tls.SelfSignedCert
Explore with Pulumi AI
Create SelfSignedCert Resource
new SelfSignedCert(name: string, args: SelfSignedCertArgs, opts?: CustomResourceOptions);
@overload
def SelfSignedCert(resource_name: str,
opts: Optional[ResourceOptions] = None,
allowed_uses: Optional[Sequence[str]] = None,
dns_names: Optional[Sequence[str]] = None,
early_renewal_hours: Optional[int] = None,
ip_addresses: Optional[Sequence[str]] = None,
is_ca_certificate: Optional[bool] = None,
key_algorithm: Optional[str] = None,
private_key_pem: Optional[str] = None,
set_authority_key_id: Optional[bool] = None,
set_subject_key_id: Optional[bool] = None,
subject: Optional[SelfSignedCertSubjectArgs] = None,
uris: Optional[Sequence[str]] = None,
validity_period_hours: Optional[int] = None)
@overload
def SelfSignedCert(resource_name: str,
args: SelfSignedCertArgs,
opts: Optional[ResourceOptions] = None)
func NewSelfSignedCert(ctx *Context, name string, args SelfSignedCertArgs, opts ...ResourceOption) (*SelfSignedCert, error)
public SelfSignedCert(string name, SelfSignedCertArgs args, CustomResourceOptions? opts = null)
public SelfSignedCert(String name, SelfSignedCertArgs args)
public SelfSignedCert(String name, SelfSignedCertArgs args, CustomResourceOptions options)
type: tls:SelfSignedCert
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SelfSignedCertArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SelfSignedCertArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SelfSignedCertArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SelfSignedCertArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SelfSignedCertArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
SelfSignedCert Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The SelfSignedCert resource accepts the following input properties:
- Allowed
Uses List<string> List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
.- Private
Key stringPem Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the
file
interpolation function. Only an irreversible secure hash of the private key will be stored in the Terraform state.- Validity
Period intHours Number of hours, after initial issuing, that the certificate will remain valid for.
- Dns
Names List<string> List of DNS names for which a certificate is being requested (i.e. certificate subjects).
- Early
Renewal intHours The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default:
0
)- Ip
Addresses List<string> List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
- Is
Ca boolCertificate Is the generated certificate representing a Certificate Authority (CA) (default:
false
).- Key
Algorithm string Name of the algorithm used when generating the private key provided in
private_key_pem
. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.This is now ignored, as the key algorithm is inferred from the
private_key_pem
.- bool
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default:
false
).- Set
Subject boolKey Id Should the generated certificate include a subject key identifier (default:
false
).- Subject
Self
Signed Cert Subject The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
- Uris List<string>
List of URIs for which a certificate is being requested (i.e. certificate subjects).
- Allowed
Uses []string List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
.- Private
Key stringPem Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the
file
interpolation function. Only an irreversible secure hash of the private key will be stored in the Terraform state.- Validity
Period intHours Number of hours, after initial issuing, that the certificate will remain valid for.
- Dns
Names []string List of DNS names for which a certificate is being requested (i.e. certificate subjects).
- Early
Renewal intHours The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default:
0
)- Ip
Addresses []string List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
- Is
Ca boolCertificate Is the generated certificate representing a Certificate Authority (CA) (default:
false
).- Key
Algorithm string Name of the algorithm used when generating the private key provided in
private_key_pem
. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.This is now ignored, as the key algorithm is inferred from the
private_key_pem
.- bool
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default:
false
).- Set
Subject boolKey Id Should the generated certificate include a subject key identifier (default:
false
).- Subject
Self
Signed Cert Subject Args The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
- Uris []string
List of URIs for which a certificate is being requested (i.e. certificate subjects).
- allowed
Uses List<String> List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
.- private
Key StringPem Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the
file
interpolation function. Only an irreversible secure hash of the private key will be stored in the Terraform state.- validity
Period IntegerHours Number of hours, after initial issuing, that the certificate will remain valid for.
- dns
Names List<String> List of DNS names for which a certificate is being requested (i.e. certificate subjects).
