ibm 1.78.0, Apr 30 25

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

ibm.SmPrivateCertificateConfigurationTemplate

Explore with Pulumi AI

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

Provides a resource for a certificate template for private certificate secrets. This allows a certificate template to be created, updated and deleted. Note that a certificate template cannot be deleted if one or more private certificates exist that were generated with this template. Therefore, arguments that are marked as Forces new resource should not be modified if secrets generated with this template exist.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const certificateTemplate = new ibm.SmPrivateCertificateConfigurationTemplate("certificateTemplate", {
    instanceId: ibm_resource_instance.sm_instance.guid,
    region: "us-south",
    certificateAuthority: ibm_sm_private_certificate_configuration_intermediate_ca.intermediate_CA.name,
    ous: ["example_ou"],
    organizations: ["example_organization"],
    countries: ["US"],
    localities: ["example_locality"],
    provinces: ["example_province"],
    streetAddresses: ["example street address"],
    postalCodes: ["example_postal_code"],
    ttl: "2190h",
    maxTtl: "8760h",
    keyType: "rsa",
    keyBits: 4096,
    allowedDomains: ["example.com"],
    allowAnyName: true,
    allowBareDomains: false,
    allowGlobDomains: false,
    allowIpSans: true,
    allowLocalhost: true,
    allowSubdomains: false,
    allowedDomainsTemplate: false,
    allowedOtherSans: [],
    allowedUriSans: ["https://www.example.com/test"],
    enforceHostnames: false,
    serverFlag: false,
    clientFlag: false,
    codeSigningFlag: false,
    emailProtectionFlag: false,
    keyUsages: [
        "DigitalSignature",
        "KeyAgreement",
        "KeyEncipherment",
    ],
    useCsrCommonName: true,
    useCsrSans: true,
    requireCn: true,
    basicConstraintsValidForNonCa: false,
    notBeforeDuration: "30s",
}, {
    dependsOn: [ibm_sm_private_certificate_configuration_intermediate_ca.intermediate_CA],
});

import pulumi
import pulumi_ibm as ibm

certificate_template = ibm.SmPrivateCertificateConfigurationTemplate("certificateTemplate",
    instance_id=ibm_resource_instance["sm_instance"]["guid"],
    region="us-south",
    certificate_authority=ibm_sm_private_certificate_configuration_intermediate_ca["intermediate_CA"]["name"],
    ous=["example_ou"],
    organizations=["example_organization"],
    countries=["US"],
    localities=["example_locality"],
    provinces=["example_province"],
    street_addresses=["example street address"],
    postal_codes=["example_postal_code"],
    ttl="2190h",
    max_ttl="8760h",
    key_type="rsa",
    key_bits=4096,
    allowed_domains=["example.com"],
    allow_any_name=True,
    allow_bare_domains=False,
    allow_glob_domains=False,
    allow_ip_sans=True,
    allow_localhost=True,
    allow_subdomains=False,
    allowed_domains_template=False,
    allowed_other_sans=[],
    allowed_uri_sans=["https://www.example.com/test"],
    enforce_hostnames=False,
    server_flag=False,
    client_flag=False,
    code_signing_flag=False,
    email_protection_flag=False,
    key_usages=[
        "DigitalSignature",
        "KeyAgreement",
        "KeyEncipherment",
    ],
    use_csr_common_name=True,
    use_csr_sans=True,
    require_cn=True,
    basic_constraints_valid_for_non_ca=False,
    not_before_duration="30s",
    opts = pulumi.ResourceOptions(depends_on=[ibm_sm_private_certificate_configuration_intermediate_ca["intermediate_CA"]]))

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ibm.NewSmPrivateCertificateConfigurationTemplate(ctx, "certificateTemplate", &ibm.SmPrivateCertificateConfigurationTemplateArgs{
			InstanceId:           pulumi.Any(ibm_resource_instance.Sm_instance.Guid),
			Region:               pulumi.String("us-south"),
			CertificateAuthority: pulumi.Any(ibm_sm_private_certificate_configuration_intermediate_ca.Intermediate_CA.Name),
			Ous: pulumi.StringArray{
				pulumi.String("example_ou"),
			},
			Organizations: pulumi.StringArray{
				pulumi.String("example_organization"),
			},
			Countries: pulumi.StringArray{
				pulumi.String("US"),
			},
			Localities: pulumi.StringArray{
				pulumi.String("example_locality"),
			},
			Provinces: pulumi.StringArray{
				pulumi.String("example_province"),
			},
			StreetAddresses: pulumi.StringArray{
				pulumi.String("example street address"),
			},
			PostalCodes: pulumi.StringArray{
				pulumi.String("example_postal_code"),
			},
			Ttl:     pulumi.String("2190h"),
			MaxTtl:  pulumi.String("8760h"),
			KeyType: pulumi.String("rsa"),
			KeyBits: pulumi.Float64(4096),
			AllowedDomains: pulumi.StringArray{
				pulumi.String("example.com"),
			},
			AllowAnyName:           pulumi.Bool(true),
			AllowBareDomains:       pulumi.Bool(false),
			AllowGlobDomains:       pulumi.Bool(false),
			AllowIpSans:            pulumi.Bool(true),
			AllowLocalhost:         pulumi.Bool(true),
			AllowSubdomains:        pulumi.Bool(false),
			AllowedDomainsTemplate: pulumi.Bool(false),
			AllowedOtherSans:       pulumi.StringArray{},
			AllowedUriSans: pulumi.StringArray{
				pulumi.String("https://www.example.com/test"),
			},
			EnforceHostnames:    pulumi.Bool(false),
			ServerFlag:          pulumi.Bool(false),
			ClientFlag:          pulumi.Bool(false),
			CodeSigningFlag:     pulumi.Bool(false),
			EmailProtectionFlag: pulumi.Bool(false),
			KeyUsages: pulumi.StringArray{
				pulumi.String("DigitalSignature"),
				pulumi.String("KeyAgreement"),
				pulumi.String("KeyEncipherment"),
			},
			UseCsrCommonName:              pulumi.Bool(true),
			UseCsrSans:                    pulumi.Bool(true),
			RequireCn:                     pulumi.Bool(true),
			BasicConstraintsValidForNonCa: pulumi.Bool(false),
			NotBeforeDuration:             pulumi.String("30s"),
		}, pulumi.DependsOn([]pulumi.Resource{
			ibm_sm_private_certificate_configuration_intermediate_ca.Intermediate_CA,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var certificateTemplate = new Ibm.SmPrivateCertificateConfigurationTemplate("certificateTemplate", new()
    {
        InstanceId = ibm_resource_instance.Sm_instance.Guid,
        Region = "us-south",
        CertificateAuthority = ibm_sm_private_certificate_configuration_intermediate_ca.Intermediate_CA.Name,
        Ous = new[]
        {
            "example_ou",
        },
        Organizations = new[]
        {
            "example_organization",
        },
        Countries = new[]
        {
            "US",
        },
        Localities = new[]
        {
            "example_locality",
        },
        Provinces = new[]
        {
            "example_province",
        },
        StreetAddresses = new[]
        {
            "example street address",
        },
        PostalCodes = new[]
        {
            "example_postal_code",
        },
        Ttl = "2190h",
        MaxTtl = "8760h",
        KeyType = "rsa",
        KeyBits = 4096,
        AllowedDomains = new[]
        {
            "example.com",
        },
        AllowAnyName = true,
        AllowBareDomains = false,
        AllowGlobDomains = false,
        AllowIpSans = true,
        AllowLocalhost = true,
        AllowSubdomains = false,
        AllowedDomainsTemplate = false,
        AllowedOtherSans = new[] {},
        AllowedUriSans = new[]
        {
            "https://www.example.com/test",
        },
        EnforceHostnames = false,
        ServerFlag = false,
        ClientFlag = false,
        CodeSigningFlag = false,
        EmailProtectionFlag = false,
        KeyUsages = new[]
        {
            "DigitalSignature",
            "KeyAgreement",
            "KeyEncipherment",
        },
        UseCsrCommonName = true,
        UseCsrSans = true,
        RequireCn = true,
        BasicConstraintsValidForNonCa = false,
        NotBeforeDuration = "30s",
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            ibm_sm_private_certificate_configuration_intermediate_ca.Intermediate_CA,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.SmPrivateCertificateConfigurationTemplate;
import com.pulumi.ibm.SmPrivateCertificateConfigurationTemplateArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var certificateTemplate = new SmPrivateCertificateConfigurationTemplate("certificateTemplate", SmPrivateCertificateConfigurationTemplateArgs.builder()
            .instanceId(ibm_resource_instance.sm_instance().guid())
            .region("us-south")
            .certificateAuthority(ibm_sm_private_certificate_configuration_intermediate_ca.intermediate_CA().name())
            .ous("example_ou")
            .organizations("example_organization")
            .countries("US")
            .localities("example_locality")
            .provinces("example_province")
            .streetAddresses("example street address")
            .postalCodes("example_postal_code")
            .ttl("2190h")
            .maxTtl("8760h")
            .keyType("rsa")
            .keyBits(4096)
            .allowedDomains("example.com")
            .allowAnyName(true)
            .allowBareDomains(false)
            .allowGlobDomains(false)
            .allowIpSans(true)
            .allowLocalhost(true)
            .allowSubdomains(false)
            .allowedDomainsTemplate(false)
            .allowedOtherSans()
            .allowedUriSans("https://www.example.com/test")
            .enforceHostnames(false)
            .serverFlag(false)
            .clientFlag(false)
            .codeSigningFlag(false)
            .emailProtectionFlag(false)
            .keyUsages(            
                "DigitalSignature",
                "KeyAgreement",
                "KeyEncipherment")
            .useCsrCommonName(true)
            .useCsrSans(true)
            .requireCn(true)
            .basicConstraintsValidForNonCa(false)
            .notBeforeDuration("30s")
            .build(), CustomResourceOptions.builder()
                .dependsOn(ibm_sm_private_certificate_configuration_intermediate_ca.intermediate_CA())
                .build());

