
Id string - A UUID used to uniquely identify the verify certificate.
- start
Date string - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). - thumbprint string
- A SHA-1 generated thumbprint of the token signing certificate, which can be used to set the preferred signing certificate for a service principal.
- value string
- The certificate data, which is PEM encoded but does not include the header
-----BEGIN CERTIFICATE-----\nor the footer\n-----END CERTIFICATE-----.
- id str
- The provider-assigned unique ID for this managed resource.
- key_
id str - A UUID used to uniquely identify the verify certificate.
- start_
date str - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). - thumbprint str
- A SHA-1 generated thumbprint of the token signing certificate, which can be used to set the preferred signing certificate for a service principal.
- value str
- The certificate data, which is PEM encoded but does not include the header
-----BEGIN CERTIFICATE-----\nor the footer\n-----END CERTIFICATE-----.
- id String
- The provider-assigned unique ID for this managed resource.
- key
Id String - A UUID used to uniquely identify the verify certificate.
- start
Date String - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). - thumbprint String
- A SHA-1 generated thumbprint of the token signing certificate, which can be used to set the preferred signing certificate for a service principal.
- value String
- The certificate data, which is PEM encoded but does not include the header
-----BEGIN CERTIFICATE-----\nor the footer\n-----END CERTIFICATE-----.
Look up Existing ServicePrincipalTokenSigningCertificate Resource
Get an existing ServicePrincipalTokenSigningCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ServicePrincipalTokenSigningCertificateState, opts?: CustomResourceOptions): ServicePrincipalTokenSigningCertificate@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
display_name: Optional[str] = None,
end_date: Optional[str] = None,
key_id: Optional[str] = None,
service_principal_id: Optional[str] = None,
start_date: Optional[str] = None,
thumbprint: Optional[str] = None,
value: Optional[str] = None) -> ServicePrincipalTokenSigningCertificatefunc GetServicePrincipalTokenSigningCertificate(ctx *Context, name string, id IDInput, state *ServicePrincipalTokenSigningCertificateState, opts ...ResourceOption) (*ServicePrincipalTokenSigningCertificate, error)public static ServicePrincipalTokenSigningCertificate Get(string name, Input<string> id, ServicePrincipalTokenSigningCertificateState? state, CustomResourceOptions? opts = null)public static ServicePrincipalTokenSigningCertificate get(String name, Output<String> id, ServicePrincipalTokenSigningCertificateState state, CustomResourceOptions options)resources: _: type: azuread:ServicePrincipalTokenSigningCertificate get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Display
Name string Specifies a friendly name for the certificate. Must start with
CN=. Changing this field forces a new resource to be created.If not specified, it will default to
CN=Microsoft Azure Federated SSO Certificate.- End
Date string - The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). Changing this field forces a new resource to be created. - Key
Id string - A UUID used to uniquely identify the verify certificate.
- Service
Principal stringId - The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- Start
Date string - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). - Thumbprint string
- A SHA-1 generated thumbprint of the token signing certificate, which can be used to set the preferred signing certificate for a service principal.
- Value string
- The certificate data, which is PEM encoded but does not include the header
-----BEGIN CERTIFICATE-----\nor the footer\n-----END CERTIFICATE-----.
- Display
Name string Specifies a friendly name for the certificate. Must start with
CN=. Changing this field forces a new resource to be created.If not specified, it will default to
CN=Microsoft Azure Federated SSO Certificate.- End
Date string - The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). Changing this field forces a new resource to be created. - Key
Id string - A UUID used to uniquely identify the verify certificate.
- Service
Principal stringId - The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- Start
Date string - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). - Thumbprint string
- A SHA-1 generated thumbprint of the token signing certificate, which can be used to set the preferred signing certificate for a service principal.
- Value string
- The certificate data, which is PEM encoded but does not include the header
-----BEGIN CERTIFICATE-----\nor the footer\n-----END CERTIFICATE-----.
- display
Name String Specifies a friendly name for the certificate. Must start with
CN=. Changing this field forces a new resource to be created.If not specified, it will default to
CN=Microsoft Azure Federated SSO Certificate.- end
Date String - The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). Changing this field forces a new resource to be created. - key
Id String - A UUID used to uniquely identify the verify certificate.
- service
Principal StringId - The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- start
Date String - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). - thumbprint String
- A SHA-1 generated thumbprint of the token signing certificate, which can be used to set the preferred signing certificate for a service principal.
- value String
- The certificate data, which is PEM encoded but does not include the header
-----BEGIN CERTIFICATE-----\nor the footer\n-----END CERTIFICATE-----.
- display
Name string Specifies a friendly name for the certificate. Must start with
CN=. Changing this field forces a new resource to be created.If not specified, it will default to
CN=Microsoft Azure Federated SSO Certificate.- end
Date string - The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). Changing this field forces a new resource to be created. - key
Id string - A UUID used to uniquely identify the verify certificate.
- service
Principal stringId - The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- start
Date string - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). - thumbprint string
- A SHA-1 generated thumbprint of the token signing certificate, which can be used to set the preferred signing certificate for a service principal.
- value string
- The certificate data, which is PEM encoded but does not include the header
-----BEGIN CERTIFICATE-----\nor the footer\n-----END CERTIFICATE-----.
- display_
name str Specifies a friendly name for the certificate. Must start with
CN=. Changing this field forces a new resource to be created.If not specified, it will default to
CN=Microsoft Azure Federated SSO Certificate.- end_
date str - The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). Changing this field forces a new resource to be created. - key_
id str - A UUID used to uniquely identify the verify certificate.
- service_
principal_ strid - The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- start_
date str - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). - thumbprint str
- A SHA-1 generated thumbprint of the token signing certificate, which can be used to set the preferred signing certificate for a service principal.
- value str
- The certificate data, which is PEM encoded but does not include the header
-----BEGIN CERTIFICATE-----\nor the footer\n-----END CERTIFICATE-----.
- display
Name String Specifies a friendly name for the certificate. Must start with
CN=. Changing this field forces a new resource to be created.If not specified, it will default to
CN=Microsoft Azure Federated SSO Certificate.- end
Date String - The end date until which the token signing certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). Changing this field forces a new resource to be created. - key
Id String - A UUID used to uniquely identify the verify certificate.
- service
Principal StringId - The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created.
- start
Date String - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z). - thumbprint String
- A SHA-1 generated thumbprint of the token signing certificate, which can be used to set the preferred signing certificate for a service principal.
- value String
- The certificate data, which is PEM encoded but does not include the header
-----BEGIN CERTIFICATE-----\nor the footer\n-----END CERTIFICATE-----.
Import
Token signing certificates can be imported using the object ID of the associated service principal and the key ID of the verify certificate credential, e.g.
$ pulumi import azuread:index/servicePrincipalTokenSigningCertificate:ServicePrincipalTokenSigningCertificate example 00000000-0000-0000-0000-000000000000/tokenSigningCertificate/11111111-1111-1111-1111-111111111111
-> This ID format is unique to Terraform and is composed of the service principal’s object ID, the string “tokenSigningCertificate” and the verify certificate’s key ID in the format {ServicePrincipalObjectId}/tokenSigningCertificate/{CertificateKeyId}.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Active Directory (Azure AD) pulumi/pulumi-azuread
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azureadTerraform Provider.
Azure Active Directory (Azure AD) v6.2.0 published on Tuesday, Jan 21, 2025 by Pulumi