- early
Renewal IntegerHours The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default:
0
)- ip
Addresses List<String> List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
- is
Ca BooleanCertificate Is the generated certificate representing a Certificate Authority (CA) (default:
false
).- key
Algorithm String Name of the algorithm used when generating the private key provided in
private_key_pem
. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.This is now ignored, as the key algorithm is inferred from the
private_key_pem
.- Boolean
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default:
false
).- set
Subject BooleanKey Id Should the generated certificate include a subject key identifier (default:
false
).- subject
Self
Signed Cert Subject The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
- uris List<String>
List of URIs for which a certificate is being requested (i.e. certificate subjects).
- allowed
Uses string[] List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
.- private
Key stringPem Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the
file
interpolation function. Only an irreversible secure hash of the private key will be stored in the Terraform state.- validity
Period numberHours Number of hours, after initial issuing, that the certificate will remain valid for.
- dns
Names string[] List of DNS names for which a certificate is being requested (i.e. certificate subjects).
- early
Renewal numberHours The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default:
0
)- ip
Addresses string[] List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
- is
Ca booleanCertificate Is the generated certificate representing a Certificate Authority (CA) (default:
false
).- key
Algorithm string Name of the algorithm used when generating the private key provided in
private_key_pem
. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.This is now ignored, as the key algorithm is inferred from the
private_key_pem
.- boolean
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default:
false
).- set
Subject booleanKey Id Should the generated certificate include a subject key identifier (default:
false
).- subject
Self
Signed Cert Subject The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
- uris string[]
List of URIs for which a certificate is being requested (i.e. certificate subjects).
- allowed_
uses Sequence[str] List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
.- private_
key_ strpem Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the
file
interpolation function. Only an irreversible secure hash of the private key will be stored in the Terraform state.- validity_
period_ inthours Number of hours, after initial issuing, that the certificate will remain valid for.
- dns_
names Sequence[str] List of DNS names for which a certificate is being requested (i.e. certificate subjects).
- early_
renewal_ inthours The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default:
0
)- ip_
addresses Sequence[str] List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
- is_
ca_ boolcertificate Is the generated certificate representing a Certificate Authority (CA) (default:
false
).- key_
algorithm str Name of the algorithm used when generating the private key provided in
private_key_pem
. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.This is now ignored, as the key algorithm is inferred from the
private_key_pem
.- bool
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default:
false
).- set_
subject_ boolkey_ id Should the generated certificate include a subject key identifier (default:
false
).- subject
Self
Signed Cert Subject Args The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
- uris Sequence[str]
List of URIs for which a certificate is being requested (i.e. certificate subjects).
- allowed
Uses List<String> List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
.- private
Key StringPem Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the
file
interpolation function. Only an irreversible secure hash of the private key will be stored in the Terraform state.- validity
Period NumberHours Number of hours, after initial issuing, that the certificate will remain valid for.
- dns
Names List<String> List of DNS names for which a certificate is being requested (i.e. certificate subjects).
- early
Renewal NumberHours The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default:
0
)- ip
Addresses List<String> List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
- is
Ca BooleanCertificate Is the generated certificate representing a Certificate Authority (CA) (default:
false
).- key
Algorithm String Name of the algorithm used when generating the private key provided in
private_key_pem
. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.This is now ignored, as the key algorithm is inferred from the
private_key_pem
.- Boolean
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default:
false
).- set
Subject BooleanKey Id Should the generated certificate include a subject key identifier (default:
false
).- subject Property Map
The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
- uris List<String>
List of URIs for which a certificate is being requested (i.e. certificate subjects).
Outputs
All input properties are implicitly available as output properties. Additionally, the SelfSignedCert resource produces the following output properties:
- Cert
Pem string Certificate data in PEM (RFC 1421).
- Id string
The provider-assigned unique ID for this managed resource.
- Ready
For boolRenewal Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)?- Validity
End stringTime The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- Validity
Start stringTime The time after which the certificate is valid, expressed as an RFC3339 timestamp.
- Cert
Pem string Certificate data in PEM (RFC 1421).
- Id string
The provider-assigned unique ID for this managed resource.
- Ready
For boolRenewal Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)?- Validity
End stringTime The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- Validity
Start stringTime The time after which the certificate is valid, expressed as an RFC3339 timestamp.
