ibm 1.78.0, Apr 30 25

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

ibm.SmPrivateCertificateConfigurationRootCa

Explore with Pulumi AI

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

Provides a resource for an internally signed root certificate authority. This allows a root CA to be created, updated and deleted. Note that a root CA cannot be deleted if there are intermediate CAs signed by it. Therefore, arguments that are marked as Forces new resource should not be modified if there are dependent intermediate CAs.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const privateCertificateRootCA = new ibm.SmPrivateCertificateConfigurationRootCa("privateCertificateRootCA", {
    instanceId: ibm_resource_instance.sm_instance.guid,
    region: "us-south",
    commonName: "ibm.com",
    altNames: [
        "alt-name-1",
        "alt-name-2",
    ],
    permittedDnsDomains: ["exampleString"],
    ous: ["example_ou"],
    organizations: ["example_organization"],
    countries: ["US"],
    localities: ["example_locality"],
    provinces: ["example_province"],
    streetAddresses: ["example street address"],
    postalCodes: ["example_postal_code"],
    ipSans: "127.0.0.1",
    uriSans: "https://www.example.com/test",
    otherSans: ["1.2.3.5.4.3.201.10.4.3;utf8:test@example.com"],
    excludeCnFromSans: false,
    ttl: "2190h",
    maxTtl: "8760h",
    maxPathLength: -1,
    issuingCertificatesUrlsEncoded: true,
    keyType: "rsa",
    keyBits: 4096,
    format: "pem",
    privateKeyFormat: "der",
    crlExpiry: "72h",
    crlDisable: false,
    crlDistributionPointsEncoded: true,
});

import pulumi
import pulumi_ibm as ibm

private_certificate_root_ca = ibm.SmPrivateCertificateConfigurationRootCa("privateCertificateRootCA",
    instance_id=ibm_resource_instance["sm_instance"]["guid"],
    region="us-south",
    common_name="ibm.com",
    alt_names=[
        "alt-name-1",
        "alt-name-2",
    ],
    permitted_dns_domains=["exampleString"],
    ous=["example_ou"],
    organizations=["example_organization"],
    countries=["US"],
    localities=["example_locality"],
    provinces=["example_province"],
    street_addresses=["example street address"],
    postal_codes=["example_postal_code"],
    ip_sans="127.0.0.1",
    uri_sans="https://www.example.com/test",
    other_sans=["1.2.3.5.4.3.201.10.4.3;utf8:test@example.com"],
    exclude_cn_from_sans=False,
    ttl="2190h",
    max_ttl="8760h",
    max_path_length=-1,
    issuing_certificates_urls_encoded=True,
    key_type="rsa",
    key_bits=4096,
    format="pem",
    private_key_format="der",
    crl_expiry="72h",
    crl_disable=False,
    crl_distribution_points_encoded=True)

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ibm.NewSmPrivateCertificateConfigurationRootCa(ctx, "privateCertificateRootCA", &ibm.SmPrivateCertificateConfigurationRootCaArgs{
			InstanceId: pulumi.Any(ibm_resource_instance.Sm_instance.Guid),
			Region:     pulumi.String("us-south"),
			CommonName: pulumi.String("ibm.com"),
			AltNames: pulumi.StringArray{
				pulumi.String("alt-name-1"),
				pulumi.String("alt-name-2"),
			},
			PermittedDnsDomains: pulumi.StringArray{
				pulumi.String("exampleString"),
			},
			Ous: pulumi.StringArray{
				pulumi.String("example_ou"),
			},
			Organizations: pulumi.StringArray{
				pulumi.String("example_organization"),
			},
			Countries: pulumi.StringArray{
				pulumi.String("US"),
			},
			Localities: pulumi.StringArray{
				pulumi.String("example_locality"),
			},
			Provinces: pulumi.StringArray{
				pulumi.String("example_province"),
			},
			StreetAddresses: pulumi.StringArray{
				pulumi.String("example street address"),
			},
			PostalCodes: pulumi.StringArray{
				pulumi.String("example_postal_code"),
			},
			IpSans:  pulumi.String("127.0.0.1"),
			UriSans: pulumi.String("https://www.example.com/test"),
			OtherSans: pulumi.StringArray{
				pulumi.String("1.2.3.5.4.3.201.10.4.3;utf8:test@example.com"),
			},
			ExcludeCnFromSans:              pulumi.Bool(false),
			Ttl:                            pulumi.String("2190h"),
			MaxTtl:                         pulumi.String("8760h"),
			MaxPathLength:                  pulumi.Float64(-1),
			IssuingCertificatesUrlsEncoded: pulumi.Bool(true),
			KeyType:                        pulumi.String("rsa"),
			KeyBits:                        pulumi.Float64(4096),
			Format:                         pulumi.String("pem"),
			PrivateKeyFormat:               pulumi.String("der"),
			CrlExpiry:                      pulumi.String("72h"),
			CrlDisable:                     pulumi.Bool(false),
			CrlDistributionPointsEncoded:   pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var privateCertificateRootCA = new Ibm.SmPrivateCertificateConfigurationRootCa("privateCertificateRootCA", new()
    {
        InstanceId = ibm_resource_instance.Sm_instance.Guid,
        Region = "us-south",
        CommonName = "ibm.com",
        AltNames = new[]
        {
            "alt-name-1",
            "alt-name-2",
        },
        PermittedDnsDomains = new[]
        {
            "exampleString",
        },
        Ous = new[]
        {
            "example_ou",
        },
        Organizations = new[]
        {
            "example_organization",
        },
        Countries = new[]
        {
            "US",
        },
        Localities = new[]
        {
            "example_locality",
        },
        Provinces = new[]
        {
            "example_province",
        },
        StreetAddresses = new[]
        {
            "example street address",
        },
        PostalCodes = new[]
        {
            "example_postal_code",
        },
        IpSans = "127.0.0.1",
        UriSans = "https://www.example.com/test",
        OtherSans = new[]
        {
            "1.2.3.5.4.3.201.10.4.3;utf8:test@example.com",
        },
        ExcludeCnFromSans = false,
        Ttl = "2190h",
        MaxTtl = "8760h",
        MaxPathLength = -1,
        IssuingCertificatesUrlsEncoded = true,
        KeyType = "rsa",
        KeyBits = 4096,
        Format = "pem",
        PrivateKeyFormat = "der",
        CrlExpiry = "72h",
        CrlDisable = false,
        CrlDistributionPointsEncoded = true,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.SmPrivateCertificateConfigurationRootCa;
import com.pulumi.ibm.SmPrivateCertificateConfigurationRootCaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var privateCertificateRootCA = new SmPrivateCertificateConfigurationRootCa("privateCertificateRootCA", SmPrivateCertificateConfigurationRootCaArgs.builder()
            .instanceId(ibm_resource_instance.sm_instance().guid())
            .region("us-south")
            .commonName("ibm.com")
            .altNames(            
                "alt-name-1",
                "alt-name-2")
            .permittedDnsDomains("exampleString")
            .ous("example_ou")
            .organizations("example_organization")
            .countries("US")
            .localities("example_locality")
            .provinces("example_province")
            .streetAddresses("example street address")
            .postalCodes("example_postal_code")
            .ipSans("127.0.0.1")
            .uriSans("https://www.example.com/test")
            .otherSans("1.2.3.5.4.3.201.10.4.3;utf8:test@example.com")
            .excludeCnFromSans(false)
            .ttl("2190h")
            .maxTtl("8760h")
            .maxPathLength(-1)
            .issuingCertificatesUrlsEncoded(true)
            .keyType("rsa")
            .keyBits(4096)
            .format("pem")
            .privateKeyFormat("der")
            .crlExpiry("72h")
            .crlDisable(false)
            .crlDistributionPointsEncoded(true)
            .build());