    }
}

resources:
  certificateTemplate:
    type: ibm:SmPrivateCertificateConfigurationTemplate
    properties:
      instanceId: ${ibm_resource_instance.sm_instance.guid}
      region: us-south
      certificateAuthority: ${ibm_sm_private_certificate_configuration_intermediate_ca.intermediate_CA.name}
      ous:
        - example_ou
      organizations:
        - example_organization
      countries:
        - US
      localities:
        - example_locality
      provinces:
        - example_province
      streetAddresses:
        - example street address
      postalCodes:
        - example_postal_code
      ttl: 2190h
      maxTtl: 8760h
      keyType: rsa
      keyBits: 4096
      allowedDomains:
        - example.com
      allowAnyName: true
      allowBareDomains: false
      allowGlobDomains: false
      allowIpSans: true
      allowLocalhost: true
      allowSubdomains: false
      allowedDomainsTemplate: false
      allowedOtherSans: []
      allowedUriSans:
        - https://www.example.com/test
      enforceHostnames: false
      serverFlag: false
      clientFlag: false
      codeSigningFlag: false
      emailProtectionFlag: false
      keyUsages:
        - DigitalSignature
        - KeyAgreement
        - KeyEncipherment
      useCsrCommonName: true
      useCsrSans: true
      requireCn: true
      basicConstraintsValidForNonCa: false
      notBeforeDuration: 30s
    options:
      dependsOn:
        - ${ibm_sm_private_certificate_configuration_intermediate_ca.intermediate_CA}

Provider Configuration

The IBM Cloud provider offers a flexible means of providing credentials for authentication. The following methods are supported, in this order, and explained below:

Static credentials
Environment variables

To find which credentials are required for this resource, see the service table here.

Static credentials

You can provide your static credentials by adding the ibmcloud_api_key, iaas_classic_username, and iaas_classic_api_key arguments in the IBM Cloud provider block.

Usage:

provider "ibm" {
    ibmcloud_api_key = ""
    iaas_classic_username = ""
    iaas_classic_api_key = ""
}

Environment variables

You can provide your credentials by exporting the IC_API_KEY, IAAS_CLASSIC_USERNAME, and IAAS_CLASSIC_API_KEY environment variables, representing your IBM Cloud platform API key, IBM Cloud Classic Infrastructure (SoftLayer) user name, and IBM Cloud infrastructure API key, respectively.

provider "ibm" {}

Usage:

export IC_API_KEY="ibmcloud_api_key"
export IAAS_CLASSIC_USERNAME="iaas_classic_username"
export IAAS_CLASSIC_API_KEY="iaas_classic_api_key"
pulumi preview

Note:

Create or find your ibmcloud_api_key and iaas_classic_api_key here.

Select My IBM Cloud API Keys option from view dropdown for ibmcloud_api_key
Select Classic Infrastructure API Keys option from view dropdown for iaas_classic_api_key

For iaas_classic_username

Go to Users
Click on user.
Find user name in the VPN password section under User Details tab

For more informaton, see here.

Create SmPrivateCertificateConfigurationTemplate Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SmPrivateCertificateConfigurationTemplate(name: string, args: SmPrivateCertificateConfigurationTemplateArgs, opts?: CustomResourceOptions);

@overload
def SmPrivateCertificateConfigurationTemplate(resource_name: str,
                                              args: SmPrivateCertificateConfigurationTemplateArgs,
                                              opts: Optional[ResourceOptions] = None)

@overload
def SmPrivateCertificateConfigurationTemplate(resource_name: str,
                                              opts: Optional[ResourceOptions] = None,
                                              certificate_authority: Optional[str] = None,
                                              instance_id: Optional[str] = None,
                                              allowed_uri_sans: Optional[Sequence[str]] = None,
                                              key_bits: Optional[float] = None,
                                              key_type: Optional[str] = None,
                                              allow_subdomains: Optional[bool] = None,
                                              allow_wildcard_certificates: Optional[bool] = None,
                                              allowed_domains: Optional[Sequence[str]] = None,
                                              allowed_domains_template: Optional[bool] = None,
                                              allowed_other_sans: Optional[Sequence[str]] = None,
                                              allowed_secret_groups: Optional[str] = None,
                                              allow_any_name: Optional[bool] = None,
                                              basic_constraints_valid_for_non_ca: Optional[bool] = None,
                                              allow_glob_domains: Optional[bool] = None,
                                              client_flag: Optional[bool] = None,
                                              code_signing_flag: Optional[bool] = None,
                                              countries: Optional[Sequence[str]] = None,
                                              email_protection_flag: Optional[bool] = None,
                                              endpoint_type: Optional[str] = None,
                                              enforce_hostnames: Optional[bool] = None,
                                              ext_key_usage_oids: Optional[Sequence[str]] = None,
                                              ext_key_usages: Optional[Sequence[str]] = None,
                                              allow_ip_sans: Optional[bool] = None,
                                              allow_bare_domains: Optional[bool] = None,
                                              allow_localhost: Optional[bool] = None,
                                              key_usages: Optional[Sequence[str]] = None,
                                              localities: Optional[Sequence[str]] = None,
                                              max_ttl: Optional[str] = None,
                                              name: Optional[str] = None,
                                              not_before_duration: Optional[str] = None,
                                              organizations: Optional[Sequence[str]] = None,
                                              ous: Optional[Sequence[str]] = None,
                                              policy_identifiers: Optional[Sequence[str]] = None,
                                              postal_codes: Optional[Sequence[str]] = None,
                                              provinces: Optional[Sequence[str]] = None,
                                              region: Optional[str] = None,
                                              require_cn: Optional[bool] = None,
                                              serial_number: Optional[str] = None,
                                              server_flag: Optional[bool] = None,
                                              sm_private_certificate_configuration_template_id: Optional[str] = None,
                                              street_addresses: Optional[Sequence[str]] = None,
                                              ttl: Optional[str] = None,
                                              use_csr_common_name: Optional[bool] = None,
                                              use_csr_sans: Optional[bool] = None)

func NewSmPrivateCertificateConfigurationTemplate(ctx *Context, name string, args SmPrivateCertificateConfigurationTemplateArgs, opts ...ResourceOption) (*SmPrivateCertificateConfigurationTemplate, error)

public SmPrivateCertificateConfigurationTemplate(string name, SmPrivateCertificateConfigurationTemplateArgs args, CustomResourceOptions? opts = null)

public SmPrivateCertificateConfigurationTemplate(String name, SmPrivateCertificateConfigurationTemplateArgs args)
public SmPrivateCertificateConfigurationTemplate(String name, SmPrivateCertificateConfigurationTemplateArgs args, CustomResourceOptions options)

type: ibm:SmPrivateCertificateConfigurationTemplate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SmPrivateCertificateConfigurationTemplateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SmPrivateCertificateConfigurationTemplateArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SmPrivateCertificateConfigurationTemplateArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SmPrivateCertificateConfigurationTemplateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SmPrivateCertificateConfigurationTemplateArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var smPrivateCertificateConfigurationTemplateResource = new Ibm.SmPrivateCertificateConfigurationTemplate("smPrivateCertificateConfigurationTemplateResource", new()
{
    CertificateAuthority = "string",
    InstanceId = "string",
    AllowedUriSans = new[]
    {
        "string",
    },
    KeyBits = 0,
    KeyType = "string",
    AllowSubdomains = false,
    AllowWildcardCertificates = false,
    AllowedDomains = new[]
    {
        "string",
    },
    AllowedDomainsTemplate = false,
    AllowedOtherSans = new[]
    {
        "string",
    },
    AllowedSecretGroups = "string",
    AllowAnyName = false,
    BasicConstraintsValidForNonCa = false,
    AllowGlobDomains = false,
    ClientFlag = false,
    CodeSigningFlag = false,
    Countries = new[]
    {
        "string",
    },
    EmailProtectionFlag = false,
    EndpointType = "string",
    EnforceHostnames = false,
    ExtKeyUsageOids = new[]
    {
        "string",
    },
    ExtKeyUsages = new[]
    {
        "string",
    },
    AllowIpSans = false,
    AllowBareDomains = false,
    AllowLocalhost = false,
    KeyUsages = new[]
    {
        "string",
    },
    Localities = new[]
    {
        "string",
    },
    MaxTtl = "string",
    Name = "string",
    NotBeforeDuration = "string",
    Organizations = new[]
    {
        "string",
    },
    Ous = new[]
    {
        "string",
    },
    PolicyIdentifiers = new[]
    {
        "string",
    },
    PostalCodes = new[]
    {
        "string",
    },
    Provinces = new[]
    {
        "string",
    },
    Region = "string",
    RequireCn = false,
    ServerFlag = false,
    SmPrivateCertificateConfigurationTemplateId = "string",
    StreetAddresses = new[]
    {
        "string",
    },
    Ttl = "string",
    UseCsrCommonName = false,
    UseCsrSans = false,
});