- cert
Pem String Certificate data in PEM (RFC 1421).
- id String
The provider-assigned unique ID for this managed resource.
- ready
For BooleanRenewal Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)?- validity
End StringTime The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- validity
Start StringTime The time after which the certificate is valid, expressed as an RFC3339 timestamp.
- cert
Pem string Certificate data in PEM (RFC 1421).
- id string
The provider-assigned unique ID for this managed resource.
- ready
For booleanRenewal Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)?- validity
End stringTime The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- validity
Start stringTime The time after which the certificate is valid, expressed as an RFC3339 timestamp.
- cert_
pem str Certificate data in PEM (RFC 1421).
- id str
The provider-assigned unique ID for this managed resource.
- ready_
for_ boolrenewal Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)?- validity_
end_ strtime The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- validity_
start_ strtime The time after which the certificate is valid, expressed as an RFC3339 timestamp.
- cert
Pem String Certificate data in PEM (RFC 1421).
- id String
The provider-assigned unique ID for this managed resource.
- ready
For BooleanRenewal Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)?- validity
End StringTime The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- validity
Start StringTime The time after which the certificate is valid, expressed as an RFC3339 timestamp.
Look up Existing SelfSignedCert Resource
Get an existing SelfSignedCert resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SelfSignedCertState, opts?: CustomResourceOptions): SelfSignedCert
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allowed_uses: Optional[Sequence[str]] = None,
cert_pem: Optional[str] = None,
dns_names: Optional[Sequence[str]] = None,
early_renewal_hours: Optional[int] = None,
ip_addresses: Optional[Sequence[str]] = None,
is_ca_certificate: Optional[bool] = None,
key_algorithm: Optional[str] = None,
private_key_pem: Optional[str] = None,
ready_for_renewal: Optional[bool] = None,
set_authority_key_id: Optional[bool] = None,
set_subject_key_id: Optional[bool] = None,
subject: Optional[SelfSignedCertSubjectArgs] = None,
uris: Optional[Sequence[str]] = None,
validity_end_time: Optional[str] = None,
validity_period_hours: Optional[int] = None,
validity_start_time: Optional[str] = None) -> SelfSignedCert
func GetSelfSignedCert(ctx *Context, name string, id IDInput, state *SelfSignedCertState, opts ...ResourceOption) (*SelfSignedCert, error)
public static SelfSignedCert Get(string name, Input<string> id, SelfSignedCertState? state, CustomResourceOptions? opts = null)
public static SelfSignedCert get(String name, Output<String> id, SelfSignedCertState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allowed
Uses List<string> List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
.- Cert
Pem string Certificate data in PEM (RFC 1421).
- Dns
Names List<string> List of DNS names for which a certificate is being requested (i.e. certificate subjects).
- Early
Renewal intHours The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default:
0
)- Ip
Addresses List<string> List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
- Is
Ca boolCertificate Is the generated certificate representing a Certificate Authority (CA) (default:
false
).- Key
Algorithm string Name of the algorithm used when generating the private key provided in
private_key_pem
. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.This is now ignored, as the key algorithm is inferred from the
private_key_pem
.- Private
Key stringPem Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the
file
interpolation function. Only an irreversible secure hash of the private key will be stored in the Terraform state.- Ready
For boolRenewal Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)?- bool
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default:
false
).- Set
Subject boolKey Id Should the generated certificate include a subject key identifier (default:
false
).- Subject
Self
Signed Cert Subject The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
- Uris List<string>
List of URIs for which a certificate is being requested (i.e. certificate subjects).
- Validity
End stringTime The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- Validity
Period intHours Number of hours, after initial issuing, that the certificate will remain valid for.
- Validity
Start stringTime The time after which the certificate is valid, expressed as an RFC3339 timestamp.
- Allowed
Uses []string List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
.- Cert
Pem string Certificate data in PEM (RFC 1421).
- Dns
Names []string List of DNS names for which a certificate is being requested (i.e. certificate subjects).