    }
}

resources:
  privateCertificateRootCA:
    type: ibm:SmPrivateCertificateConfigurationRootCa
    properties:
      instanceId: ${ibm_resource_instance.sm_instance.guid}
      region: us-south
      commonName: ibm.com
      altNames:
        - alt-name-1
        - alt-name-2
      permittedDnsDomains:
        - exampleString
      ous:
        - example_ou
      organizations:
        - example_organization
      countries:
        - US
      localities:
        - example_locality
      provinces:
        - example_province
      streetAddresses:
        - example street address
      postalCodes:
        - example_postal_code
      ipSans: 127.0.0.1
      uriSans: https://www.example.com/test
      otherSans:
        - 1.2.3.5.4.3.201.10.4.3;utf8:test@example.com
      excludeCnFromSans: false
      ttl: 2190h
      maxTtl: 8760h
      maxPathLength: -1
      issuingCertificatesUrlsEncoded: true
      keyType: rsa
      keyBits: 4096
      format: pem
      privateKeyFormat: der
      crlExpiry: 72h
      crlDisable: false
      crlDistributionPointsEncoded: true

Provider Configuration

The IBM Cloud provider offers a flexible means of providing credentials for authentication. The following methods are supported, in this order, and explained below:

Static credentials
Environment variables

To find which credentials are required for this resource, see the service table here.

Static credentials

You can provide your static credentials by adding the ibmcloud_api_key, iaas_classic_username, and iaas_classic_api_key arguments in the IBM Cloud provider block.

Usage:

provider "ibm" {
    ibmcloud_api_key = ""
    iaas_classic_username = ""
    iaas_classic_api_key = ""
}

Environment variables

You can provide your credentials by exporting the IC_API_KEY, IAAS_CLASSIC_USERNAME, and IAAS_CLASSIC_API_KEY environment variables, representing your IBM Cloud platform API key, IBM Cloud Classic Infrastructure (SoftLayer) user name, and IBM Cloud infrastructure API key, respectively.

provider "ibm" {}

Usage:

export IC_API_KEY="ibmcloud_api_key"
export IAAS_CLASSIC_USERNAME="iaas_classic_username"
export IAAS_CLASSIC_API_KEY="iaas_classic_api_key"
pulumi preview

Note:

Create or find your ibmcloud_api_key and iaas_classic_api_key here.

Select My IBM Cloud API Keys option from view dropdown for ibmcloud_api_key
Select Classic Infrastructure API Keys option from view dropdown for iaas_classic_api_key

For iaas_classic_username

Go to Users
Click on user.
Find user name in the VPN password section under User Details tab

For more informaton, see here.

Create SmPrivateCertificateConfigurationRootCa Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SmPrivateCertificateConfigurationRootCa(name: string, args: SmPrivateCertificateConfigurationRootCaArgs, opts?: CustomResourceOptions);

@overload
def SmPrivateCertificateConfigurationRootCa(resource_name: str,
                                            args: SmPrivateCertificateConfigurationRootCaArgs,
                                            opts: Optional[ResourceOptions] = None)

@overload
def SmPrivateCertificateConfigurationRootCa(resource_name: str,
                                            opts: Optional[ResourceOptions] = None,
                                            instance_id: Optional[str] = None,
                                            common_name: Optional[str] = None,
                                            max_ttl: Optional[str] = None,
                                            key_type: Optional[str] = None,
                                            max_path_length: Optional[float] = None,
                                            crl_expiry: Optional[str] = None,
                                            crypto_key: Optional[SmPrivateCertificateConfigurationRootCaCryptoKeyArgs] = None,
                                            endpoint_type: Optional[str] = None,
                                            exclude_cn_from_sans: Optional[bool] = None,
                                            format: Optional[str] = None,
                                            crl_disable: Optional[bool] = None,
                                            ip_sans: Optional[str] = None,
                                            issuing_certificates_urls_encoded: Optional[bool] = None,
                                            key_bits: Optional[float] = None,
                                            alt_names: Optional[Sequence[str]] = None,
                                            localities: Optional[Sequence[str]] = None,
                                            crl_distribution_points_encoded: Optional[bool] = None,
                                            countries: Optional[Sequence[str]] = None,
                                            name: Optional[str] = None,
                                            organizations: Optional[Sequence[str]] = None,
                                            other_sans: Optional[Sequence[str]] = None,
                                            ous: Optional[Sequence[str]] = None,
                                            permitted_dns_domains: Optional[Sequence[str]] = None,
                                            postal_codes: Optional[Sequence[str]] = None,
                                            private_key_format: Optional[str] = None,
                                            provinces: Optional[Sequence[str]] = None,
                                            region: Optional[str] = None,
                                            sm_private_certificate_configuration_root_ca_id: Optional[str] = None,
                                            street_addresses: Optional[Sequence[str]] = None,
                                            ttl: Optional[str] = None,
                                            uri_sans: Optional[str] = None)

func NewSmPrivateCertificateConfigurationRootCa(ctx *Context, name string, args SmPrivateCertificateConfigurationRootCaArgs, opts ...ResourceOption) (*SmPrivateCertificateConfigurationRootCa, error)

public SmPrivateCertificateConfigurationRootCa(string name, SmPrivateCertificateConfigurationRootCaArgs args, CustomResourceOptions? opts = null)

public SmPrivateCertificateConfigurationRootCa(String name, SmPrivateCertificateConfigurationRootCaArgs args)
public SmPrivateCertificateConfigurationRootCa(String name, SmPrivateCertificateConfigurationRootCaArgs args, CustomResourceOptions options)

type: ibm:SmPrivateCertificateConfigurationRootCa
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SmPrivateCertificateConfigurationRootCaArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SmPrivateCertificateConfigurationRootCaArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SmPrivateCertificateConfigurationRootCaArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SmPrivateCertificateConfigurationRootCaArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SmPrivateCertificateConfigurationRootCaArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var smPrivateCertificateConfigurationRootCaResource = new Ibm.SmPrivateCertificateConfigurationRootCa("smPrivateCertificateConfigurationRootCaResource", new()
{
    InstanceId = "string",
    CommonName = "string",
    MaxTtl = "string",
    KeyType = "string",
    MaxPathLength = 0,
    CrlExpiry = "string",
    CryptoKey = new Ibm.Inputs.SmPrivateCertificateConfigurationRootCaCryptoKeyArgs
    {
        AllowGenerateKey = false,
        Id = "string",
        Label = "string",
        Provider = new Ibm.Inputs.SmPrivateCertificateConfigurationRootCaCryptoKeyProviderArgs
        {
            InstanceCrn = "string",
            PinIamCredentialsSecretId = "string",
            PrivateKeystoreId = "string",
            Type = "string",
        },
    },
    EndpointType = "string",
    ExcludeCnFromSans = false,
    Format = "string",
    CrlDisable = false,
    IpSans = "string",
    IssuingCertificatesUrlsEncoded = false,
    KeyBits = 0,
    AltNames = new[]
    {
        "string",
    },
    Localities = new[]
    {
        "string",
    },
    CrlDistributionPointsEncoded = false,
    Countries = new[]
    {
        "string",
    },
    Name = "string",
    Organizations = new[]
    {
        "string",
    },
    OtherSans = new[]
    {
        "string",
    },
    Ous = new[]
    {
        "string",
    },
    PermittedDnsDomains = new[]
    {
        "string",
    },
    PostalCodes = new[]
    {
        "string",
    },
    PrivateKeyFormat = "string",
    Provinces = new[]
    {
        "string",
    },
    Region = "string",
    SmPrivateCertificateConfigurationRootCaId = "string",
    StreetAddresses = new[]
    {
        "string",
    },
    Ttl = "string",
    UriSans = "string",
});