example, err := ibm.NewSmPrivateCertificateConfigurationTemplate(ctx, "smPrivateCertificateConfigurationTemplateResource", &ibm.SmPrivateCertificateConfigurationTemplateArgs{
	CertificateAuthority: pulumi.String("string"),
	InstanceId:           pulumi.String("string"),
	AllowedUriSans: pulumi.StringArray{
		pulumi.String("string"),
	},
	KeyBits:                   pulumi.Float64(0),
	KeyType:                   pulumi.String("string"),
	AllowSubdomains:           pulumi.Bool(false),
	AllowWildcardCertificates: pulumi.Bool(false),
	AllowedDomains: pulumi.StringArray{
		pulumi.String("string"),
	},
	AllowedDomainsTemplate: pulumi.Bool(false),
	AllowedOtherSans: pulumi.StringArray{
		pulumi.String("string"),
	},
	AllowedSecretGroups:           pulumi.String("string"),
	AllowAnyName:                  pulumi.Bool(false),
	BasicConstraintsValidForNonCa: pulumi.Bool(false),
	AllowGlobDomains:              pulumi.Bool(false),
	ClientFlag:                    pulumi.Bool(false),
	CodeSigningFlag:               pulumi.Bool(false),
	Countries: pulumi.StringArray{
		pulumi.String("string"),
	},
	EmailProtectionFlag: pulumi.Bool(false),
	EndpointType:        pulumi.String("string"),
	EnforceHostnames:    pulumi.Bool(false),
	ExtKeyUsageOids: pulumi.StringArray{
		pulumi.String("string"),
	},
	ExtKeyUsages: pulumi.StringArray{
		pulumi.String("string"),
	},
	AllowIpSans:      pulumi.Bool(false),
	AllowBareDomains: pulumi.Bool(false),
	AllowLocalhost:   pulumi.Bool(false),
	KeyUsages: pulumi.StringArray{
		pulumi.String("string"),
	},
	Localities: pulumi.StringArray{
		pulumi.String("string"),
	},
	MaxTtl:            pulumi.String("string"),
	Name:              pulumi.String("string"),
	NotBeforeDuration: pulumi.String("string"),
	Organizations: pulumi.StringArray{
		pulumi.String("string"),
	},
	Ous: pulumi.StringArray{
		pulumi.String("string"),
	},
	PolicyIdentifiers: pulumi.StringArray{
		pulumi.String("string"),
	},
	PostalCodes: pulumi.StringArray{
		pulumi.String("string"),
	},
	Provinces: pulumi.StringArray{
		pulumi.String("string"),
	},
	Region:     pulumi.String("string"),
	RequireCn:  pulumi.Bool(false),
	ServerFlag: pulumi.Bool(false),
	SmPrivateCertificateConfigurationTemplateId: pulumi.String("string"),
	StreetAddresses: pulumi.StringArray{
		pulumi.String("string"),
	},
	Ttl:              pulumi.String("string"),
	UseCsrCommonName: pulumi.Bool(false),
	UseCsrSans:       pulumi.Bool(false),
})

var smPrivateCertificateConfigurationTemplateResource = new SmPrivateCertificateConfigurationTemplate("smPrivateCertificateConfigurationTemplateResource", SmPrivateCertificateConfigurationTemplateArgs.builder()
    .certificateAuthority("string")
    .instanceId("string")
    .allowedUriSans("string")
    .keyBits(0)
    .keyType("string")
    .allowSubdomains(false)
    .allowWildcardCertificates(false)
    .allowedDomains("string")
    .allowedDomainsTemplate(false)
    .allowedOtherSans("string")
    .allowedSecretGroups("string")
    .allowAnyName(false)
    .basicConstraintsValidForNonCa(false)
    .allowGlobDomains(false)
    .clientFlag(false)
    .codeSigningFlag(false)
    .countries("string")
    .emailProtectionFlag(false)
    .endpointType("string")
    .enforceHostnames(false)
    .extKeyUsageOids("string")
    .extKeyUsages("string")
    .allowIpSans(false)
    .allowBareDomains(false)
    .allowLocalhost(false)
    .keyUsages("string")
    .localities("string")
    .maxTtl("string")
    .name("string")
    .notBeforeDuration("string")
    .organizations("string")
    .ous("string")
    .policyIdentifiers("string")
    .postalCodes("string")
    .provinces("string")
    .region("string")
    .requireCn(false)
    .serverFlag(false)
    .smPrivateCertificateConfigurationTemplateId("string")
    .streetAddresses("string")
    .ttl("string")
    .useCsrCommonName(false)
    .useCsrSans(false)
    .build());

sm_private_certificate_configuration_template_resource = ibm.SmPrivateCertificateConfigurationTemplate("smPrivateCertificateConfigurationTemplateResource",
    certificate_authority="string",
    instance_id="string",
    allowed_uri_sans=["string"],
    key_bits=0,
    key_type="string",
    allow_subdomains=False,
    allow_wildcard_certificates=False,
    allowed_domains=["string"],
    allowed_domains_template=False,
    allowed_other_sans=["string"],
    allowed_secret_groups="string",
    allow_any_name=False,
    basic_constraints_valid_for_non_ca=False,
    allow_glob_domains=False,
    client_flag=False,
    code_signing_flag=False,
    countries=["string"],
    email_protection_flag=False,
    endpoint_type="string",
    enforce_hostnames=False,
    ext_key_usage_oids=["string"],
    ext_key_usages=["string"],
    allow_ip_sans=False,
    allow_bare_domains=False,
    allow_localhost=False,
    key_usages=["string"],
    localities=["string"],
    max_ttl="string",
    name="string",
    not_before_duration="string",
    organizations=["string"],
    ous=["string"],
    policy_identifiers=["string"],
    postal_codes=["string"],
    provinces=["string"],
    region="string",
    require_cn=False,
    server_flag=False,
    sm_private_certificate_configuration_template_id="string",
    street_addresses=["string"],
    ttl="string",
    use_csr_common_name=False,
    use_csr_sans=False)

const smPrivateCertificateConfigurationTemplateResource = new ibm.SmPrivateCertificateConfigurationTemplate("smPrivateCertificateConfigurationTemplateResource", {
    certificateAuthority: "string",
    instanceId: "string",
    allowedUriSans: ["string"],
    keyBits: 0,
    keyType: "string",
    allowSubdomains: false,
    allowWildcardCertificates: false,
    allowedDomains: ["string"],
    allowedDomainsTemplate: false,
    allowedOtherSans: ["string"],
    allowedSecretGroups: "string",
    allowAnyName: false,
    basicConstraintsValidForNonCa: false,
    allowGlobDomains: false,
    clientFlag: false,
    codeSigningFlag: false,
    countries: ["string"],
    emailProtectionFlag: false,
    endpointType: "string",
    enforceHostnames: false,
    extKeyUsageOids: ["string"],
    extKeyUsages: ["string"],
    allowIpSans: false,
    allowBareDomains: false,
    allowLocalhost: false,
    keyUsages: ["string"],
    localities: ["string"],
    maxTtl: "string",
    name: "string",
    notBeforeDuration: "string",
    organizations: ["string"],
    ous: ["string"],
    policyIdentifiers: ["string"],
    postalCodes: ["string"],
    provinces: ["string"],
    region: "string",
    requireCn: false,
    serverFlag: false,
    smPrivateCertificateConfigurationTemplateId: "string",
    streetAddresses: ["string"],
    ttl: "string",
    useCsrCommonName: false,
    useCsrSans: false,
});

type: ibm:SmPrivateCertificateConfigurationTemplate
properties:
    allowAnyName: false
    allowBareDomains: false
    allowGlobDomains: false
    allowIpSans: false
    allowLocalhost: false
    allowSubdomains: false
    allowWildcardCertificates: false
    allowedDomains:
        - string
    allowedDomainsTemplate: false
    allowedOtherSans:
        - string
    allowedSecretGroups: string
    allowedUriSans:
        - string
    basicConstraintsValidForNonCa: false
    certificateAuthority: string
    clientFlag: false
    codeSigningFlag: false
    countries:
        - string
    emailProtectionFlag: false
    endpointType: string
    enforceHostnames: false
    extKeyUsageOids:
        - string
    extKeyUsages:
        - string
    instanceId: string
    keyBits: 0
    keyType: string
    keyUsages:
        - string
    localities:
        - string
    maxTtl: string
    name: string
    notBeforeDuration: string
    organizations:
        - string
    ous:
        - string
    policyIdentifiers:
        - string
    postalCodes:
        - string
    provinces:
        - string
    region: string
    requireCn: false
    serverFlag: false
    smPrivateCertificateConfigurationTemplateId: string
    streetAddresses:
        - string
    ttl: string
    useCsrCommonName: false
    useCsrSans: false

SmPrivateCertificateConfigurationTemplate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SmPrivateCertificateConfigurationTemplate resource accepts the following input properties:

CertificateAuthority string

The name of the intermediate certificate authority.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /^[A-Za-z0-9][A-Za-z0-9]*(?:_?-?\\.?[A-Za-z0-9]+)*$/.

InstanceId string

The GUID of the Secrets Manager instance.

AllowAnyName bool

Determines whether to allow clients to request a private certificate that matches any common name.

AllowBareDomains bool

Determines whether to allow clients to request private certificates that match the value of the actual domains on the final certificate.For example, if you specify example.com in the allowed_domains field, you grant clients the ability to request a certificate that contains the name example.com as one of the DNS values on the final certificate.Important: In some scenarios, allowing bare domains can be considered a security risk.

AllowGlobDomains bool

Determines whether to allow glob patterns, for example, ftp*.example.com, in the names that are specified in the allowed_domains field.If set to true, clients are allowed to request private certificates with names that match the glob patterns.