- Early
Renewal intHours The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default:
0
)- Ip
Addresses []string List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
- Is
Ca boolCertificate Is the generated certificate representing a Certificate Authority (CA) (default:
false
).- Key
Algorithm string Name of the algorithm used when generating the private key provided in
private_key_pem
. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.This is now ignored, as the key algorithm is inferred from the
private_key_pem
.- Private
Key stringPem Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the
file
interpolation function. Only an irreversible secure hash of the private key will be stored in the Terraform state.- Ready
For boolRenewal Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)?- bool
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default:
false
).- Set
Subject boolKey Id Should the generated certificate include a subject key identifier (default:
false
).- Subject
Self
Signed Cert Subject Args The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
- Uris []string
List of URIs for which a certificate is being requested (i.e. certificate subjects).
- Validity
End stringTime The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- Validity
Period intHours Number of hours, after initial issuing, that the certificate will remain valid for.
- Validity
Start stringTime The time after which the certificate is valid, expressed as an RFC3339 timestamp.
- allowed
Uses List<String> List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
.- cert
Pem String Certificate data in PEM (RFC 1421).
- dns
Names List<String> List of DNS names for which a certificate is being requested (i.e. certificate subjects).
- early
Renewal IntegerHours The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default:
0
)- ip
Addresses List<String> List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
- is
Ca BooleanCertificate Is the generated certificate representing a Certificate Authority (CA) (default:
false
).- key
Algorithm String Name of the algorithm used when generating the private key provided in
private_key_pem
. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.This is now ignored, as the key algorithm is inferred from the
private_key_pem
.- private
Key StringPem Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the
file
interpolation function. Only an irreversible secure hash of the private key will be stored in the Terraform state.- ready
For BooleanRenewal Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)?- Boolean
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default:
false
).- set
Subject BooleanKey Id Should the generated certificate include a subject key identifier (default:
false
).- subject
Self
Signed Cert Subject The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
- uris List<String>
List of URIs for which a certificate is being requested (i.e. certificate subjects).
- validity
End StringTime The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- validity
Period IntegerHours Number of hours, after initial issuing, that the certificate will remain valid for.
- validity
Start StringTime The time after which the certificate is valid, expressed as an RFC3339 timestamp.
- allowed
Uses string[] List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
.- cert
Pem string Certificate data in PEM (RFC 1421).
- dns
Names string[] List of DNS names for which a certificate is being requested (i.e. certificate subjects).
- early
Renewal numberHours The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default:
0
)- ip
Addresses string[] List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
- is
Ca booleanCertificate Is the generated certificate representing a Certificate Authority (CA) (default:
false
).- key
Algorithm string Name of the algorithm used when generating the private key provided in
private_key_pem
. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.This is now ignored, as the key algorithm is inferred from the
private_key_pem
.- private
Key stringPem Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the
file
interpolation function. Only an irreversible secure hash of the private key will be stored in the Terraform state.- ready
For booleanRenewal Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)?- boolean
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default:
false
).- set
Subject booleanKey Id Should the generated certificate include a subject key identifier (default:
false
).- subject
Self
Signed Cert Subject The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
- uris string[]
List of URIs for which a certificate is being requested (i.e. certificate subjects).
- validity
End stringTime The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- validity
Period numberHours Number of hours, after initial issuing, that the certificate will remain valid for.
- validity
Start stringTime The time after which the certificate is valid, expressed as an RFC3339 timestamp.
- allowed_
uses Sequence[str] List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
.- cert_
pem str Certificate data in PEM (RFC 1421).
- dns_
names Sequence[str] List of DNS names for which a certificate is being requested (i.e. certificate subjects).
- early_
renewal_ inthours The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default:
0
)- ip_
addresses Sequence[str] List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
- is_
ca_ boolcertificate Is the generated certificate representing a Certificate Authority (CA) (default:
false
).- key_
algorithm str Name of the algorithm used when generating the private key provided in
private_key_pem
. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.This is now ignored, as the key algorithm is inferred from the
private_key_pem
.- private_
key_ strpem Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the
file
interpolation function. Only an irreversible secure hash of the private key will be stored in the Terraform state.- ready_
for_ boolrenewal Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)?- bool
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default:
false
).- set_
subject_ boolkey_ id Should the generated certificate include a subject key identifier (default:
false
).- subject
Self
Signed Cert Subject Args The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
- uris Sequence[str]
List of URIs for which a certificate is being requested (i.e. certificate subjects).
