Google Cloud Classic v6.56.0, May 18 23

gcp.certificatemanager.Certificate

Explore with Pulumi AI

Import

Certificate can be imported using any of these accepted formats

 $ pulumi import gcp:certificatemanager/certificate:Certificate default projects/{{project}}/locations/{{location}}/certificates/{{name}}

 $ pulumi import gcp:certificatemanager/certificate:Certificate default {{project}}/{{location}}/{{name}}

 $ pulumi import gcp:certificatemanager/certificate:Certificate default {{location}}/{{name}}

Example Usage

Certificate Manager Google Managed Certificate

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var instance = new Gcp.CertificateManager.DnsAuthorization("instance", new()
    {
        Description = "The default dnss",
        Domain = "subdomain.hashicorptest.com",
    });

    var instance2 = new Gcp.CertificateManager.DnsAuthorization("instance2", new()
    {
        Description = "The default dnss",
        Domain = "subdomain2.hashicorptest.com",
    });

    var @default = new Gcp.CertificateManager.Certificate("default", new()
    {
        Description = "The default cert",
        Scope = "EDGE_CACHE",
        Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
        {
            Domains = new[]
            {
                instance.Domain,
                instance2.Domain,
            },
            DnsAuthorizations = new[]
            {
                instance.Id,
                instance2.Id,
            },
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/certificatemanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		instance, err := certificatemanager.NewDnsAuthorization(ctx, "instance", &certificatemanager.DnsAuthorizationArgs{
			Description: pulumi.String("The default dnss"),
			Domain:      pulumi.String("subdomain.hashicorptest.com"),
		})
		if err != nil {
			return err
		}
		instance2, err := certificatemanager.NewDnsAuthorization(ctx, "instance2", &certificatemanager.DnsAuthorizationArgs{
			Description: pulumi.String("The default dnss"),
			Domain:      pulumi.String("subdomain2.hashicorptest.com"),
		})
		if err != nil {
			return err
		}
		_, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
			Description: pulumi.String("The default cert"),
			Scope:       pulumi.String("EDGE_CACHE"),
			Managed: &certificatemanager.CertificateManagedArgs{
				Domains: pulumi.StringArray{
					instance.Domain,
					instance2.Domain,
				},
				DnsAuthorizations: pulumi.StringArray{
					instance.ID(),
					instance2.ID(),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificatemanager.DnsAuthorization;
import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()        
            .description("The default dnss")
            .domain("subdomain.hashicorptest.com")
            .build());

        var instance2 = new DnsAuthorization("instance2", DnsAuthorizationArgs.builder()        
            .description("The default dnss")
            .domain("subdomain2.hashicorptest.com")
            .build());

        var default_ = new Certificate("default", CertificateArgs.builder()        
            .description("The default cert")
            .scope("EDGE_CACHE")
            .managed(CertificateManagedArgs.builder()
                .domains(                
                    instance.domain(),
                    instance2.domain())
                .dnsAuthorizations(                
                    instance.id(),
                    instance2.id())
                .build())
            .build());

    }
}

import pulumi
import pulumi_gcp as gcp

instance = gcp.certificatemanager.DnsAuthorization("instance",
    description="The default dnss",
    domain="subdomain.hashicorptest.com")
instance2 = gcp.certificatemanager.DnsAuthorization("instance2",
    description="The default dnss",
    domain="subdomain2.hashicorptest.com")
default = gcp.certificatemanager.Certificate("default",
    description="The default cert",
    scope="EDGE_CACHE",
    managed=gcp.certificatemanager.CertificateManagedArgs(
        domains=[
            instance.domain,
            instance2.domain,
        ],
        dns_authorizations=[
            instance.id,
            instance2.id,
        ],
    ))

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.certificatemanager.DnsAuthorization("instance", {
    description: "The default dnss",
    domain: "subdomain.hashicorptest.com",
});
const instance2 = new gcp.certificatemanager.DnsAuthorization("instance2", {
    description: "The default dnss",
    domain: "subdomain2.hashicorptest.com",
});
const _default = new gcp.certificatemanager.Certificate("default", {
    description: "The default cert",
    scope: "EDGE_CACHE",
    managed: {
        domains: [
            instance.domain,
            instance2.domain,
        ],
        dnsAuthorizations: [
            instance.id,
            instance2.id,
        ],
    },
});

resources:
  default:
    type: gcp:certificatemanager:Certificate
    properties:
      description: The default cert
      scope: EDGE_CACHE
      managed:
        domains:
          - ${instance.domain}
          - ${instance2.domain}
        dnsAuthorizations:
          - ${instance.id}
          - ${instance2.id}
  instance:
    type: gcp:certificatemanager:DnsAuthorization
    properties:
      description: The default dnss
      domain: subdomain.hashicorptest.com
  instance2:
    type: gcp:certificatemanager:DnsAuthorization
    properties:
      description: The default dnss
      domain: subdomain2.hashicorptest.com