AllowIpSans bool

Determines whether to allow clients to request a private certificate with IP Subject Alternative Names.

AllowLocalhost bool

Determines whether to allow localhost to be included as one of the requested common names.

AllowSubdomains bool

Determines whether to allow clients to request private certificates with common names (CN) that are subdomains of the CNs that are allowed by the other certificate template options. This includes wildcard subdomains.For example, if allowed_domains has a value of example.com and allow_subdomainsis set to true, then the following subdomains are allowed: foo.example.com, bar.example.com, *.example.com.Note: This field is redundant if you use the allow_any_name option.

AllowWildcardCertificates bool

Determines whether the issuance of certificates with RFC 6125 wildcards in the CN field.When set to false, this field prevents wildcards from being issued even if they can be allowed by an option allow_glob_domains.

AllowedDomains List<string>

The domains to define for the certificate template. This property is used along with the allow_bare_domains and allow_subdomains options.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

AllowedDomainsTemplate bool

Determines whether to allow the domains that are supplied in the allowed_domains field to contain access control list (ACL) templates.

AllowedOtherSans List<string>

The custom Object Identifier (OID) or UTF8-string Subject Alternative Names (SANs) to allow for private certificates.The format for each element in the list is the same as OpenSSL: <oid>:<type>:<value> where the current valid type is UTF8. To allow any value for an OID, use * as its value. Alternatively, specify a single * to allow any other_sans input.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

AllowedSecretGroups string

Scopes the creation of private certificates to only the secret groups that you specify.This field can be supplied as a comma-delimited list of secret group IDs.

Constraints: The maximum length is 1024 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

AllowedUriSans List<string>

The URI Subject Alternative Names to allow for private certificates.Values can contain glob patterns, for example spiffe://hostname/_*.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

BasicConstraintsValidForNonCa bool

Determines whether to mark the Basic Constraints extension of an issued private certificate as valid for non-CA certificates.

ClientFlag bool

Determines whether private certificates are flagged for client use.

CodeSigningFlag bool

Determines whether private certificates are flagged for code signing use.

Countries List<string>

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

EmailProtectionFlag bool

Determines whether private certificates are flagged for email protection use.

EndpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

EnforceHostnames bool

Determines whether to enforce only valid host names for common names, DNS Subject Alternative Names, and the host section of email addresses.

ExtKeyUsageOids List<string>

A list of extended key usage Object Identifiers (OIDs).

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ExtKeyUsages List<string>

The allowed extended key usage constraint on private certificates.You can find valid values in the Go x509 package documentation. Omit the ExtKeyUsage part of the value. Values are not case-sensitive. To specify no key usage constraints, set this field to an empty list.

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

KeyBits double

The number of bits to use to generate the private key.Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384, and 521. The default for RSA keys is 2048. The default for EC keys is 256.

KeyType string

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

KeyUsages List<string>

The allowed key usage constraint to define for private certificates.You can find valid values in the Go x509 package documentation. Omit the KeyUsage part of the value. Values are not case-sensitive. To specify no key usage constraints, set this field to an empty list.

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

Localities List<string>

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

MaxTtl string

The maximum time-to-live (TTL) for certificates that are created by this template.

Name string

A human-readable unique name to assign to your configuration.

NotBeforeDuration string

The duration in seconds by which to backdate the not_before property of an issued private certificate.The value can be supplied as a string representation of a duration, such as 30s. In the API response, this value is returned in seconds (integer).

Organizations List<string>

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Ous List<string>

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

PolicyIdentifiers List<string>

A list of policy Object Identifiers (OIDs).

PostalCodes List<string>

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Provinces List<string>

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

Region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

RequireCn bool

Determines whether to require a common name to create a private certificate.By default, a common name is required to generate a certificate. To make the common_name field optional, set the require_cn option to false.

SerialNumber string

Deprecated. Unused field.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

Deprecated: Deprecated

ServerFlag bool

Determines whether private certificates are flagged for server use.

SmPrivateCertificateConfigurationTemplateId string

The unique identifier of the PrivateCertificateConfigurationTemplate.

StreetAddresses List<string>

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Ttl string

The requested time-to-live (TTL) for certificates that are created by this template. This field's value can't be longer than the max_ttl limit.

UseCsrCommonName bool

When used with the private_cert_configuration_action_sign_csr action, this field determines whether to use the common name (CN) from a certificate signing request (CSR) instead of the CN that's included in the data of the certificate.Does not include any requested Subject Alternative Names (SANs) in the CSR. To use the alternative names, include the use_csr_sans property.

UseCsrSans bool

When used with the private_cert_configuration_action_sign_csr action, this field determines whether to use the Subject Alternative Names(SANs) from a certificate signing request (CSR) instead of the SANs that are included in the data of the certificate.Does not include the common name in the CSR. To use the common name, include the use_csr_common_name property.

CertificateAuthority string

The name of the intermediate certificate authority.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /^[A-Za-z0-9][A-Za-z0-9]*(?:_?-?\\.?[A-Za-z0-9]+)*$/.

InstanceId string

The GUID of the Secrets Manager instance.

AllowAnyName bool

Determines whether to allow clients to request a private certificate that matches any common name.

AllowBareDomains bool

AllowGlobDomains bool

AllowIpSans bool

Determines whether to allow clients to request a private certificate with IP Subject Alternative Names.

AllowLocalhost bool

Determines whether to allow localhost to be included as one of the requested common names.

AllowSubdomains bool

AllowWildcardCertificates bool

AllowedDomains []string

The domains to define for the certificate template. This property is used along with the allow_bare_domains and allow_subdomains options.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

AllowedDomainsTemplate bool

Determines whether to allow the domains that are supplied in the allowed_domains field to contain access control list (ACL) templates.

AllowedOtherSans []string

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

AllowedSecretGroups string

Scopes the creation of private certificates to only the secret groups that you specify.This field can be supplied as a comma-delimited list of secret group IDs.

Constraints: The maximum length is 1024 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

AllowedUriSans []string

The URI Subject Alternative Names to allow for private certificates.Values can contain glob patterns, for example spiffe://hostname/_*.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

BasicConstraintsValidForNonCa bool

Determines whether to mark the Basic Constraints extension of an issued private certificate as valid for non-CA certificates.

ClientFlag bool

Determines whether private certificates are flagged for client use.

CodeSigningFlag bool

Determines whether private certificates are flagged for code signing use.

Countries []string

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

EmailProtectionFlag bool

Determines whether private certificates are flagged for email protection use.

EndpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

EnforceHostnames bool

Determines whether to enforce only valid host names for common names, DNS Subject Alternative Names, and the host section of email addresses.

ExtKeyUsageOids []string

A list of extended key usage Object Identifiers (OIDs).

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ExtKeyUsages []string

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

KeyBits float64

KeyType string

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

KeyUsages []string

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

Localities []string

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

MaxTtl string

The maximum time-to-live (TTL) for certificates that are created by this template.

Name string

A human-readable unique name to assign to your configuration.

NotBeforeDuration string

Organizations []string

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Ous []string

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

PolicyIdentifiers []string

A list of policy Object Identifiers (OIDs).

PostalCodes []string

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Provinces []string

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

Region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

RequireCn bool

SerialNumber string

Deprecated. Unused field.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

Deprecated: Deprecated

ServerFlag bool

Determines whether private certificates are flagged for server use.

SmPrivateCertificateConfigurationTemplateId string

The unique identifier of the PrivateCertificateConfigurationTemplate.

StreetAddresses []string

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Ttl string

The requested time-to-live (TTL) for certificates that are created by this template. This field's value can't be longer than the max_ttl limit.

UseCsrCommonName bool

UseCsrSans bool

certificateAuthority String

The name of the intermediate certificate authority.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /^[A-Za-z0-9][A-Za-z0-9]*(?:_?-?\\.?[A-Za-z0-9]+)*$/.

instanceId String

The GUID of the Secrets Manager instance.

allowAnyName Boolean

Determines whether to allow clients to request a private certificate that matches any common name.

allowBareDomains Boolean

allowGlobDomains Boolean

allowIpSans Boolean

Determines whether to allow clients to request a private certificate with IP Subject Alternative Names.

allowLocalhost Boolean

Determines whether to allow localhost to be included as one of the requested common names.

allowSubdomains Boolean

allowWildcardCertificates Boolean

allowedDomains List<String>

The domains to define for the certificate template. This property is used along with the allow_bare_domains and allow_subdomains options.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

allowedDomainsTemplate Boolean

Determines whether to allow the domains that are supplied in the allowed_domains field to contain access control list (ACL) templates.

allowedOtherSans List<String>

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

allowedSecretGroups String

Scopes the creation of private certificates to only the secret groups that you specify.This field can be supplied as a comma-delimited list of secret group IDs.

Constraints: The maximum length is 1024 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

allowedUriSans List<String>

The URI Subject Alternative Names to allow for private certificates.Values can contain glob patterns, for example spiffe://hostname/_*.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

basicConstraintsValidForNonCa Boolean

Determines whether to mark the Basic Constraints extension of an issued private certificate as valid for non-CA certificates.

clientFlag Boolean

Determines whether private certificates are flagged for client use.

codeSigningFlag Boolean

Determines whether private certificates are flagged for code signing use.

countries List<String>

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

emailProtectionFlag Boolean

Determines whether private certificates are flagged for email protection use.

endpointType String

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

enforceHostnames Boolean

Determines whether to enforce only valid host names for common names, DNS Subject Alternative Names, and the host section of email addresses.

extKeyUsageOids List<String>

A list of extended key usage Object Identifiers (OIDs).