- validity_
end_ strtime The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- validity_
period_ inthours Number of hours, after initial issuing, that the certificate will remain valid for.
- validity_
start_ strtime The time after which the certificate is valid, expressed as an RFC3339 timestamp.
- allowed
Uses List<String> List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
.- cert
Pem String Certificate data in PEM (RFC 1421).
- dns
Names List<String> List of DNS names for which a certificate is being requested (i.e. certificate subjects).
- early
Renewal NumberHours The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default:
0
)- ip
Addresses List<String> List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
- is
Ca BooleanCertificate Is the generated certificate representing a Certificate Authority (CA) (default:
false
).- key
Algorithm String Name of the algorithm used when generating the private key provided in
private_key_pem
. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.This is now ignored, as the key algorithm is inferred from the
private_key_pem
.- private
Key StringPem Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the
file
interpolation function. Only an irreversible secure hash of the private key will be stored in the Terraform state.- ready
For BooleanRenewal Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)?- Boolean
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default:
false
).- set
Subject BooleanKey Id Should the generated certificate include a subject key identifier (default:
false
).- subject Property Map
The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
- uris List<String>
List of URIs for which a certificate is being requested (i.e. certificate subjects).
- validity
End StringTime The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- validity
Period NumberHours Number of hours, after initial issuing, that the certificate will remain valid for.
- validity
Start StringTime The time after which the certificate is valid, expressed as an RFC3339 timestamp.
Supporting Types
SelfSignedCertSubject, SelfSignedCertSubjectArgs
- Common
Name string Distinguished name:
CN
- Country string
Distinguished name:
C
- Locality string
Distinguished name:
L
- Organization string
Distinguished name:
O
- Organizational
Unit string Distinguished name:
OU
- Postal
Code string Distinguished name:
PC
- Province string
Distinguished name:
ST
- Serial
Number string Distinguished name:
SERIALNUMBER
- Street
Addresses List<string> Distinguished name:
STREET
- Common
Name string Distinguished name:
CN
- Country string
Distinguished name:
C
- Locality string
Distinguished name:
L
- Organization string
Distinguished name:
O
- Organizational
Unit string Distinguished name:
OU
- Postal
Code string Distinguished name:
PC
- Province string
Distinguished name:
ST
- Serial
Number string Distinguished name:
SERIALNUMBER
- Street
Addresses []string Distinguished name:
STREET
- common
Name String Distinguished name:
CN
- country String
Distinguished name:
C
- locality String
Distinguished name:
L
- organization String
Distinguished name:
O
- organizational
Unit String Distinguished name:
OU
- postal
Code String Distinguished name:
PC
- province String
Distinguished name:
ST
- serial
Number String Distinguished name:
SERIALNUMBER
- street
Addresses List<String> Distinguished name:
STREET
- common
Name string Distinguished name:
CN
- country string
Distinguished name:
C
- locality string
Distinguished name:
L
- organization string
Distinguished name:
O
- organizational
Unit string Distinguished name:
OU
- postal
Code string Distinguished name:
PC
- province string
Distinguished name:
ST
- serial
Number string Distinguished name:
SERIALNUMBER
- street
Addresses string[] Distinguished name:
STREET
- common_
name str Distinguished name:
CN
- country str
Distinguished name:
C
- locality str
Distinguished name:
L
- organization str
Distinguished name:
O
- organizational_
unit str Distinguished name:
OU
- postal_
code str Distinguished name:
PC
- province str
Distinguished name:
ST
- serial_
number str Distinguished name:
SERIALNUMBER
- street_
addresses Sequence[str] Distinguished name:
STREET
- common
Name String Distinguished name:
CN
- country String
Distinguished name:
C
- locality String
Distinguished name:
L
- organization String
Distinguished name:
O
- organizational
Unit String Distinguished name:
OU
- postal
Code String Distinguished name:
PC
- province String
Distinguished name:
ST
- serial
Number String Distinguished name:
SERIALNUMBER
- street
Addresses List<String> Distinguished name:
STREET
Package Details
- Repository
- TLS pulumi/pulumi-tls
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
tls
Terraform Provider.