example, err := ibm.NewSmPrivateCertificateConfigurationRootCa(ctx, "smPrivateCertificateConfigurationRootCaResource", &ibm.SmPrivateCertificateConfigurationRootCaArgs{
	InstanceId:    pulumi.String("string"),
	CommonName:    pulumi.String("string"),
	MaxTtl:        pulumi.String("string"),
	KeyType:       pulumi.String("string"),
	MaxPathLength: pulumi.Float64(0),
	CrlExpiry:     pulumi.String("string"),
	CryptoKey: &ibm.SmPrivateCertificateConfigurationRootCaCryptoKeyArgs{
		AllowGenerateKey: pulumi.Bool(false),
		Id:               pulumi.String("string"),
		Label:            pulumi.String("string"),
		Provider: &ibm.SmPrivateCertificateConfigurationRootCaCryptoKeyProviderArgs{
			InstanceCrn:               pulumi.String("string"),
			PinIamCredentialsSecretId: pulumi.String("string"),
			PrivateKeystoreId:         pulumi.String("string"),
			Type:                      pulumi.String("string"),
		},
	},
	EndpointType:                   pulumi.String("string"),
	ExcludeCnFromSans:              pulumi.Bool(false),
	Format:                         pulumi.String("string"),
	CrlDisable:                     pulumi.Bool(false),
	IpSans:                         pulumi.String("string"),
	IssuingCertificatesUrlsEncoded: pulumi.Bool(false),
	KeyBits:                        pulumi.Float64(0),
	AltNames: pulumi.StringArray{
		pulumi.String("string"),
	},
	Localities: pulumi.StringArray{
		pulumi.String("string"),
	},
	CrlDistributionPointsEncoded: pulumi.Bool(false),
	Countries: pulumi.StringArray{
		pulumi.String("string"),
	},
	Name: pulumi.String("string"),
	Organizations: pulumi.StringArray{
		pulumi.String("string"),
	},
	OtherSans: pulumi.StringArray{
		pulumi.String("string"),
	},
	Ous: pulumi.StringArray{
		pulumi.String("string"),
	},
	PermittedDnsDomains: pulumi.StringArray{
		pulumi.String("string"),
	},
	PostalCodes: pulumi.StringArray{
		pulumi.String("string"),
	},
	PrivateKeyFormat: pulumi.String("string"),
	Provinces: pulumi.StringArray{
		pulumi.String("string"),
	},
	Region: pulumi.String("string"),
	SmPrivateCertificateConfigurationRootCaId: pulumi.String("string"),
	StreetAddresses: pulumi.StringArray{
		pulumi.String("string"),
	},
	Ttl:     pulumi.String("string"),
	UriSans: pulumi.String("string"),
})

var smPrivateCertificateConfigurationRootCaResource = new SmPrivateCertificateConfigurationRootCa("smPrivateCertificateConfigurationRootCaResource", SmPrivateCertificateConfigurationRootCaArgs.builder()
    .instanceId("string")
    .commonName("string")
    .maxTtl("string")
    .keyType("string")
    .maxPathLength(0)
    .crlExpiry("string")
    .cryptoKey(SmPrivateCertificateConfigurationRootCaCryptoKeyArgs.builder()
        .allowGenerateKey(false)
        .id("string")
        .label("string")
        .provider(SmPrivateCertificateConfigurationRootCaCryptoKeyProviderArgs.builder()
            .instanceCrn("string")
            .pinIamCredentialsSecretId("string")
            .privateKeystoreId("string")
            .type("string")
            .build())
        .build())
    .endpointType("string")
    .excludeCnFromSans(false)
    .format("string")
    .crlDisable(false)
    .ipSans("string")
    .issuingCertificatesUrlsEncoded(false)
    .keyBits(0)
    .altNames("string")
    .localities("string")
    .crlDistributionPointsEncoded(false)
    .countries("string")
    .name("string")
    .organizations("string")
    .otherSans("string")
    .ous("string")
    .permittedDnsDomains("string")
    .postalCodes("string")
    .privateKeyFormat("string")
    .provinces("string")
    .region("string")
    .smPrivateCertificateConfigurationRootCaId("string")
    .streetAddresses("string")
    .ttl("string")
    .uriSans("string")
    .build());

sm_private_certificate_configuration_root_ca_resource = ibm.SmPrivateCertificateConfigurationRootCa("smPrivateCertificateConfigurationRootCaResource",
    instance_id="string",
    common_name="string",
    max_ttl="string",
    key_type="string",
    max_path_length=0,
    crl_expiry="string",
    crypto_key={
        "allow_generate_key": False,
        "id": "string",
        "label": "string",
        "provider": {
            "instance_crn": "string",
            "pin_iam_credentials_secret_id": "string",
            "private_keystore_id": "string",
            "type": "string",
        },
    },
    endpoint_type="string",
    exclude_cn_from_sans=False,
    format="string",
    crl_disable=False,
    ip_sans="string",
    issuing_certificates_urls_encoded=False,
    key_bits=0,
    alt_names=["string"],
    localities=["string"],
    crl_distribution_points_encoded=False,
    countries=["string"],
    name="string",
    organizations=["string"],
    other_sans=["string"],
    ous=["string"],
    permitted_dns_domains=["string"],
    postal_codes=["string"],
    private_key_format="string",
    provinces=["string"],
    region="string",
    sm_private_certificate_configuration_root_ca_id="string",
    street_addresses=["string"],
    ttl="string",
    uri_sans="string")

const smPrivateCertificateConfigurationRootCaResource = new ibm.SmPrivateCertificateConfigurationRootCa("smPrivateCertificateConfigurationRootCaResource", {
    instanceId: "string",
    commonName: "string",
    maxTtl: "string",
    keyType: "string",
    maxPathLength: 0,
    crlExpiry: "string",
    cryptoKey: {
        allowGenerateKey: false,
        id: "string",
        label: "string",
        provider: {
            instanceCrn: "string",
            pinIamCredentialsSecretId: "string",
            privateKeystoreId: "string",
            type: "string",
        },
    },
    endpointType: "string",
    excludeCnFromSans: false,
    format: "string",
    crlDisable: false,
    ipSans: "string",
    issuingCertificatesUrlsEncoded: false,
    keyBits: 0,
    altNames: ["string"],
    localities: ["string"],
    crlDistributionPointsEncoded: false,
    countries: ["string"],
    name: "string",
    organizations: ["string"],
    otherSans: ["string"],
    ous: ["string"],
    permittedDnsDomains: ["string"],
    postalCodes: ["string"],
    privateKeyFormat: "string",
    provinces: ["string"],
    region: "string",
    smPrivateCertificateConfigurationRootCaId: "string",
    streetAddresses: ["string"],
    ttl: "string",
    uriSans: "string",
});

type: ibm:SmPrivateCertificateConfigurationRootCa
properties:
    altNames:
        - string
    commonName: string
    countries:
        - string
    crlDisable: false
    crlDistributionPointsEncoded: false
    crlExpiry: string
    cryptoKey:
        allowGenerateKey: false
        id: string
        label: string
        provider:
            instanceCrn: string
            pinIamCredentialsSecretId: string
            privateKeystoreId: string
            type: string
    endpointType: string
    excludeCnFromSans: false
    format: string
    instanceId: string
    ipSans: string
    issuingCertificatesUrlsEncoded: false
    keyBits: 0
    keyType: string
    localities:
        - string
    maxPathLength: 0
    maxTtl: string
    name: string
    organizations:
        - string
    otherSans:
        - string
    ous:
        - string
    permittedDnsDomains:
        - string
    postalCodes:
        - string
    privateKeyFormat: string
    provinces:
        - string
    region: string
    smPrivateCertificateConfigurationRootCaId: string
    streetAddresses:
        - string
    ttl: string
    uriSans: string

SmPrivateCertificateConfigurationRootCa Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SmPrivateCertificateConfigurationRootCa resource accepts the following input properties:

CommonName string

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

InstanceId string

The GUID of the Secrets Manager instance.