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

extKeyUsages List<String>

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

keyBits Double

keyType String

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

keyUsages List<String>

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

localities List<String>

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

maxTtl String

The maximum time-to-live (TTL) for certificates that are created by this template.

name String

A human-readable unique name to assign to your configuration.

notBeforeDuration String

organizations List<String>

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ous List<String>

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

policyIdentifiers List<String>

A list of policy Object Identifiers (OIDs).

postalCodes List<String>

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

provinces List<String>

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

region String

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

requireCn Boolean

serialNumber String

Deprecated. Unused field.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

Deprecated: Deprecated

serverFlag Boolean

Determines whether private certificates are flagged for server use.

smPrivateCertificateConfigurationTemplateId String

The unique identifier of the PrivateCertificateConfigurationTemplate.

streetAddresses List<String>

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl String

The requested time-to-live (TTL) for certificates that are created by this template. This field's value can't be longer than the max_ttl limit.

useCsrCommonName Boolean

useCsrSans Boolean

certificateAuthority string

The name of the intermediate certificate authority.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /^[A-Za-z0-9][A-Za-z0-9]*(?:_?-?\\.?[A-Za-z0-9]+)*$/.

instanceId string

The GUID of the Secrets Manager instance.

allowAnyName boolean

Determines whether to allow clients to request a private certificate that matches any common name.

allowBareDomains boolean

allowGlobDomains boolean

allowIpSans boolean

Determines whether to allow clients to request a private certificate with IP Subject Alternative Names.

allowLocalhost boolean

Determines whether to allow localhost to be included as one of the requested common names.

allowSubdomains boolean

allowWildcardCertificates boolean

allowedDomains string[]

The domains to define for the certificate template. This property is used along with the allow_bare_domains and allow_subdomains options.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

allowedDomainsTemplate boolean

Determines whether to allow the domains that are supplied in the allowed_domains field to contain access control list (ACL) templates.

allowedOtherSans string[]

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

allowedSecretGroups string

Scopes the creation of private certificates to only the secret groups that you specify.This field can be supplied as a comma-delimited list of secret group IDs.

Constraints: The maximum length is 1024 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

allowedUriSans string[]

The URI Subject Alternative Names to allow for private certificates.Values can contain glob patterns, for example spiffe://hostname/_*.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

basicConstraintsValidForNonCa boolean

Determines whether to mark the Basic Constraints extension of an issued private certificate as valid for non-CA certificates.

clientFlag boolean

Determines whether private certificates are flagged for client use.

codeSigningFlag boolean

Determines whether private certificates are flagged for code signing use.

countries string[]

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

emailProtectionFlag boolean

Determines whether private certificates are flagged for email protection use.

endpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

enforceHostnames boolean

Determines whether to enforce only valid host names for common names, DNS Subject Alternative Names, and the host section of email addresses.

extKeyUsageOids string[]

A list of extended key usage Object Identifiers (OIDs).

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

extKeyUsages string[]

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

keyBits number

keyType string

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

keyUsages string[]

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

localities string[]

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

maxTtl string

The maximum time-to-live (TTL) for certificates that are created by this template.

name string

A human-readable unique name to assign to your configuration.

notBeforeDuration string

organizations string[]

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ous string[]

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

policyIdentifiers string[]

A list of policy Object Identifiers (OIDs).

postalCodes string[]

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

provinces string[]

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

requireCn boolean

serialNumber string

Deprecated. Unused field.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

Deprecated: Deprecated

serverFlag boolean

Determines whether private certificates are flagged for server use.

smPrivateCertificateConfigurationTemplateId string

The unique identifier of the PrivateCertificateConfigurationTemplate.

streetAddresses string[]

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl string

The requested time-to-live (TTL) for certificates that are created by this template. This field's value can't be longer than the max_ttl limit.

useCsrCommonName boolean

useCsrSans boolean

certificate_authority str

The name of the intermediate certificate authority.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /^[A-Za-z0-9][A-Za-z0-9]*(?:_?-?\\.?[A-Za-z0-9]+)*$/.

instance_id str

The GUID of the Secrets Manager instance.

allow_any_name bool

Determines whether to allow clients to request a private certificate that matches any common name.

allow_bare_domains bool

allow_glob_domains bool

allow_ip_sans bool

Determines whether to allow clients to request a private certificate with IP Subject Alternative Names.

allow_localhost bool

Determines whether to allow localhost to be included as one of the requested common names.

allow_subdomains bool

allow_wildcard_certificates bool

allowed_domains Sequence[str]

The domains to define for the certificate template. This property is used along with the allow_bare_domains and allow_subdomains options.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

allowed_domains_template bool

Determines whether to allow the domains that are supplied in the allowed_domains field to contain access control list (ACL) templates.

allowed_other_sans Sequence[str]

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

allowed_secret_groups str

Scopes the creation of private certificates to only the secret groups that you specify.This field can be supplied as a comma-delimited list of secret group IDs.

Constraints: The maximum length is 1024 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

allowed_uri_sans Sequence[str]

The URI Subject Alternative Names to allow for private certificates.Values can contain glob patterns, for example spiffe://hostname/_*.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

basic_constraints_valid_for_non_ca bool

Determines whether to mark the Basic Constraints extension of an issued private certificate as valid for non-CA certificates.

client_flag bool

Determines whether private certificates are flagged for client use.

code_signing_flag bool

Determines whether private certificates are flagged for code signing use.

countries Sequence[str]

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

email_protection_flag bool

Determines whether private certificates are flagged for email protection use.

endpoint_type str

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

enforce_hostnames bool

Determines whether to enforce only valid host names for common names, DNS Subject Alternative Names, and the host section of email addresses.

ext_key_usage_oids Sequence[str]

A list of extended key usage Object Identifiers (OIDs).

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ext_key_usages Sequence[str]

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

key_bits float

key_type str

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

key_usages Sequence[str]

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

localities Sequence[str]

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

max_ttl str

The maximum time-to-live (TTL) for certificates that are created by this template.

name str

A human-readable unique name to assign to your configuration.

not_before_duration str

organizations Sequence[str]

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ous Sequence[str]

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

policy_identifiers Sequence[str]

A list of policy Object Identifiers (OIDs).

postal_codes Sequence[str]

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

provinces Sequence[str]

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

region str

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

require_cn bool

serial_number str

Deprecated. Unused field.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

Deprecated: Deprecated

server_flag bool

Determines whether private certificates are flagged for server use.

sm_private_certificate_configuration_template_id str

The unique identifier of the PrivateCertificateConfigurationTemplate.

street_addresses Sequence[str]

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl str

The requested time-to-live (TTL) for certificates that are created by this template. This field's value can't be longer than the max_ttl limit.

use_csr_common_name bool

use_csr_sans bool

certificateAuthority String

The name of the intermediate certificate authority.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /^[A-Za-z0-9][A-Za-z0-9]*(?:_?-?\\.?[A-Za-z0-9]+)*$/.

instanceId String

The GUID of the Secrets Manager instance.

allowAnyName Boolean

Determines whether to allow clients to request a private certificate that matches any common name.

allowBareDomains Boolean

allowGlobDomains Boolean

allowIpSans Boolean

Determines whether to allow clients to request a private certificate with IP Subject Alternative Names.

allowLocalhost Boolean

Determines whether to allow localhost to be included as one of the requested common names.

allowSubdomains Boolean

allowWildcardCertificates Boolean

allowedDomains List<String>

The domains to define for the certificate template. This property is used along with the allow_bare_domains and allow_subdomains options.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

allowedDomainsTemplate Boolean

Determines whether to allow the domains that are supplied in the allowed_domains field to contain access control list (ACL) templates.

allowedOtherSans List<String>

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

allowedSecretGroups String

Scopes the creation of private certificates to only the secret groups that you specify.This field can be supplied as a comma-delimited list of secret group IDs.

Constraints: The maximum length is 1024 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

allowedUriSans List<String>

The URI Subject Alternative Names to allow for private certificates.Values can contain glob patterns, for example spiffe://hostname/_*.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

basicConstraintsValidForNonCa Boolean

Determines whether to mark the Basic Constraints extension of an issued private certificate as valid for non-CA certificates.

clientFlag Boolean

Determines whether private certificates are flagged for client use.

codeSigningFlag Boolean

Determines whether private certificates are flagged for code signing use.

countries List<String>

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

emailProtectionFlag Boolean

Determines whether private certificates are flagged for email protection use.

endpointType String

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

enforceHostnames Boolean

Determines whether to enforce only valid host names for common names, DNS Subject Alternative Names, and the host section of email addresses.

extKeyUsageOids List<String>

A list of extended key usage Object Identifiers (OIDs).

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

extKeyUsages List<String>

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

keyBits Number

keyType String

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

keyUsages List<String>

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

localities List<String>

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

maxTtl String

The maximum time-to-live (TTL) for certificates that are created by this template.

name String

A human-readable unique name to assign to your configuration.

notBeforeDuration String

organizations List<String>

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ous List<String>

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

policyIdentifiers List<String>

A list of policy Object Identifiers (OIDs).

postalCodes List<String>

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

provinces List<String>

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

region String

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

requireCn Boolean

serialNumber String

Deprecated. Unused field.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

Deprecated: Deprecated

serverFlag Boolean

Determines whether private certificates are flagged for server use.

smPrivateCertificateConfigurationTemplateId String

The unique identifier of the PrivateCertificateConfigurationTemplate.

streetAddresses List<String>

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl String

The requested time-to-live (TTL) for certificates that are created by this template. This field's value can't be longer than the max_ttl limit.

useCsrCommonName Boolean

useCsrSans Boolean

Outputs

All input properties are implicitly available as output properties. Additionally, the SmPrivateCertificateConfigurationTemplate resource produces the following output properties:

ConfigType string

Th configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

CreatedAt string

(String) The date when a resource was created. The date format follows RFC 3339.