Certificate Manager Certificate Basic

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var instance = new Gcp.CertificateManager.DnsAuthorization("instance", new()
    {
        Description = "The default dnss",
        Domain = "subdomain.hashicorptest.com",
    });

    var instance2 = new Gcp.CertificateManager.DnsAuthorization("instance2", new()
    {
        Description = "The default dnss",
        Domain = "subdomain2.hashicorptest.com",
    });

    var @default = new Gcp.CertificateManager.Certificate("default", new()
    {
        Description = "Global cert",
        Scope = "EDGE_CACHE",
        Managed = new Gcp.CertificateManager.Inputs.CertificateManagedArgs
        {
            Domains = new[]
            {
                instance.Domain,
                instance2.Domain,
            },
            DnsAuthorizations = new[]
            {
                instance.Id,
                instance2.Id,
            },
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/certificatemanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		instance, err := certificatemanager.NewDnsAuthorization(ctx, "instance", &certificatemanager.DnsAuthorizationArgs{
			Description: pulumi.String("The default dnss"),
			Domain:      pulumi.String("subdomain.hashicorptest.com"),
		})
		if err != nil {
			return err
		}
		instance2, err := certificatemanager.NewDnsAuthorization(ctx, "instance2", &certificatemanager.DnsAuthorizationArgs{
			Description: pulumi.String("The default dnss"),
			Domain:      pulumi.String("subdomain2.hashicorptest.com"),
		})
		if err != nil {
			return err
		}
		_, err = certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
			Description: pulumi.String("Global cert"),
			Scope:       pulumi.String("EDGE_CACHE"),
			Managed: &certificatemanager.CertificateManagedArgs{
				Domains: pulumi.StringArray{
					instance.Domain,
					instance2.Domain,
				},
				DnsAuthorizations: pulumi.StringArray{
					instance.ID(),
					instance2.ID(),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificatemanager.DnsAuthorization;
import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder()        
            .description("The default dnss")
            .domain("subdomain.hashicorptest.com")
            .build());

        var instance2 = new DnsAuthorization("instance2", DnsAuthorizationArgs.builder()        
            .description("The default dnss")
            .domain("subdomain2.hashicorptest.com")
            .build());

        var default_ = new Certificate("default", CertificateArgs.builder()        
            .description("Global cert")
            .scope("EDGE_CACHE")
            .managed(CertificateManagedArgs.builder()
                .domains(                
                    instance.domain(),
                    instance2.domain())
                .dnsAuthorizations(                
                    instance.id(),
                    instance2.id())
                .build())
            .build());

    }
}

import pulumi
import pulumi_gcp as gcp

instance = gcp.certificatemanager.DnsAuthorization("instance",
    description="The default dnss",
    domain="subdomain.hashicorptest.com")
instance2 = gcp.certificatemanager.DnsAuthorization("instance2",
    description="The default dnss",
    domain="subdomain2.hashicorptest.com")
default = gcp.certificatemanager.Certificate("default",
    description="Global cert",
    scope="EDGE_CACHE",
    managed=gcp.certificatemanager.CertificateManagedArgs(
        domains=[
            instance.domain,
            instance2.domain,
        ],
        dns_authorizations=[
            instance.id,
            instance2.id,
        ],
    ))