MaxTtl string

The maximum time-to-live (TTL) for certificates that are created by this CA.

AltNames List<string>

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

Countries List<string>

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

CrlDisable bool

Disables or enables certificate revocation list (CRL) building.If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building is enabled, it will rebuild the CRL.

CrlDistributionPointsEncoded bool

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

CrlExpiry string

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

CryptoKey SmPrivateCertificateConfigurationRootCaCryptoKey

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

EndpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

ExcludeCnFromSans bool

Controls whether the common name is excluded from Subject Alternative Names (SANs).If the common name set to true, it is not included in DNS or Email SANs if they apply. This field can be useful if the common name is a human-readable identifier, instead of a hostname or an email address.

Format string

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

IpSans string

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

IssuingCertificatesUrlsEncoded bool

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

KeyBits double

The number of bits to use to generate the private key.Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384, and 521. The default for RSA keys is 2048. The default for EC keys is 256.

KeyType string

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

Localities List<string>

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

MaxPathLength double

The maximum path length to encode in the generated certificate. -1 means no limit.If the signing certificate has a maximum path length set, the path length is set to one less than that of the signing certificate. A limit of 0 means a literal path length of zero.

Name string

A human-readable unique name to assign to the root CA configuration.

Organizations List<string>

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

OtherSans List<string>

The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA certificate.The alternative names must match the values that are specified in the allowed_other_sans field in the associated certificate template. The format is the same as OpenSSL: <oid>:<type>:<value> where the current valid type is UTF8.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

Ous List<string>

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

PermittedDnsDomains List<string>

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

PostalCodes List<string>

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

PrivateKeyFormat string

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

Provinces List<string>

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

SmPrivateCertificateConfigurationRootCaId string

The unique identifier of the PrivateCertificateConfigurationRootCA.

StreetAddresses List<string>

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Ttl string

The requested time-to-live (TTL) for certificates that are created by this CA. This field's value cannot be longer than the max_ttl limit.The value can be supplied as a string representation of a duration in hours, for example '8760h'. In the API response, this value is returned in seconds (integer).

Constraints: The maximum length is 10 characters. The minimum length is 2 characters. The value must match regular expression /^[0-9]+[s,m,h,d]{0,1}$/.

UriSans string

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

CommonName string

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

InstanceId string

The GUID of the Secrets Manager instance.

MaxTtl string

The maximum time-to-live (TTL) for certificates that are created by this CA.

AltNames []string

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

Countries []string

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

CrlDisable bool

CrlDistributionPointsEncoded bool

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

CrlExpiry string

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

CryptoKey SmPrivateCertificateConfigurationRootCaCryptoKeyArgs

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

EndpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

ExcludeCnFromSans bool

Format string

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

IpSans string

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

IssuingCertificatesUrlsEncoded bool

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

KeyBits float64

KeyType string

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

Localities []string

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

MaxPathLength float64

Name string

A human-readable unique name to assign to the root CA configuration.

Organizations []string

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

OtherSans []string

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

Ous []string

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

PermittedDnsDomains []string

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

PostalCodes []string

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

PrivateKeyFormat string

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

Provinces []string

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

SmPrivateCertificateConfigurationRootCaId string

The unique identifier of the PrivateCertificateConfigurationRootCA.

StreetAddresses []string

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Ttl string

Constraints: The maximum length is 10 characters. The minimum length is 2 characters. The value must match regular expression /^[0-9]+[s,m,h,d]{0,1}$/.

UriSans string

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

commonName String

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

instanceId String

The GUID of the Secrets Manager instance.

maxTtl String

The maximum time-to-live (TTL) for certificates that are created by this CA.

altNames List<String>

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

countries List<String>

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

crlDisable Boolean

crlDistributionPointsEncoded Boolean

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

crlExpiry String

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

cryptoKey SmPrivateCertificateConfigurationRootCaCryptoKey

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

endpointType String

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

excludeCnFromSans Boolean

format String

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

ipSans String

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuingCertificatesUrlsEncoded Boolean

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

keyBits Double

keyType String

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

localities List<String>

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

maxPathLength Double

name String

A human-readable unique name to assign to the root CA configuration.

organizations List<String>

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

otherSans List<String>

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ous List<String>

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

permittedDnsDomains List<String>

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

postalCodes List<String>

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

privateKeyFormat String

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

provinces List<String>

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

region String

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

smPrivateCertificateConfigurationRootCaId String

The unique identifier of the PrivateCertificateConfigurationRootCA.

streetAddresses List<String>

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl String

Constraints: The maximum length is 10 characters. The minimum length is 2 characters. The value must match regular expression /^[0-9]+[s,m,h,d]{0,1}$/.

uriSans String

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

commonName string

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

instanceId string

The GUID of the Secrets Manager instance.

maxTtl string

The maximum time-to-live (TTL) for certificates that are created by this CA.

altNames string[]

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

countries string[]

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

crlDisable boolean

crlDistributionPointsEncoded boolean

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

crlExpiry string

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

cryptoKey SmPrivateCertificateConfigurationRootCaCryptoKey

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

endpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

excludeCnFromSans boolean

format string

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

ipSans string

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuingCertificatesUrlsEncoded boolean

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

keyBits number

keyType string

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

localities string[]

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

maxPathLength number

name string

A human-readable unique name to assign to the root CA configuration.

organizations string[]

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

otherSans string[]

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ous string[]

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

permittedDnsDomains string[]

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

postalCodes string[]

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

privateKeyFormat string

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

provinces string[]

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

smPrivateCertificateConfigurationRootCaId string

The unique identifier of the PrivateCertificateConfigurationRootCA.

streetAddresses string[]

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl string

Constraints: The maximum length is 10 characters. The minimum length is 2 characters. The value must match regular expression /^[0-9]+[s,m,h,d]{0,1}$/.

uriSans string

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

common_name str

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

instance_id str

The GUID of the Secrets Manager instance.

max_ttl str

The maximum time-to-live (TTL) for certificates that are created by this CA.

alt_names Sequence[str]

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

countries Sequence[str]

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

crl_disable bool

crl_distribution_points_encoded bool

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

crl_expiry str

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

crypto_key SmPrivateCertificateConfigurationRootCaCryptoKeyArgs

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

endpoint_type str

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

exclude_cn_from_sans bool

format str

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

ip_sans str

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuing_certificates_urls_encoded bool

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

key_bits float

key_type str

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

localities Sequence[str]

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

max_path_length float

name str

A human-readable unique name to assign to the root CA configuration.

organizations Sequence[str]

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

other_sans Sequence[str]

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ous Sequence[str]

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

permitted_dns_domains Sequence[str]

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

postal_codes Sequence[str]

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

private_key_format str

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

provinces Sequence[str]