CreatedBy string

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

Id string

The provider-assigned unique ID for this managed resource.

MaxTtlSeconds double

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

NotBeforeDurationSeconds double

(Integer) The duration in seconds by which to backdate the not_before property of an issued private certificate.

SecretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

TtlSeconds double

(Integer) The requested Time To Live, after which the certificate will be expired.

UpdatedAt string

(String) The date when a resource was recently modified. The date format follows RFC 3339.

ConfigType string

Th configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

CreatedAt string

(String) The date when a resource was created. The date format follows RFC 3339.

CreatedBy string

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

Id string

The provider-assigned unique ID for this managed resource.

MaxTtlSeconds float64

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

NotBeforeDurationSeconds float64

(Integer) The duration in seconds by which to backdate the not_before property of an issued private certificate.

SecretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

TtlSeconds float64

(Integer) The requested Time To Live, after which the certificate will be expired.

UpdatedAt string

(String) The date when a resource was recently modified. The date format follows RFC 3339.

configType String

Th configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

createdAt String

(String) The date when a resource was created. The date format follows RFC 3339.

createdBy String

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

id String

The provider-assigned unique ID for this managed resource.

maxTtlSeconds Double

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

notBeforeDurationSeconds Double

(Integer) The duration in seconds by which to backdate the not_before property of an issued private certificate.

secretType String

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

ttlSeconds Double

(Integer) The requested Time To Live, after which the certificate will be expired.

updatedAt String

(String) The date when a resource was recently modified. The date format follows RFC 3339.

configType string

Th configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

createdAt string

(String) The date when a resource was created. The date format follows RFC 3339.

createdBy string

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

id string

The provider-assigned unique ID for this managed resource.

maxTtlSeconds number

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

notBeforeDurationSeconds number

(Integer) The duration in seconds by which to backdate the not_before property of an issued private certificate.

secretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

ttlSeconds number

(Integer) The requested Time To Live, after which the certificate will be expired.

updatedAt string

(String) The date when a resource was recently modified. The date format follows RFC 3339.

config_type str

Th configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

created_at str

(String) The date when a resource was created. The date format follows RFC 3339.

created_by str

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

id str

The provider-assigned unique ID for this managed resource.

max_ttl_seconds float

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

not_before_duration_seconds float

(Integer) The duration in seconds by which to backdate the not_before property of an issued private certificate.

secret_type str

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

ttl_seconds float

(Integer) The requested Time To Live, after which the certificate will be expired.

updated_at str

(String) The date when a resource was recently modified. The date format follows RFC 3339.

configType String

Th configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

createdAt String

(String) The date when a resource was created. The date format follows RFC 3339.

createdBy String

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

id String

The provider-assigned unique ID for this managed resource.

maxTtlSeconds Number

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

notBeforeDurationSeconds Number

(Integer) The duration in seconds by which to backdate the not_before property of an issued private certificate.

secretType String

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

ttlSeconds Number

(Integer) The requested Time To Live, after which the certificate will be expired.

updatedAt String

(String) The date when a resource was recently modified. The date format follows RFC 3339.

Look up Existing SmPrivateCertificateConfigurationTemplate Resource

Get an existing SmPrivateCertificateConfigurationTemplate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SmPrivateCertificateConfigurationTemplateState, opts?: CustomResourceOptions): SmPrivateCertificateConfigurationTemplate

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allow_any_name: Optional[bool] = None,
        allow_bare_domains: Optional[bool] = None,
        allow_glob_domains: Optional[bool] = None,
        allow_ip_sans: Optional[bool] = None,
        allow_localhost: Optional[bool] = None,
        allow_subdomains: Optional[bool] = None,
        allow_wildcard_certificates: Optional[bool] = None,
        allowed_domains: Optional[Sequence[str]] = None,
        allowed_domains_template: Optional[bool] = None,
        allowed_other_sans: Optional[Sequence[str]] = None,
        allowed_secret_groups: Optional[str] = None,
        allowed_uri_sans: Optional[Sequence[str]] = None,
        basic_constraints_valid_for_non_ca: Optional[bool] = None,
        certificate_authority: Optional[str] = None,
        client_flag: Optional[bool] = None,
        code_signing_flag: Optional[bool] = None,
        config_type: Optional[str] = None,
        countries: Optional[Sequence[str]] = None,
        created_at: Optional[str] = None,
        created_by: Optional[str] = None,
        email_protection_flag: Optional[bool] = None,
        endpoint_type: Optional[str] = None,
        enforce_hostnames: Optional[bool] = None,
        ext_key_usage_oids: Optional[Sequence[str]] = None,
        ext_key_usages: Optional[Sequence[str]] = None,
        instance_id: Optional[str] = None,
        key_bits: Optional[float] = None,
        key_type: Optional[str] = None,
        key_usages: Optional[Sequence[str]] = None,
        localities: Optional[Sequence[str]] = None,
        max_ttl: Optional[str] = None,
        max_ttl_seconds: Optional[float] = None,
        name: Optional[str] = None,
        not_before_duration: Optional[str] = None,
        not_before_duration_seconds: Optional[float] = None,
        organizations: Optional[Sequence[str]] = None,
        ous: Optional[Sequence[str]] = None,
        policy_identifiers: Optional[Sequence[str]] = None,
        postal_codes: Optional[Sequence[str]] = None,
        provinces: Optional[Sequence[str]] = None,
        region: Optional[str] = None,
        require_cn: Optional[bool] = None,
        secret_type: Optional[str] = None,
        serial_number: Optional[str] = None,
        server_flag: Optional[bool] = None,
        sm_private_certificate_configuration_template_id: Optional[str] = None,
        street_addresses: Optional[Sequence[str]] = None,
        ttl: Optional[str] = None,
        ttl_seconds: Optional[float] = None,
        updated_at: Optional[str] = None,
        use_csr_common_name: Optional[bool] = None,
        use_csr_sans: Optional[bool] = None) -> SmPrivateCertificateConfigurationTemplate

func GetSmPrivateCertificateConfigurationTemplate(ctx *Context, name string, id IDInput, state *SmPrivateCertificateConfigurationTemplateState, opts ...ResourceOption) (*SmPrivateCertificateConfigurationTemplate, error)

public static SmPrivateCertificateConfigurationTemplate Get(string name, Input<string> id, SmPrivateCertificateConfigurationTemplateState? state, CustomResourceOptions? opts = null)

public static SmPrivateCertificateConfigurationTemplate get(String name, Output<String> id, SmPrivateCertificateConfigurationTemplateState state, CustomResourceOptions options)

resources:  _:    type: ibm:SmPrivateCertificateConfigurationTemplate    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowAnyName bool

Determines whether to allow clients to request a private certificate that matches any common name.

AllowBareDomains bool

AllowGlobDomains bool

AllowIpSans bool

Determines whether to allow clients to request a private certificate with IP Subject Alternative Names.

AllowLocalhost bool

Determines whether to allow localhost to be included as one of the requested common names.

AllowSubdomains bool

AllowWildcardCertificates bool

AllowedDomains List<string>

The domains to define for the certificate template. This property is used along with the allow_bare_domains and allow_subdomains options.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

AllowedDomainsTemplate bool

Determines whether to allow the domains that are supplied in the allowed_domains field to contain access control list (ACL) templates.

AllowedOtherSans List<string>

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

AllowedSecretGroups string

Scopes the creation of private certificates to only the secret groups that you specify.This field can be supplied as a comma-delimited list of secret group IDs.

Constraints: The maximum length is 1024 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

AllowedUriSans List<string>

The URI Subject Alternative Names to allow for private certificates.Values can contain glob patterns, for example spiffe://hostname/_*.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

BasicConstraintsValidForNonCa bool

Determines whether to mark the Basic Constraints extension of an issued private certificate as valid for non-CA certificates.

CertificateAuthority string

The name of the intermediate certificate authority.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /^[A-Za-z0-9][A-Za-z0-9]*(?:_?-?\\.?[A-Za-z0-9]+)*$/.

ClientFlag bool

Determines whether private certificates are flagged for client use.

CodeSigningFlag bool

Determines whether private certificates are flagged for code signing use.

ConfigType string

Th configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

Countries List<string>

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

CreatedAt string

(String) The date when a resource was created. The date format follows RFC 3339.

CreatedBy string

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

EmailProtectionFlag bool

Determines whether private certificates are flagged for email protection use.

EndpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

EnforceHostnames bool

Determines whether to enforce only valid host names for common names, DNS Subject Alternative Names, and the host section of email addresses.

ExtKeyUsageOids List<string>

A list of extended key usage Object Identifiers (OIDs).

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ExtKeyUsages List<string>

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

InstanceId string

The GUID of the Secrets Manager instance.

KeyBits double

KeyType string

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

KeyUsages List<string>

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

Localities List<string>

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

MaxTtl string

The maximum time-to-live (TTL) for certificates that are created by this template.

MaxTtlSeconds double

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

Name string

A human-readable unique name to assign to your configuration.

NotBeforeDuration string

NotBeforeDurationSeconds double

(Integer) The duration in seconds by which to backdate the not_before property of an issued private certificate.

Organizations List<string>

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Ous List<string>

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

PolicyIdentifiers List<string>

A list of policy Object Identifiers (OIDs).