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.certificatemanager.DnsAuthorization("instance", {
    description: "The default dnss",
    domain: "subdomain.hashicorptest.com",
});
const instance2 = new gcp.certificatemanager.DnsAuthorization("instance2", {
    description: "The default dnss",
    domain: "subdomain2.hashicorptest.com",
});
const _default = new gcp.certificatemanager.Certificate("default", {
    description: "Global cert",
    scope: "EDGE_CACHE",
    managed: {
        domains: [
            instance.domain,
            instance2.domain,
        ],
        dnsAuthorizations: [
            instance.id,
            instance2.id,
        ],
    },
});

resources:
  default:
    type: gcp:certificatemanager:Certificate
    properties:
      description: Global cert
      scope: EDGE_CACHE
      managed:
        domains:
          - ${instance.domain}
          - ${instance2.domain}
        dnsAuthorizations:
          - ${instance.id}
          - ${instance2.id}
  instance:
    type: gcp:certificatemanager:DnsAuthorization
    properties:
      description: The default dnss
      domain: subdomain.hashicorptest.com
  instance2:
    type: gcp:certificatemanager:DnsAuthorization
    properties:
      description: The default dnss
      domain: subdomain2.hashicorptest.com

Certificate Manager Self Managed Certificate Regional

using System.Collections.Generic;
using System.IO;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var @default = new Gcp.CertificateManager.Certificate("default", new()
    {
        Description = "Regional cert",
        Location = "us-central1",
        SelfManaged = new Gcp.CertificateManager.Inputs.CertificateSelfManagedArgs
        {
            PemCertificate = File.ReadAllText("test-fixtures/certificatemanager/cert.pem"),
            PemPrivateKey = File.ReadAllText("test-fixtures/certificatemanager/private-key.pem"),
        },
    });

});

package main

import (
	"os"

	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/certificatemanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func readFileOrPanic(path string) pulumi.StringPtrInput {
	data, err := os.ReadFile(path)
	if err != nil {
		panic(err.Error())
	}
	return pulumi.String(string(data))
}

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := certificatemanager.NewCertificate(ctx, "default", &certificatemanager.CertificateArgs{
			Description: pulumi.String("Regional cert"),
			Location:    pulumi.String("us-central1"),
			SelfManaged: &certificatemanager.CertificateSelfManagedArgs{
				PemCertificate: readFileOrPanic("test-fixtures/certificatemanager/cert.pem"),
				PemPrivateKey:  readFileOrPanic("test-fixtures/certificatemanager/private-key.pem"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.certificatemanager.Certificate;
import com.pulumi.gcp.certificatemanager.CertificateArgs;
import com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new Certificate("default", CertificateArgs.builder()        
            .description("Regional cert")
            .location("us-central1")
            .selfManaged(CertificateSelfManagedArgs.builder()
                .pemCertificate(Files.readString(Paths.get("test-fixtures/certificatemanager/cert.pem")))
                .pemPrivateKey(Files.readString(Paths.get("test-fixtures/certificatemanager/private-key.pem")))
                .build())
            .build());

    }
}

import pulumi
import pulumi_gcp as gcp

default = gcp.certificatemanager.Certificate("default",
    description="Regional cert",
    location="us-central1",
    self_managed=gcp.certificatemanager.CertificateSelfManagedArgs(
        pem_certificate=(lambda path: open(path).read())("test-fixtures/certificatemanager/cert.pem"),
        pem_private_key=(lambda path: open(path).read())("test-fixtures/certificatemanager/private-key.pem"),
    ))

import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as gcp from "@pulumi/gcp";

const _default = new gcp.certificatemanager.Certificate("default", {
    description: "Regional cert",
    location: "us-central1",
    selfManaged: {
        pemCertificate: fs.readFileSync("test-fixtures/certificatemanager/cert.pem"),
        pemPrivateKey: fs.readFileSync("test-fixtures/certificatemanager/private-key.pem"),
    },
});

resources:
  default:
    type: gcp:certificatemanager:Certificate
    properties:
      description: Regional cert
      location: us-central1
      selfManaged:
        pemCertificate:
          fn::readFile: test-fixtures/certificatemanager/cert.pem
        pemPrivateKey:
          fn::readFile: test-fixtures/certificatemanager/private-key.pem

Create Certificate Resource

new Certificate(name: string, args?: CertificateArgs, opts?: CustomResourceOptions);

@overload
def Certificate(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                description: Optional[str] = None,
                labels: Optional[Mapping[str, str]] = None,
                location: Optional[str] = None,
                managed: Optional[CertificateManagedArgs] = None,
                name: Optional[str] = None,
                project: Optional[str] = None,
                scope: Optional[str] = None,
                self_managed: Optional[CertificateSelfManagedArgs] = None)
@overload
def Certificate(resource_name: str,
                args: Optional[CertificateArgs] = None,
                opts: Optional[ResourceOptions] = None)

func NewCertificate(ctx *Context, name string, args *CertificateArgs, opts ...ResourceOption) (*Certificate, error)

public Certificate(string name, CertificateArgs? args = null, CustomResourceOptions? opts = null)

public Certificate(String name, CertificateArgs args)
public Certificate(String name, CertificateArgs args, CustomResourceOptions options)

type: gcp:certificatemanager:Certificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Certificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Certificate resource accepts the following input properties:

Description string: A human-readable description of the resource.
Labels Dictionary<string, string>: Set of label tags associated with the Certificate resource.
Location string: The Certificate Manager location. If not specified, "global" is used.
Managed CertificateManagedArgs: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
Name string: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Scope string: The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates.
SelfManaged CertificateSelfManagedArgs: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

Description string: A human-readable description of the resource.
Labels map[string]string: Set of label tags associated with the Certificate resource.
Location string: The Certificate Manager location. If not specified, "global" is used.
Managed CertificateManagedArgs: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
Name string: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Scope string: The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates.
SelfManaged CertificateSelfManagedArgs: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

description String: A human-readable description of the resource.
labels Map<String,String>: Set of label tags associated with the Certificate resource.
location String: The Certificate Manager location. If not specified, "global" is used.
managed CertificateManagedArgs: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
name String: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
project String: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
scope String: The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates.
selfManaged CertificateSelfManagedArgs: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

description string: A human-readable description of the resource.
labels {[key: string]: string}: Set of label tags associated with the Certificate resource.
location string: The Certificate Manager location. If not specified, "global" is used.
managed CertificateManagedArgs: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
name string: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
scope string: The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates.
selfManaged CertificateSelfManagedArgs: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

description str: A human-readable description of the resource.
labels Mapping[str, str]: Set of label tags associated with the Certificate resource.
location str: The Certificate Manager location. If not specified, "global" is used.
managed CertificateManagedArgs: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
name str: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
project str: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
scope str: The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates.
self_managed CertificateSelfManagedArgs: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

description String: A human-readable description of the resource.
labels Map<String>: Set of label tags associated with the Certificate resource.
location String: The Certificate Manager location. If not specified, "global" is used.
managed Property Map: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
name String: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
project String: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
scope String: The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates.
selfManaged Property Map: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

Outputs

All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing Certificate Resource

Get an existing Certificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CertificateState, opts?: CustomResourceOptions): Certificate

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        description: Optional[str] = None,
        labels: Optional[Mapping[str, str]] = None,
        location: Optional[str] = None,
        managed: Optional[CertificateManagedArgs] = None,
        name: Optional[str] = None,
        project: Optional[str] = None,
        scope: Optional[str] = None,
        self_managed: Optional[CertificateSelfManagedArgs] = None) -> Certificate

func GetCertificate(ctx *Context, name string, id IDInput, state *CertificateState, opts ...ResourceOption) (*Certificate, error)

public static Certificate Get(string name, Input<string> id, CertificateState? state, CustomResourceOptions? opts = null)

public static Certificate get(String name, Output<String> id, CertificateState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Description string: A human-readable description of the resource.
Labels Dictionary<string, string>: Set of label tags associated with the Certificate resource.
Location string: The Certificate Manager location. If not specified, "global" is used.
Managed CertificateManagedArgs: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
Name string: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Scope string: The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates.
SelfManaged CertificateSelfManagedArgs: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

Description string: A human-readable description of the resource.
Labels map[string]string: Set of label tags associated with the Certificate resource.
Location string: The Certificate Manager location. If not specified, "global" is used.
Managed CertificateManagedArgs: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
Name string: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
Project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Scope string: The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates.
SelfManaged CertificateSelfManagedArgs: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

description String: A human-readable description of the resource.
labels Map<String,String>: Set of label tags associated with the Certificate resource.
location String: The Certificate Manager location. If not specified, "global" is used.
managed CertificateManagedArgs: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
name String: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
project String: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
scope String: The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates.
selfManaged CertificateSelfManagedArgs: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

description string: A human-readable description of the resource.
labels {[key: string]: string}: Set of label tags associated with the Certificate resource.
location string: The Certificate Manager location. If not specified, "global" is used.
managed CertificateManagedArgs: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
name string: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
project string: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
scope string: The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates.
selfManaged CertificateSelfManagedArgs: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

description str: A human-readable description of the resource.
labels Mapping[str, str]: Set of label tags associated with the Certificate resource.
location str: The Certificate Manager location. If not specified, "global" is used.
managed CertificateManagedArgs: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
name str: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
project str: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
scope str: The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates.
self_managed CertificateSelfManagedArgs: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

description String: A human-readable description of the resource.
labels Map<String>: Set of label tags associated with the Certificate resource.
location String: The Certificate Manager location. If not specified, "global" is used.
managed Property Map: Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
name String: A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
project String: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
scope String: The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates.
selfManaged Property Map: Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.