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

region str

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

sm_private_certificate_configuration_root_ca_id str

The unique identifier of the PrivateCertificateConfigurationRootCA.

street_addresses Sequence[str]

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl str

Constraints: The maximum length is 10 characters. The minimum length is 2 characters. The value must match regular expression /^[0-9]+[s,m,h,d]{0,1}$/.

uri_sans str

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

commonName String

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

instanceId String

The GUID of the Secrets Manager instance.

maxTtl String

The maximum time-to-live (TTL) for certificates that are created by this CA.

altNames List<String>

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

countries List<String>

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

crlDisable Boolean

crlDistributionPointsEncoded Boolean

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

crlExpiry String

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

cryptoKey Property Map

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

endpointType String

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

excludeCnFromSans Boolean

format String

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

ipSans String

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuingCertificatesUrlsEncoded Boolean

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

keyBits Number

keyType String

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

localities List<String>

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

maxPathLength Number

name String

A human-readable unique name to assign to the root CA configuration.

organizations List<String>

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

otherSans List<String>

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ous List<String>

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

permittedDnsDomains List<String>

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

postalCodes List<String>

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

privateKeyFormat String

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

provinces List<String>

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

region String

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

smPrivateCertificateConfigurationRootCaId String

The unique identifier of the PrivateCertificateConfigurationRootCA.

streetAddresses List<String>

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl String

Constraints: The maximum length is 10 characters. The minimum length is 2 characters. The value must match regular expression /^[0-9]+[s,m,h,d]{0,1}$/.

uriSans String

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

Outputs

All input properties are implicitly available as output properties. Additionally, the SmPrivateCertificateConfigurationRootCa resource produces the following output properties:

ConfigType string

(String) The configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

CreatedAt string

(String) The date when a resource was created. The date format follows RFC 3339.

CreatedBy string

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

CrlExpirySeconds double

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

Datas List<SmPrivateCertificateConfigurationRootCaData>

(List) The configuration data of your Private Certificate. Nested scheme for data:

ExpirationDate string

The date a secret is expired. The date format follows RFC 3339.

Id string

The provider-assigned unique ID for this managed resource.

MaxTtlSeconds double

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

SecretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

SerialNumber string

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

Status string

(String) The status of the certificate authority. The status of a root certificate authority is either configured or expired. For intermediate certificate authorities, possible statuses include signing_required,signed_certificate_required, certificate_template_required, configured, expired or revoked.

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

TtlSeconds double

UpdatedAt string

(String) The date when a resource was recently modified. The date format follows RFC 3339.

ConfigType string

(String) The configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

CreatedAt string

(String) The date when a resource was created. The date format follows RFC 3339.

CreatedBy string

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

CrlExpirySeconds float64

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

Datas []SmPrivateCertificateConfigurationRootCaData

(List) The configuration data of your Private Certificate. Nested scheme for data:

ExpirationDate string

The date a secret is expired. The date format follows RFC 3339.

Id string

The provider-assigned unique ID for this managed resource.

MaxTtlSeconds float64

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

SecretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

SerialNumber string

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

Status string

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

TtlSeconds float64

UpdatedAt string

(String) The date when a resource was recently modified. The date format follows RFC 3339.

configType String

(String) The configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

createdAt String

(String) The date when a resource was created. The date format follows RFC 3339.

createdBy String

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

crlExpirySeconds Double

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

datas List<SmPrivateCertificateConfigurationRootCaData>

(List) The configuration data of your Private Certificate. Nested scheme for data:

expirationDate String

The date a secret is expired. The date format follows RFC 3339.

id String

The provider-assigned unique ID for this managed resource.

maxTtlSeconds Double

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

secretType String

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serialNumber String

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

status String

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

ttlSeconds Double

updatedAt String

(String) The date when a resource was recently modified. The date format follows RFC 3339.

configType string

(String) The configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

createdAt string

(String) The date when a resource was created. The date format follows RFC 3339.

createdBy string

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

crlExpirySeconds number

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

datas SmPrivateCertificateConfigurationRootCaData[]

(List) The configuration data of your Private Certificate. Nested scheme for data:

expirationDate string

The date a secret is expired. The date format follows RFC 3339.

id string

The provider-assigned unique ID for this managed resource.

maxTtlSeconds number

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

secretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serialNumber string

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

status string

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

ttlSeconds number

updatedAt string

(String) The date when a resource was recently modified. The date format follows RFC 3339.

config_type str

(String) The configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

created_at str

(String) The date when a resource was created. The date format follows RFC 3339.

created_by str

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

crl_expiry_seconds float

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

datas Sequence[SmPrivateCertificateConfigurationRootCaData]

(List) The configuration data of your Private Certificate. Nested scheme for data:

expiration_date str

The date a secret is expired. The date format follows RFC 3339.

id str

The provider-assigned unique ID for this managed resource.

max_ttl_seconds float

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

secret_type str

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serial_number str

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

status str

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

ttl_seconds float

updated_at str

(String) The date when a resource was recently modified. The date format follows RFC 3339.

configType String

(String) The configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

createdAt String

(String) The date when a resource was created. The date format follows RFC 3339.

createdBy String

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

crlExpirySeconds Number

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

datas List<Property Map>

(List) The configuration data of your Private Certificate. Nested scheme for data:

expirationDate String

The date a secret is expired. The date format follows RFC 3339.

id String

The provider-assigned unique ID for this managed resource.

maxTtlSeconds Number

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

secretType String

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serialNumber String

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

status String

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

ttlSeconds Number

updatedAt String

(String) The date when a resource was recently modified. The date format follows RFC 3339.

Look up Existing SmPrivateCertificateConfigurationRootCa Resource

Get an existing SmPrivateCertificateConfigurationRootCa resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SmPrivateCertificateConfigurationRootCaState, opts?: CustomResourceOptions): SmPrivateCertificateConfigurationRootCa

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        alt_names: Optional[Sequence[str]] = None,
        common_name: Optional[str] = None,
        config_type: Optional[str] = None,
        countries: Optional[Sequence[str]] = None,
        created_at: Optional[str] = None,
        created_by: Optional[str] = None,
        crl_disable: Optional[bool] = None,
        crl_distribution_points_encoded: Optional[bool] = None,
        crl_expiry: Optional[str] = None,
        crl_expiry_seconds: Optional[float] = None,
        crypto_key: Optional[SmPrivateCertificateConfigurationRootCaCryptoKeyArgs] = None,
        datas: Optional[Sequence[SmPrivateCertificateConfigurationRootCaDataArgs]] = None,
        endpoint_type: Optional[str] = None,
        exclude_cn_from_sans: Optional[bool] = None,
        expiration_date: Optional[str] = None,
        format: Optional[str] = None,
        instance_id: Optional[str] = None,
        ip_sans: Optional[str] = None,
        issuing_certificates_urls_encoded: Optional[bool] = None,
        key_bits: Optional[float] = None,
        key_type: Optional[str] = None,
        localities: Optional[Sequence[str]] = None,
        max_path_length: Optional[float] = None,
        max_ttl: Optional[str] = None,
        max_ttl_seconds: Optional[float] = None,
        name: Optional[str] = None,
        organizations: Optional[Sequence[str]] = None,
        other_sans: Optional[Sequence[str]] = None,
        ous: Optional[Sequence[str]] = None,
        permitted_dns_domains: Optional[Sequence[str]] = None,
        postal_codes: Optional[Sequence[str]] = None,
        private_key_format: Optional[str] = None,
        provinces: Optional[Sequence[str]] = None,
        region: Optional[str] = None,
        secret_type: Optional[str] = None,
        serial_number: Optional[str] = None,
        sm_private_certificate_configuration_root_ca_id: Optional[str] = None,
        status: Optional[str] = None,
        street_addresses: Optional[Sequence[str]] = None,
        ttl: Optional[str] = None,
        ttl_seconds: Optional[float] = None,
        updated_at: Optional[str] = None,
        uri_sans: Optional[str] = None) -> SmPrivateCertificateConfigurationRootCa