PostalCodes List<string>

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Provinces List<string>

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

Region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

RequireCn bool

SecretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

SerialNumber string

Deprecated. Unused field.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

Deprecated: Deprecated

ServerFlag bool

Determines whether private certificates are flagged for server use.

SmPrivateCertificateConfigurationTemplateId string

The unique identifier of the PrivateCertificateConfigurationTemplate.

StreetAddresses List<string>

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Ttl string

The requested time-to-live (TTL) for certificates that are created by this template. This field's value can't be longer than the max_ttl limit.

TtlSeconds double

(Integer) The requested Time To Live, after which the certificate will be expired.

UpdatedAt string

(String) The date when a resource was recently modified. The date format follows RFC 3339.

UseCsrCommonName bool

UseCsrSans bool

AllowAnyName bool

Determines whether to allow clients to request a private certificate that matches any common name.

AllowBareDomains bool

AllowGlobDomains bool

AllowIpSans bool

Determines whether to allow clients to request a private certificate with IP Subject Alternative Names.

AllowLocalhost bool

Determines whether to allow localhost to be included as one of the requested common names.

AllowSubdomains bool

AllowWildcardCertificates bool

AllowedDomains []string

The domains to define for the certificate template. This property is used along with the allow_bare_domains and allow_subdomains options.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

AllowedDomainsTemplate bool

Determines whether to allow the domains that are supplied in the allowed_domains field to contain access control list (ACL) templates.

AllowedOtherSans []string

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

AllowedSecretGroups string

Scopes the creation of private certificates to only the secret groups that you specify.This field can be supplied as a comma-delimited list of secret group IDs.

Constraints: The maximum length is 1024 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

AllowedUriSans []string

The URI Subject Alternative Names to allow for private certificates.Values can contain glob patterns, for example spiffe://hostname/_*.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

BasicConstraintsValidForNonCa bool

Determines whether to mark the Basic Constraints extension of an issued private certificate as valid for non-CA certificates.

CertificateAuthority string

The name of the intermediate certificate authority.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /^[A-Za-z0-9][A-Za-z0-9]*(?:_?-?\\.?[A-Za-z0-9]+)*$/.

ClientFlag bool

Determines whether private certificates are flagged for client use.

CodeSigningFlag bool

Determines whether private certificates are flagged for code signing use.

ConfigType string

Th configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

Countries []string

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

CreatedAt string

(String) The date when a resource was created. The date format follows RFC 3339.

CreatedBy string

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

EmailProtectionFlag bool

Determines whether private certificates are flagged for email protection use.

EndpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

EnforceHostnames bool

Determines whether to enforce only valid host names for common names, DNS Subject Alternative Names, and the host section of email addresses.

ExtKeyUsageOids []string

A list of extended key usage Object Identifiers (OIDs).

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ExtKeyUsages []string

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

InstanceId string

The GUID of the Secrets Manager instance.

KeyBits float64

KeyType string

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

KeyUsages []string

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

Localities []string

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

MaxTtl string

The maximum time-to-live (TTL) for certificates that are created by this template.

MaxTtlSeconds float64

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

Name string

A human-readable unique name to assign to your configuration.

NotBeforeDuration string

NotBeforeDurationSeconds float64

(Integer) The duration in seconds by which to backdate the not_before property of an issued private certificate.

Organizations []string

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Ous []string

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

PolicyIdentifiers []string

A list of policy Object Identifiers (OIDs).

PostalCodes []string

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Provinces []string

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

Region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

RequireCn bool

SecretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

SerialNumber string

Deprecated. Unused field.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

Deprecated: Deprecated

ServerFlag bool

Determines whether private certificates are flagged for server use.

SmPrivateCertificateConfigurationTemplateId string

The unique identifier of the PrivateCertificateConfigurationTemplate.

StreetAddresses []string

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Ttl string

The requested time-to-live (TTL) for certificates that are created by this template. This field's value can't be longer than the max_ttl limit.

TtlSeconds float64

(Integer) The requested Time To Live, after which the certificate will be expired.

UpdatedAt string

(String) The date when a resource was recently modified. The date format follows RFC 3339.

UseCsrCommonName bool

UseCsrSans bool

allowAnyName Boolean

Determines whether to allow clients to request a private certificate that matches any common name.

allowBareDomains Boolean

allowGlobDomains Boolean

allowIpSans Boolean

Determines whether to allow clients to request a private certificate with IP Subject Alternative Names.

allowLocalhost Boolean

Determines whether to allow localhost to be included as one of the requested common names.

allowSubdomains Boolean

allowWildcardCertificates Boolean

allowedDomains List<String>

The domains to define for the certificate template. This property is used along with the allow_bare_domains and allow_subdomains options.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

allowedDomainsTemplate Boolean

Determines whether to allow the domains that are supplied in the allowed_domains field to contain access control list (ACL) templates.

allowedOtherSans List<String>

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

allowedSecretGroups String

Scopes the creation of private certificates to only the secret groups that you specify.This field can be supplied as a comma-delimited list of secret group IDs.

Constraints: The maximum length is 1024 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

allowedUriSans List<String>

The URI Subject Alternative Names to allow for private certificates.Values can contain glob patterns, for example spiffe://hostname/_*.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

basicConstraintsValidForNonCa Boolean

Determines whether to mark the Basic Constraints extension of an issued private certificate as valid for non-CA certificates.

certificateAuthority String

The name of the intermediate certificate authority.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /^[A-Za-z0-9][A-Za-z0-9]*(?:_?-?\\.?[A-Za-z0-9]+)*$/.

clientFlag Boolean

Determines whether private certificates are flagged for client use.

codeSigningFlag Boolean

Determines whether private certificates are flagged for code signing use.

configType String

Th configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

countries List<String>

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

createdAt String

(String) The date when a resource was created. The date format follows RFC 3339.

createdBy String

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

emailProtectionFlag Boolean

Determines whether private certificates are flagged for email protection use.

endpointType String

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

enforceHostnames Boolean

Determines whether to enforce only valid host names for common names, DNS Subject Alternative Names, and the host section of email addresses.

extKeyUsageOids List<String>

A list of extended key usage Object Identifiers (OIDs).

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

extKeyUsages List<String>

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

instanceId String

The GUID of the Secrets Manager instance.

keyBits Double

keyType String

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

keyUsages List<String>

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

localities List<String>

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

maxTtl String

The maximum time-to-live (TTL) for certificates that are created by this template.

maxTtlSeconds Double

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

name String

A human-readable unique name to assign to your configuration.

notBeforeDuration String

notBeforeDurationSeconds Double

(Integer) The duration in seconds by which to backdate the not_before property of an issued private certificate.

organizations List<String>

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ous List<String>

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

policyIdentifiers List<String>

A list of policy Object Identifiers (OIDs).

postalCodes List<String>

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

provinces List<String>

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

region String

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

requireCn Boolean

secretType String

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serialNumber String

Deprecated. Unused field.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

Deprecated: Deprecated

serverFlag Boolean

Determines whether private certificates are flagged for server use.

smPrivateCertificateConfigurationTemplateId String

The unique identifier of the PrivateCertificateConfigurationTemplate.

streetAddresses List<String>

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl String

The requested time-to-live (TTL) for certificates that are created by this template. This field's value can't be longer than the max_ttl limit.

ttlSeconds Double

(Integer) The requested Time To Live, after which the certificate will be expired.

updatedAt String

(String) The date when a resource was recently modified. The date format follows RFC 3339.

useCsrCommonName Boolean

useCsrSans Boolean

allowAnyName boolean

Determines whether to allow clients to request a private certificate that matches any common name.

allowBareDomains boolean

allowGlobDomains boolean

allowIpSans boolean

Determines whether to allow clients to request a private certificate with IP Subject Alternative Names.

allowLocalhost boolean

Determines whether to allow localhost to be included as one of the requested common names.

allowSubdomains boolean

allowWildcardCertificates boolean

allowedDomains string[]

The domains to define for the certificate template. This property is used along with the allow_bare_domains and allow_subdomains options.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

allowedDomainsTemplate boolean

Determines whether to allow the domains that are supplied in the allowed_domains field to contain access control list (ACL) templates.

allowedOtherSans string[]

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

allowedSecretGroups string

Scopes the creation of private certificates to only the secret groups that you specify.This field can be supplied as a comma-delimited list of secret group IDs.

Constraints: The maximum length is 1024 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

allowedUriSans string[]

The URI Subject Alternative Names to allow for private certificates.Values can contain glob patterns, for example spiffe://hostname/_*.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

basicConstraintsValidForNonCa boolean

Determines whether to mark the Basic Constraints extension of an issued private certificate as valid for non-CA certificates.

certificateAuthority string

The name of the intermediate certificate authority.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /^[A-Za-z0-9][A-Za-z0-9]*(?:_?-?\\.?[A-Za-z0-9]+)*$/.

clientFlag boolean

Determines whether private certificates are flagged for client use.

codeSigningFlag boolean

Determines whether private certificates are flagged for code signing use.

configType string

Th configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

countries string[]

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

createdAt string

(String) The date when a resource was created. The date format follows RFC 3339.

createdBy string

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

emailProtectionFlag boolean

Determines whether private certificates are flagged for email protection use.

endpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

enforceHostnames boolean

Determines whether to enforce only valid host names for common names, DNS Subject Alternative Names, and the host section of email addresses.

extKeyUsageOids string[]

A list of extended key usage Object Identifiers (OIDs).