Supporting Types

CertificateManaged

AuthorizationAttemptInfos List<CertificateManagedAuthorizationAttemptInfo>: (Output) Detailed state of the latest authorization attempt for each domain specified for this Managed Certificate. Structure is documented below.
DnsAuthorizations List<string>: Authorizations that will be used for performing domain authorization
Domains List<string>: The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution
ProvisioningIssues List<CertificateManagedProvisioningIssue>: (Output) Information about issues with provisioning this Managed Certificate. Structure is documented below.
State string: (Output) State of the domain for managed certificate issuance.

AuthorizationAttemptInfos []CertificateManagedAuthorizationAttemptInfo: (Output) Detailed state of the latest authorization attempt for each domain specified for this Managed Certificate. Structure is documented below.
DnsAuthorizations []string: Authorizations that will be used for performing domain authorization
Domains []string: The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution
ProvisioningIssues []CertificateManagedProvisioningIssue: (Output) Information about issues with provisioning this Managed Certificate. Structure is documented below.
State string: (Output) State of the domain for managed certificate issuance.

authorizationAttemptInfos List<CertificateManagedAuthorizationAttemptInfo>: (Output) Detailed state of the latest authorization attempt for each domain specified for this Managed Certificate. Structure is documented below.
dnsAuthorizations List<String>: Authorizations that will be used for performing domain authorization
domains List<String>: The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution
provisioningIssues List<CertificateManagedProvisioningIssue>: (Output) Information about issues with provisioning this Managed Certificate. Structure is documented below.
state String: (Output) State of the domain for managed certificate issuance.

authorizationAttemptInfos CertificateManagedAuthorizationAttemptInfo[]: (Output) Detailed state of the latest authorization attempt for each domain specified for this Managed Certificate. Structure is documented below.
dnsAuthorizations string[]: Authorizations that will be used for performing domain authorization
domains string[]: The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution
provisioningIssues CertificateManagedProvisioningIssue[]: (Output) Information about issues with provisioning this Managed Certificate. Structure is documented below.
state string: (Output) State of the domain for managed certificate issuance.

authorization_attempt_infos Sequence[CertificateManagedAuthorizationAttemptInfo]: (Output) Detailed state of the latest authorization attempt for each domain specified for this Managed Certificate. Structure is documented below.
dns_authorizations Sequence[str]: Authorizations that will be used for performing domain authorization
domains Sequence[str]: The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution
provisioning_issues Sequence[CertificateManagedProvisioningIssue]: (Output) Information about issues with provisioning this Managed Certificate. Structure is documented below.
state str: (Output) State of the domain for managed certificate issuance.

authorizationAttemptInfos List<Property Map>: (Output) Detailed state of the latest authorization attempt for each domain specified for this Managed Certificate. Structure is documented below.
dnsAuthorizations List<String>: Authorizations that will be used for performing domain authorization
domains List<String>: The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution
provisioningIssues List<Property Map>: (Output) Information about issues with provisioning this Managed Certificate. Structure is documented below.
state String: (Output) State of the domain for managed certificate issuance.

CertificateManagedAuthorizationAttemptInfo

Details string: (Output) Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use reason field. (Output) Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use failure_reason field.
Domain string: (Output) Domain name of the authorization attempt.
FailureReason string: (Output) Reason for failure of the authorization attempt for the domain.
State string: (Output) A state of this Managed Certificate. (Output) State of the domain for managed certificate issuance.