func GetSmPrivateCertificateConfigurationRootCa(ctx *Context, name string, id IDInput, state *SmPrivateCertificateConfigurationRootCaState, opts ...ResourceOption) (*SmPrivateCertificateConfigurationRootCa, error)

public static SmPrivateCertificateConfigurationRootCa Get(string name, Input<string> id, SmPrivateCertificateConfigurationRootCaState? state, CustomResourceOptions? opts = null)

public static SmPrivateCertificateConfigurationRootCa get(String name, Output<String> id, SmPrivateCertificateConfigurationRootCaState state, CustomResourceOptions options)

resources:  _:    type: ibm:SmPrivateCertificateConfigurationRootCa    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AltNames List<string>

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

CommonName string

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

ConfigType string

(String) The configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

Countries List<string>

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

CreatedAt string

(String) The date when a resource was created. The date format follows RFC 3339.

CreatedBy string

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

CrlDisable bool

CrlDistributionPointsEncoded bool

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

CrlExpiry string

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

CrlExpirySeconds double

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

CryptoKey SmPrivateCertificateConfigurationRootCaCryptoKey

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

Datas List<SmPrivateCertificateConfigurationRootCaData>

(List) The configuration data of your Private Certificate. Nested scheme for data:

EndpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

ExcludeCnFromSans bool

ExpirationDate string

The date a secret is expired. The date format follows RFC 3339.

Format string

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

InstanceId string

The GUID of the Secrets Manager instance.

IpSans string

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

IssuingCertificatesUrlsEncoded bool

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

KeyBits double

KeyType string

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

Localities List<string>

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

MaxPathLength double

MaxTtl string

The maximum time-to-live (TTL) for certificates that are created by this CA.

MaxTtlSeconds double

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

Name string

A human-readable unique name to assign to the root CA configuration.

Organizations List<string>

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

OtherSans List<string>

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

Ous List<string>

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

PermittedDnsDomains List<string>

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

PostalCodes List<string>

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

PrivateKeyFormat string

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

Provinces List<string>

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

SecretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

SerialNumber string

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

SmPrivateCertificateConfigurationRootCaId string

The unique identifier of the PrivateCertificateConfigurationRootCA.

Status string

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

StreetAddresses List<string>

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Ttl string

Constraints: The maximum length is 10 characters. The minimum length is 2 characters. The value must match regular expression /^[0-9]+[s,m,h,d]{0,1}$/.

TtlSeconds double

UpdatedAt string

(String) The date when a resource was recently modified. The date format follows RFC 3339.

UriSans string

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

AltNames []string

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

CommonName string

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

ConfigType string

(String) The configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

Countries []string

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

CreatedAt string

(String) The date when a resource was created. The date format follows RFC 3339.

CreatedBy string

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

CrlDisable bool

CrlDistributionPointsEncoded bool

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

CrlExpiry string

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

CrlExpirySeconds float64

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

CryptoKey SmPrivateCertificateConfigurationRootCaCryptoKeyArgs

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

Datas []SmPrivateCertificateConfigurationRootCaDataArgs

(List) The configuration data of your Private Certificate. Nested scheme for data:

EndpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

ExcludeCnFromSans bool

ExpirationDate string

The date a secret is expired. The date format follows RFC 3339.

Format string

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

InstanceId string

The GUID of the Secrets Manager instance.

IpSans string

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

IssuingCertificatesUrlsEncoded bool

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

KeyBits float64

KeyType string

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

Localities []string

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

MaxPathLength float64

MaxTtl string

The maximum time-to-live (TTL) for certificates that are created by this CA.

MaxTtlSeconds float64

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

Name string

A human-readable unique name to assign to the root CA configuration.

Organizations []string

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

OtherSans []string

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

Ous []string

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

PermittedDnsDomains []string

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

PostalCodes []string

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

PrivateKeyFormat string

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

Provinces []string

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

SecretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

SerialNumber string

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

SmPrivateCertificateConfigurationRootCaId string

The unique identifier of the PrivateCertificateConfigurationRootCA.

Status string

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

StreetAddresses []string

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Ttl string

Constraints: The maximum length is 10 characters. The minimum length is 2 characters. The value must match regular expression /^[0-9]+[s,m,h,d]{0,1}$/.

TtlSeconds float64

UpdatedAt string

(String) The date when a resource was recently modified. The date format follows RFC 3339.

UriSans string

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

altNames List<String>

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

commonName String

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

configType String

(String) The configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

countries List<String>

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

createdAt String

(String) The date when a resource was created. The date format follows RFC 3339.

createdBy String

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

crlDisable Boolean

crlDistributionPointsEncoded Boolean

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

crlExpiry String

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

crlExpirySeconds Double

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

cryptoKey SmPrivateCertificateConfigurationRootCaCryptoKey

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

datas List<SmPrivateCertificateConfigurationRootCaData>

(List) The configuration data of your Private Certificate. Nested scheme for data:

endpointType String

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

excludeCnFromSans Boolean

expirationDate String

The date a secret is expired. The date format follows RFC 3339.

format String

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

instanceId String

The GUID of the Secrets Manager instance.

ipSans String

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuingCertificatesUrlsEncoded Boolean

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

keyBits Double

keyType String

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

localities List<String>

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

maxPathLength Double

maxTtl String

The maximum time-to-live (TTL) for certificates that are created by this CA.

maxTtlSeconds Double

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

name String

A human-readable unique name to assign to the root CA configuration.

organizations List<String>

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

otherSans List<String>

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ous List<String>

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

permittedDnsDomains List<String>

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

postalCodes List<String>

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

privateKeyFormat String

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

provinces List<String>

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

region String

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

secretType String

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serialNumber String

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

smPrivateCertificateConfigurationRootCaId String

The unique identifier of the PrivateCertificateConfigurationRootCA.

status String

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

streetAddresses List<String>

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl String

Constraints: The maximum length is 10 characters. The minimum length is 2 characters. The value must match regular expression /^[0-9]+[s,m,h,d]{0,1}$/.

ttlSeconds Double

updatedAt String

(String) The date when a resource was recently modified. The date format follows RFC 3339.

uriSans String

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

altNames string[]

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

commonName string

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

configType string

(String) The configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

countries string[]

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

createdAt string

(String) The date when a resource was created. The date format follows RFC 3339.

createdBy string

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

crlDisable boolean

crlDistributionPointsEncoded boolean

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

crlExpiry string

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

crlExpirySeconds number

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

cryptoKey SmPrivateCertificateConfigurationRootCaCryptoKey

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

datas SmPrivateCertificateConfigurationRootCaData[]

(List) The configuration data of your Private Certificate. Nested scheme for data:

endpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

excludeCnFromSans boolean

expirationDate string

The date a secret is expired. The date format follows RFC 3339.

format string

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

instanceId string

The GUID of the Secrets Manager instance.

ipSans string

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuingCertificatesUrlsEncoded boolean

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

keyBits number

keyType string

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

localities string[]

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

maxPathLength number

maxTtl string

The maximum time-to-live (TTL) for certificates that are created by this CA.