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

extKeyUsages string[]

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

instanceId string

The GUID of the Secrets Manager instance.

keyBits number

keyType string

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

keyUsages string[]

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

localities string[]

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

maxTtl string

The maximum time-to-live (TTL) for certificates that are created by this template.

maxTtlSeconds number

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

name string

A human-readable unique name to assign to your configuration.

notBeforeDuration string

notBeforeDurationSeconds number

(Integer) The duration in seconds by which to backdate the not_before property of an issued private certificate.

organizations string[]

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ous string[]

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

policyIdentifiers string[]

A list of policy Object Identifiers (OIDs).

postalCodes string[]

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

provinces string[]

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

requireCn boolean

secretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serialNumber string

Deprecated. Unused field.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

Deprecated: Deprecated

serverFlag boolean

Determines whether private certificates are flagged for server use.

smPrivateCertificateConfigurationTemplateId string

The unique identifier of the PrivateCertificateConfigurationTemplate.

streetAddresses string[]

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl string

The requested time-to-live (TTL) for certificates that are created by this template. This field's value can't be longer than the max_ttl limit.

ttlSeconds number

(Integer) The requested Time To Live, after which the certificate will be expired.

updatedAt string

(String) The date when a resource was recently modified. The date format follows RFC 3339.

useCsrCommonName boolean

useCsrSans boolean

allow_any_name bool

Determines whether to allow clients to request a private certificate that matches any common name.

allow_bare_domains bool

allow_glob_domains bool

allow_ip_sans bool

Determines whether to allow clients to request a private certificate with IP Subject Alternative Names.

allow_localhost bool

Determines whether to allow localhost to be included as one of the requested common names.

allow_subdomains bool

allow_wildcard_certificates bool

allowed_domains Sequence[str]

The domains to define for the certificate template. This property is used along with the allow_bare_domains and allow_subdomains options.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

allowed_domains_template bool

Determines whether to allow the domains that are supplied in the allowed_domains field to contain access control list (ACL) templates.

allowed_other_sans Sequence[str]

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

allowed_secret_groups str

Scopes the creation of private certificates to only the secret groups that you specify.This field can be supplied as a comma-delimited list of secret group IDs.

Constraints: The maximum length is 1024 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

allowed_uri_sans Sequence[str]

The URI Subject Alternative Names to allow for private certificates.Values can contain glob patterns, for example spiffe://hostname/_*.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

basic_constraints_valid_for_non_ca bool

Determines whether to mark the Basic Constraints extension of an issued private certificate as valid for non-CA certificates.

certificate_authority str

The name of the intermediate certificate authority.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /^[A-Za-z0-9][A-Za-z0-9]*(?:_?-?\\.?[A-Za-z0-9]+)*$/.

client_flag bool

Determines whether private certificates are flagged for client use.

code_signing_flag bool

Determines whether private certificates are flagged for code signing use.

config_type str

Th configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

countries Sequence[str]

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

created_at str

(String) The date when a resource was created. The date format follows RFC 3339.

created_by str

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

email_protection_flag bool

Determines whether private certificates are flagged for email protection use.

endpoint_type str

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

enforce_hostnames bool

Determines whether to enforce only valid host names for common names, DNS Subject Alternative Names, and the host section of email addresses.

ext_key_usage_oids Sequence[str]

A list of extended key usage Object Identifiers (OIDs).

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ext_key_usages Sequence[str]

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

instance_id str

The GUID of the Secrets Manager instance.

key_bits float

key_type str

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

key_usages Sequence[str]

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

localities Sequence[str]

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

max_ttl str

The maximum time-to-live (TTL) for certificates that are created by this template.

max_ttl_seconds float

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

name str

A human-readable unique name to assign to your configuration.

not_before_duration str

not_before_duration_seconds float

(Integer) The duration in seconds by which to backdate the not_before property of an issued private certificate.

organizations Sequence[str]

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ous Sequence[str]

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

policy_identifiers Sequence[str]

A list of policy Object Identifiers (OIDs).

postal_codes Sequence[str]

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

provinces Sequence[str]

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

region str

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

require_cn bool

secret_type str

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serial_number str

Deprecated. Unused field.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

Deprecated: Deprecated

server_flag bool

Determines whether private certificates are flagged for server use.

sm_private_certificate_configuration_template_id str

The unique identifier of the PrivateCertificateConfigurationTemplate.

street_addresses Sequence[str]

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl str

The requested time-to-live (TTL) for certificates that are created by this template. This field's value can't be longer than the max_ttl limit.

ttl_seconds float

(Integer) The requested Time To Live, after which the certificate will be expired.

updated_at str

(String) The date when a resource was recently modified. The date format follows RFC 3339.

use_csr_common_name bool

use_csr_sans bool

allowAnyName Boolean

Determines whether to allow clients to request a private certificate that matches any common name.

allowBareDomains Boolean

allowGlobDomains Boolean

allowIpSans Boolean

Determines whether to allow clients to request a private certificate with IP Subject Alternative Names.

allowLocalhost Boolean

Determines whether to allow localhost to be included as one of the requested common names.

allowSubdomains Boolean

allowWildcardCertificates Boolean

allowedDomains List<String>

The domains to define for the certificate template. This property is used along with the allow_bare_domains and allow_subdomains options.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

allowedDomainsTemplate Boolean

Determines whether to allow the domains that are supplied in the allowed_domains field to contain access control list (ACL) templates.

allowedOtherSans List<String>

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

allowedSecretGroups String

Scopes the creation of private certificates to only the secret groups that you specify.This field can be supplied as a comma-delimited list of secret group IDs.

Constraints: The maximum length is 1024 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

allowedUriSans List<String>

The URI Subject Alternative Names to allow for private certificates.Values can contain glob patterns, for example spiffe://hostname/_*.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

basicConstraintsValidForNonCa Boolean

Determines whether to mark the Basic Constraints extension of an issued private certificate as valid for non-CA certificates.

certificateAuthority String

The name of the intermediate certificate authority.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /^[A-Za-z0-9][A-Za-z0-9]*(?:_?-?\\.?[A-Za-z0-9]+)*$/.

clientFlag Boolean

Determines whether private certificates are flagged for client use.

codeSigningFlag Boolean

Determines whether private certificates are flagged for code signing use.

configType String

Th configuration type.

Constraints: Allowable values are: public_cert_configuration_ca_lets_encrypt, public_cert_configuration_dns_classic_infrastructure, public_cert_configuration_dns_cloud_internet_services, iam_credentials_configuration, private_cert_configuration_root_ca, private_cert_configuration_intermediate_ca, private_cert_configuration_template.

countries List<String>

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

createdAt String

(String) The date when a resource was created. The date format follows RFC 3339.

createdBy String

(String) The unique identifier that is associated with the entity that created the secret.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters.

emailProtectionFlag Boolean

Determines whether private certificates are flagged for email protection use.

endpointType String

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

enforceHostnames Boolean

Determines whether to enforce only valid host names for common names, DNS Subject Alternative Names, and the host section of email addresses.

extKeyUsageOids List<String>

A list of extended key usage Object Identifiers (OIDs).

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

extKeyUsages List<String>

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

instanceId String

The GUID of the Secrets Manager instance.

keyBits Number

keyType String

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

keyUsages List<String>

Constraints: The list items must match regular expression /^[a-zA-Z]+$/. The maximum length is 100 items. The minimum length is 0 items.

localities List<String>

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

maxTtl String

The maximum time-to-live (TTL) for certificates that are created by this template.

maxTtlSeconds Number

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

name String

A human-readable unique name to assign to your configuration.

notBeforeDuration String

notBeforeDurationSeconds Number

(Integer) The duration in seconds by which to backdate the not_before property of an issued private certificate.

organizations List<String>

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ous List<String>

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

policyIdentifiers List<String>

A list of policy Object Identifiers (OIDs).

postalCodes List<String>

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

provinces List<String>

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

region String

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

requireCn Boolean

secretType String

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serialNumber String

Deprecated. Unused field.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

Deprecated: Deprecated

serverFlag Boolean

Determines whether private certificates are flagged for server use.

smPrivateCertificateConfigurationTemplateId String

The unique identifier of the PrivateCertificateConfigurationTemplate.

streetAddresses List<String>

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl String

The requested time-to-live (TTL) for certificates that are created by this template. This field's value can't be longer than the max_ttl limit.

ttlSeconds Number

(Integer) The requested Time To Live, after which the certificate will be expired.

updatedAt String

(String) The date when a resource was recently modified. The date format follows RFC 3339.

useCsrCommonName Boolean

useCsrSans Boolean

Import

You can import the ibm_sm_private_certificate_configuration_template resource by using region, instance_id, and name.

For more information, see the documentation

Syntax

bash

$ pulumi import ibm:index/smPrivateCertificateConfigurationTemplate:SmPrivateCertificateConfigurationTemplate sm_private_certificate_configuration_template <region>/<instance_id>/<name>

Example

bash

$ pulumi import ibm:index/smPrivateCertificateConfigurationTemplate:SmPrivateCertificateConfigurationTemplate sm_private_certificate_configuration_template us-east/6ebc4224-e983-496a-8a54-f40a0bfa9175/my_template

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: ibm ibm-cloud/terraform-provider-ibm
License
Notes: This Pulumi package is based on the ibm Terraform Provider.

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

ibm-cloud/terraform-provider-ibm

ibm.SmPrivateCertificateConfigurationTemplate

On this page

On this page

Example Usage

Provider Configuration

Static credentials

Environment variables

Create SmPrivateCertificateConfigurationTemplate Resource

Constructor syntax

Parameters

Constructor example

SmPrivateCertificateConfigurationTemplate Resource Properties

Inputs

Outputs

Look up Existing SmPrivateCertificateConfigurationTemplate Resource

Import

Package Details

On this page

On this page