Details string: (Output) Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use reason field. (Output) Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use failure_reason field.
Domain string: (Output) Domain name of the authorization attempt.
FailureReason string: (Output) Reason for failure of the authorization attempt for the domain.
State string: (Output) A state of this Managed Certificate. (Output) State of the domain for managed certificate issuance.

details String: (Output) Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use reason field. (Output) Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use failure_reason field.
domain String: (Output) Domain name of the authorization attempt.
failureReason String: (Output) Reason for failure of the authorization attempt for the domain.
state String: (Output) A state of this Managed Certificate. (Output) State of the domain for managed certificate issuance.

details string: (Output) Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use reason field. (Output) Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use failure_reason field.
domain string: (Output) Domain name of the authorization attempt.
failureReason string: (Output) Reason for failure of the authorization attempt for the domain.
state string: (Output) A state of this Managed Certificate. (Output) State of the domain for managed certificate issuance.

details str: (Output) Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use reason field. (Output) Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use failure_reason field.
domain str: (Output) Domain name of the authorization attempt.
failure_reason str: (Output) Reason for failure of the authorization attempt for the domain.
state str: (Output) A state of this Managed Certificate. (Output) State of the domain for managed certificate issuance.

details String: (Output) Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use reason field. (Output) Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use failure_reason field.
domain String: (Output) Domain name of the authorization attempt.
failureReason String: (Output) Reason for failure of the authorization attempt for the domain.
state String: (Output) A state of this Managed Certificate. (Output) State of the domain for managed certificate issuance.

CertificateManagedProvisioningIssue

Details string: (Output) Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use reason field. (Output) Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use failure_reason field.
Reason string: (Output) Reason for provisioning failures.

Details string: (Output) Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use reason field. (Output) Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use failure_reason field.
Reason string: (Output) Reason for provisioning failures.

details String: (Output) Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use reason field. (Output) Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use failure_reason field.
reason String: (Output) Reason for provisioning failures.

details string: (Output) Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use reason field. (Output) Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use failure_reason field.
reason string: (Output) Reason for provisioning failures.

details str: (Output) Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use reason field. (Output) Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use failure_reason field.
reason str: (Output) Reason for provisioning failures.

details String: (Output) Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use reason field. (Output) Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use failure_reason field.
reason String: (Output) Reason for provisioning failures.

CertificateSelfManaged

CertificatePem string

(Optional, Deprecated) Deprecated The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan.

Deprecated:

Deprecated in favor of pem_certificate

PemCertificate string

The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan.

PemPrivateKey string

The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.

PrivateKeyPem string

(Optional, Deprecated) Deprecated The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.

Deprecated:

Deprecated in favor of pem_private_key

CertificatePem string

Deprecated:

Deprecated in favor of pem_certificate

PemCertificate string

The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan.

PemPrivateKey string

The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.

PrivateKeyPem string

(Optional, Deprecated) Deprecated The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.

Deprecated:

Deprecated in favor of pem_private_key

certificatePem String

Deprecated:

Deprecated in favor of pem_certificate

pemCertificate String

The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan.

pemPrivateKey String

The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.

privateKeyPem String

(Optional, Deprecated) Deprecated The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.

Deprecated:

Deprecated in favor of pem_private_key

certificatePem string

Deprecated:

Deprecated in favor of pem_certificate

pemCertificate string

The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan.

pemPrivateKey string

The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.

privateKeyPem string

(Optional, Deprecated) Deprecated The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.

Deprecated:

Deprecated in favor of pem_private_key

certificate_pem str

Deprecated:

Deprecated in favor of pem_certificate

pem_certificate str

The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan.

pem_private_key str

The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.

private_key_pem str

(Optional, Deprecated) Deprecated The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.

Deprecated:

Deprecated in favor of pem_private_key

certificatePem String

Deprecated:

Deprecated in favor of pem_certificate

pemCertificate String

The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. Note: This property is sensitive and will not be displayed in the plan.

pemPrivateKey String

The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.

privateKeyPem String

(Optional, Deprecated) Deprecated The private key of the leaf certificate in PEM-encoded form. Note: This property is sensitive and will not be displayed in the plan.

Deprecated:

Deprecated in favor of pem_private_key

Package Details

Repository: Google Cloud (GCP) Classic pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.

gcp.certificatemanager.Certificate

Import

Example Usage

Certificate Manager Google Managed Certificate

Certificate Manager Certificate Basic

Certificate Manager Self Managed Certificate Regional

Create Certificate Resource

Certificate Resource Properties

Inputs

Outputs

Look up Existing Certificate Resource

Supporting Types

CertificateManaged

CertificateManagedAuthorizationAttemptInfo

CertificateManagedProvisioningIssue

CertificateSelfManaged

Package Details

On this page