maxTtlSeconds number

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

name string

A human-readable unique name to assign to the root CA configuration.

organizations string[]

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

otherSans string[]

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ous string[]

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

permittedDnsDomains string[]

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

postalCodes string[]

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

privateKeyFormat string

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

provinces string[]

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

secretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serialNumber string

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

smPrivateCertificateConfigurationRootCaId string

The unique identifier of the PrivateCertificateConfigurationRootCA.

status string

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

streetAddresses string[]

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl string

Constraints: The maximum length is 10 characters. The minimum length is 2 characters. The value must match regular expression /^[0-9]+[s,m,h,d]{0,1}$/.

ttlSeconds number

updatedAt string

(String) The date when a resource was recently modified. The date format follows RFC 3339.

uriSans string

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

alt_names Sequence[str]

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

common_name str

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

config_type str

(String) The configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

countries Sequence[str]

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

created_at str

(String) The date when a resource was created. The date format follows RFC 3339.

created_by str

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

crl_disable bool

crl_distribution_points_encoded bool

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

crl_expiry str

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

crl_expiry_seconds float

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

crypto_key SmPrivateCertificateConfigurationRootCaCryptoKeyArgs

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

datas Sequence[SmPrivateCertificateConfigurationRootCaDataArgs]

(List) The configuration data of your Private Certificate. Nested scheme for data:

endpoint_type str

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

exclude_cn_from_sans bool

expiration_date str

The date a secret is expired. The date format follows RFC 3339.

format str

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

instance_id str

The GUID of the Secrets Manager instance.

ip_sans str

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuing_certificates_urls_encoded bool

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

key_bits float

key_type str

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

localities Sequence[str]

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

max_path_length float

max_ttl str

The maximum time-to-live (TTL) for certificates that are created by this CA.

max_ttl_seconds float

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

name str

A human-readable unique name to assign to the root CA configuration.

organizations Sequence[str]

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

other_sans Sequence[str]

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ous Sequence[str]

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

permitted_dns_domains Sequence[str]

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

postal_codes Sequence[str]

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

private_key_format str

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

provinces Sequence[str]

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

region str

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

secret_type str

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serial_number str

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

sm_private_certificate_configuration_root_ca_id str

The unique identifier of the PrivateCertificateConfigurationRootCA.

status str

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

street_addresses Sequence[str]

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl str

Constraints: The maximum length is 10 characters. The minimum length is 2 characters. The value must match regular expression /^[0-9]+[s,m,h,d]{0,1}$/.

ttl_seconds float

updated_at str

(String) The date when a resource was recently modified. The date format follows RFC 3339.

uri_sans str

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

altNames List<String>

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

commonName String

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

configType String

(String) The configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

countries List<String>

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

createdAt String

(String) The date when a resource was created. The date format follows RFC 3339.

createdBy String

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

crlDisable Boolean

crlDistributionPointsEncoded Boolean

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

crlExpiry String

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

crlExpirySeconds Number

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

cryptoKey Property Map

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

datas List<Property Map>

(List) The configuration data of your Private Certificate. Nested scheme for data:

endpointType String

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

excludeCnFromSans Boolean

expirationDate String

The date a secret is expired. The date format follows RFC 3339.

format String

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

instanceId String

The GUID of the Secrets Manager instance.

ipSans String

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuingCertificatesUrlsEncoded Boolean

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

keyBits Number

keyType String

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

localities List<String>

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

maxPathLength Number

maxTtl String

The maximum time-to-live (TTL) for certificates that are created by this CA.

maxTtlSeconds Number

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

name String

A human-readable unique name to assign to the root CA configuration.

organizations List<String>

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

otherSans List<String>

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ous List<String>

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

permittedDnsDomains List<String>

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

postalCodes List<String>

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

privateKeyFormat String

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

provinces List<String>

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

region String

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

secretType String

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serialNumber String

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

smPrivateCertificateConfigurationRootCaId String

The unique identifier of the PrivateCertificateConfigurationRootCA.

status String

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

streetAddresses List<String>

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl String

Constraints: The maximum length is 10 characters. The minimum length is 2 characters. The value must match regular expression /^[0-9]+[s,m,h,d]{0,1}$/.

ttlSeconds Number

updatedAt String

(String) The date when a resource was recently modified. The date format follows RFC 3339.

uriSans String

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

Supporting Types

SmPrivateCertificateConfigurationRootCaCryptoKey, SmPrivateCertificateConfigurationRootCaCryptoKeyArgs

AllowGenerateKey bool

The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is false.

Id string

The ID of a PKCS#11 key to use. If the key does not exist and generation is enabled, this ID is given to the generated key. If the key exists, and generation is disabled, then this ID is used to look up the key. This value or the crypto key label must be specified.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

Label string

The label of the key to use. If the key does not exist and generation is enabled, this field is the label that is given to the generated key. If the key exists, and generation is disabled, then this label is used to look up the key. This value or the crypto key ID must be specified.

Constraints: The maximum length is 255 characters. The minimum length is 1 characters. The value must match regular expression /^[A-Za-z0-9._ /-]+$/.

Provider SmPrivateCertificateConfigurationRootCaCryptoKeyProvider

The data that is associated with a cryptographic provider. Nested scheme for provider:

AllowGenerateKey bool

The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is false.

Id string

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

Label string

Constraints: The maximum length is 255 characters. The minimum length is 1 characters. The value must match regular expression /^[A-Za-z0-9._ /-]+$/.

Provider SmPrivateCertificateConfigurationRootCaCryptoKeyProvider

The data that is associated with a cryptographic provider. Nested scheme for provider:

allowGenerateKey Boolean

The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is false.

id String

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

label String

Constraints: The maximum length is 255 characters. The minimum length is 1 characters. The value must match regular expression /^[A-Za-z0-9._ /-]+$/.

provider SmPrivateCertificateConfigurationRootCaCryptoKeyProvider

The data that is associated with a cryptographic provider. Nested scheme for provider:

allowGenerateKey boolean

The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is false.

id string

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

label string

Constraints: The maximum length is 255 characters. The minimum length is 1 characters. The value must match regular expression /^[A-Za-z0-9._ /-]+$/.

provider SmPrivateCertificateConfigurationRootCaCryptoKeyProvider

The data that is associated with a cryptographic provider. Nested scheme for provider:

allow_generate_key bool

The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is false.

id str

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

label str

Constraints: The maximum length is 255 characters. The minimum length is 1 characters. The value must match regular expression /^[A-Za-z0-9._ /-]+$/.

provider SmPrivateCertificateConfigurationRootCaCryptoKeyProvider

The data that is associated with a cryptographic provider. Nested scheme for provider:

allowGenerateKey Boolean

The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is false.

id String

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

label String

Constraints: The maximum length is 255 characters. The minimum length is 1 characters. The value must match regular expression /^[A-Za-z0-9._ /-]+$/.

provider Property Map

The data that is associated with a cryptographic provider. Nested scheme for provider:

SmPrivateCertificateConfigurationRootCaCryptoKeyProvider, SmPrivateCertificateConfigurationRootCaCryptoKeyProviderArgs

InstanceCrn string

The HPCS instance CRN.

Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression ^crn:v0-9*+,;=@/]|%[0-9A-Z]{2})*){8}$.

PinIamCredentialsSecretId string

The secret Id of iam credentials with api key to access HPCS instance.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

PrivateKeystoreId string

The HPCS private key store space id.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

Type string

The type of cryptographic provider.

Constraints: Allowable values are: hyper_protect_crypto_services.

InstanceCrn string

The HPCS instance CRN.

Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression ^crn:v0-9*+,;=@/]|%[0-9A-Z]{2})*){8}$.

PinIamCredentialsSecretId string

The secret Id of iam credentials with api key to access HPCS instance.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

PrivateKeystoreId string

The HPCS private key store space id.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

Type string

The type of cryptographic provider.

Constraints: Allowable values are: hyper_protect_crypto_services.

instanceCrn String

The HPCS instance CRN.

Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression ^crn:v0-9*+,;=@/]|%[0-9A-Z]{2})*){8}$.

pinIamCredentialsSecretId String

The secret Id of iam credentials with api key to access HPCS instance.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

privateKeystoreId String

The HPCS private key store space id.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

type String

The type of cryptographic provider.

Constraints: Allowable values are: hyper_protect_crypto_services.

instanceCrn string

The HPCS instance CRN.

Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression ^crn:v0-9*+,;=@/]|%[0-9A-Z]{2})*){8}$.

pinIamCredentialsSecretId string

The secret Id of iam credentials with api key to access HPCS instance.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

privateKeystoreId string

The HPCS private key store space id.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

type string

The type of cryptographic provider.

Constraints: Allowable values are: hyper_protect_crypto_services.

instance_crn str

The HPCS instance CRN.

Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression ^crn:v0-9*+,;=@/]|%[0-9A-Z]{2})*){8}$.

pin_iam_credentials_secret_id str

The secret Id of iam credentials with api key to access HPCS instance.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

private_keystore_id str

The HPCS private key store space id.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

type str

The type of cryptographic provider.

Constraints: Allowable values are: hyper_protect_crypto_services.

instanceCrn String

The HPCS instance CRN.

Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression ^crn:v0-9*+,;=@/]|%[0-9A-Z]{2})*){8}$.

pinIamCredentialsSecretId String

The secret Id of iam credentials with api key to access HPCS instance.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

privateKeystoreId String

The HPCS private key store space id.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

type String

The type of cryptographic provider.

Constraints: Allowable values are: hyper_protect_crypto_services.

SmPrivateCertificateConfigurationRootCaData, SmPrivateCertificateConfigurationRootCaDataArgs

CaChains List<string>

(List) The chain of certificate authorities that are associated with the certificate.

Constraints: The list items must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/. The maximum length is 16 items. The minimum length is 1 item.

Certificate string

(Forces new resource, String) The PEM-encoded contents of your certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

Csr string

(Forces new resource, String) The certificate signing request.

Constraints: The maximum length is 4096 characters. The minimum length is 2 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

Expiration double

(Integer) The certificate expiration time.

IssuingCa string

(String) The PEM-encoded certificate of the certificate authority that signed and issued this certificate.

Constraints: The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

PrivateKey string

(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

PrivateKeyType string

(Forces new resource, String) The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

CaChains []string

(List) The chain of certificate authorities that are associated with the certificate.

Constraints: The list items must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/. The maximum length is 16 items. The minimum length is 1 item.

Certificate string

(Forces new resource, String) The PEM-encoded contents of your certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

Csr string

(Forces new resource, String) The certificate signing request.

Constraints: The maximum length is 4096 characters. The minimum length is 2 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

Expiration float64

(Integer) The certificate expiration time.

IssuingCa string

(String) The PEM-encoded certificate of the certificate authority that signed and issued this certificate.

Constraints: The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

PrivateKey string

(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

PrivateKeyType string

(Forces new resource, String) The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

caChains List<String>

(List) The chain of certificate authorities that are associated with the certificate.

Constraints: The list items must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/. The maximum length is 16 items. The minimum length is 1 item.

certificate String

(Forces new resource, String) The PEM-encoded contents of your certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

csr String

(Forces new resource, String) The certificate signing request.

Constraints: The maximum length is 4096 characters. The minimum length is 2 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

expiration Double

(Integer) The certificate expiration time.

issuingCa String

(String) The PEM-encoded certificate of the certificate authority that signed and issued this certificate.

Constraints: The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

privateKey String

(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

privateKeyType String

(Forces new resource, String) The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

caChains string[]

(List) The chain of certificate authorities that are associated with the certificate.

Constraints: The list items must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/. The maximum length is 16 items. The minimum length is 1 item.

certificate string

(Forces new resource, String) The PEM-encoded contents of your certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

csr string

(Forces new resource, String) The certificate signing request.

Constraints: The maximum length is 4096 characters. The minimum length is 2 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

expiration number

(Integer) The certificate expiration time.

issuingCa string

(String) The PEM-encoded certificate of the certificate authority that signed and issued this certificate.

Constraints: The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

privateKey string

(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

privateKeyType string

(Forces new resource, String) The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

ca_chains Sequence[str]

(List) The chain of certificate authorities that are associated with the certificate.

Constraints: The list items must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/. The maximum length is 16 items. The minimum length is 1 item.

certificate str

(Forces new resource, String) The PEM-encoded contents of your certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

csr str

(Forces new resource, String) The certificate signing request.

Constraints: The maximum length is 4096 characters. The minimum length is 2 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

expiration float

(Integer) The certificate expiration time.

issuing_ca str

(String) The PEM-encoded certificate of the certificate authority that signed and issued this certificate.

Constraints: The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

private_key str

(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

private_key_type str

(Forces new resource, String) The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

caChains List<String>

(List) The chain of certificate authorities that are associated with the certificate.

Constraints: The list items must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/. The maximum length is 16 items. The minimum length is 1 item.

certificate String

(Forces new resource, String) The PEM-encoded contents of your certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

csr String

(Forces new resource, String) The certificate signing request.

Constraints: The maximum length is 4096 characters. The minimum length is 2 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

expiration Number

(Integer) The certificate expiration time.

issuingCa String

(String) The PEM-encoded certificate of the certificate authority that signed and issued this certificate.

Constraints: The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

privateKey String

(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

privateKeyType String

(Forces new resource, String) The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

Import

You can import the ibm_sm_private_certificate_configuration_root_ca resource by using region, instance_id, and name.

For more information, see the documentation

Syntax

bash

$ pulumi import ibm:index/smPrivateCertificateConfigurationRootCa:SmPrivateCertificateConfigurationRootCa sm_private_certificate_configuration_root_ca <region>/<instance_id>/<name>

Example

bash

$ pulumi import ibm:index/smPrivateCertificateConfigurationRootCa:SmPrivateCertificateConfigurationRootCa sm_private_certificate_configuration_root_ca us-east/6ebc4224-e983-496a-8a54-f40a0bfa9175/my_root_ca

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: ibm ibm-cloud/terraform-provider-ibm
License
Notes: This Pulumi package is based on the ibm Terraform Provider.

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

ibm-cloud/terraform-provider-ibm

ibm.SmPrivateCertificateConfigurationRootCa

On this page

On this page

Example Usage

Provider Configuration

Static credentials

Environment variables

Create SmPrivateCertificateConfigurationRootCa Resource

Constructor syntax

Parameters

Constructor example

SmPrivateCertificateConfigurationRootCa Resource Properties

Inputs

Outputs

Look up Existing SmPrivateCertificateConfigurationRootCa Resource

Supporting Types

SmPrivateCertificateConfigurationRootCaCryptoKey, SmPrivateCertificateConfigurationRootCaCryptoKeyArgs

SmPrivateCertificateConfigurationRootCaCryptoKeyProvider, SmPrivateCertificateConfigurationRootCaCryptoKeyProviderArgs

SmPrivateCertificateConfigurationRootCaData, SmPrivateCertificateConfigurationRootCaDataArgs

Import

Package Details

On this page

On this page