1. Packages
  2. HashiCorp Vault
  3. API Docs
  4. pkiSecret
  5. SecretBackendCert
HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi

vault.pkiSecret.SecretBackendCert

Explore with Pulumi AI

vault logo
HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var app = new Vault.PkiSecret.SecretBackendCert("app", new()
        {
            Backend = vault_mount.Intermediate.Path,
            CommonName = "app.my.domain",
        }, new CustomResourceOptions
        {
            DependsOn = new[]
            {
                vault_pki_secret_backend_role.Admin,
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/pkiSecret"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := pkiSecret.NewSecretBackendCert(ctx, "app", &pkiSecret.SecretBackendCertArgs{
    			Backend:    pulumi.Any(vault_mount.Intermediate.Path),
    			CommonName: pulumi.String("app.my.domain"),
    		}, pulumi.DependsOn([]pulumi.Resource{
    			vault_pki_secret_backend_role.Admin,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.pkiSecret.SecretBackendCert;
    import com.pulumi.vault.pkiSecret.SecretBackendCertArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var app = new SecretBackendCert("app", SecretBackendCertArgs.builder()        
                .backend(vault_mount.intermediate().path())
                .commonName("app.my.domain")
                .build(), CustomResourceOptions.builder()
                    .dependsOn(vault_pki_secret_backend_role.admin())
                    .build());
    
        }
    }
    
    import pulumi
    import pulumi_vault as vault
    
    app = vault.pki_secret.SecretBackendCert("app",
        backend=vault_mount["intermediate"]["path"],
        common_name="app.my.domain",
        opts=pulumi.ResourceOptions(depends_on=[vault_pki_secret_backend_role["admin"]]))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const app = new vault.pkisecret.SecretBackendCert("app", {
        backend: vault_mount.intermediate.path,
        commonName: "app.my.domain",
    }, {
        dependsOn: [vault_pki_secret_backend_role.admin],
    });
    
    resources:
      app:
        type: vault:pkiSecret:SecretBackendCert
        properties:
          backend: ${vault_mount.intermediate.path}
          commonName: app.my.domain
        options:
          dependson:
            - ${vault_pki_secret_backend_role.admin}
    

    Create SecretBackendCert Resource

    new SecretBackendCert(name: string, args: SecretBackendCertArgs, opts?: CustomResourceOptions);
    @overload
    def SecretBackendCert(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          alt_names: Optional[Sequence[str]] = None,
                          auto_renew: Optional[bool] = None,
                          backend: Optional[str] = None,
                          common_name: Optional[str] = None,
                          exclude_cn_from_sans: Optional[bool] = None,
                          format: Optional[str] = None,
                          ip_sans: Optional[Sequence[str]] = None,
                          issuer_ref: Optional[str] = None,
                          min_seconds_remaining: Optional[int] = None,
                          name: Optional[str] = None,
                          namespace: Optional[str] = None,
                          other_sans: Optional[Sequence[str]] = None,
                          private_key_format: Optional[str] = None,
                          revoke: Optional[bool] = None,
                          ttl: Optional[str] = None,
                          uri_sans: Optional[Sequence[str]] = None,
                          user_ids: Optional[Sequence[str]] = None)
    @overload
    def SecretBackendCert(resource_name: str,
                          args: SecretBackendCertArgs,
                          opts: Optional[ResourceOptions] = None)
    func NewSecretBackendCert(ctx *Context, name string, args SecretBackendCertArgs, opts ...ResourceOption) (*SecretBackendCert, error)
    public SecretBackendCert(string name, SecretBackendCertArgs args, CustomResourceOptions? opts = null)
    public SecretBackendCert(String name, SecretBackendCertArgs args)
    public SecretBackendCert(String name, SecretBackendCertArgs args, CustomResourceOptions options)
    
    type: vault:pkiSecret:SecretBackendCert
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args SecretBackendCertArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SecretBackendCertArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SecretBackendCertArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SecretBackendCertArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SecretBackendCertArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    SecretBackendCert Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The SecretBackendCert resource accepts the following input properties:

    Backend string
    The PKI secret backend the resource belongs to.
    CommonName string
    CN of certificate to create
    AltNames List<string>
    List of alternative names
    AutoRenew bool
    If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
    ExcludeCnFromSans bool
    Flag to exclude CN from SANs
    Format string
    The format of data
    IpSans List<string>
    List of alternative IPs
    IssuerRef string
    Specifies the default issuer of this request.
    MinSecondsRemaining int
    Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
    Name string
    Name of the role to create the certificate against
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    OtherSans List<string>
    List of other SANs
    PrivateKeyFormat string
    The private key format
    Revoke bool
    If set to true, the certificate will be revoked on resource destruction.
    Ttl string
    Time to live
    UriSans List<string>
    List of alternative URIs
    UserIds List<string>
    List of Subject User IDs
    Backend string
    The PKI secret backend the resource belongs to.
    CommonName string
    CN of certificate to create
    AltNames []string
    List of alternative names
    AutoRenew bool
    If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
    ExcludeCnFromSans bool
    Flag to exclude CN from SANs
    Format string
    The format of data
    IpSans []string
    List of alternative IPs
    IssuerRef string
    Specifies the default issuer of this request.
    MinSecondsRemaining int
    Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
    Name string
    Name of the role to create the certificate against
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    OtherSans []string
    List of other SANs
    PrivateKeyFormat string
    The private key format
    Revoke bool
    If set to true, the certificate will be revoked on resource destruction.
    Ttl string
    Time to live
    UriSans []string
    List of alternative URIs
    UserIds []string
    List of Subject User IDs
    backend String
    The PKI secret backend the resource belongs to.
    commonName String
    CN of certificate to create
    altNames List<String>
    List of alternative names
    autoRenew Boolean
    If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
    excludeCnFromSans Boolean
    Flag to exclude CN from SANs
    format String
    The format of data
    ipSans List<String>
    List of alternative IPs
    issuerRef String
    Specifies the default issuer of this request.
    minSecondsRemaining Integer
    Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
    name String
    Name of the role to create the certificate against
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    otherSans List<String>
    List of other SANs
    privateKeyFormat String
    The private key format
    revoke Boolean
    If set to true, the certificate will be revoked on resource destruction.
    ttl String
    Time to live
    uriSans List<String>
    List of alternative URIs
    userIds List<String>
    List of Subject User IDs
    backend string
    The PKI secret backend the resource belongs to.
    commonName string
    CN of certificate to create
    altNames string[]
    List of alternative names
    autoRenew boolean
    If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
    excludeCnFromSans boolean
    Flag to exclude CN from SANs
    format string
    The format of data
    ipSans string[]
    List of alternative IPs
    issuerRef string
    Specifies the default issuer of this request.
    minSecondsRemaining number
    Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
    name string
    Name of the role to create the certificate against
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    otherSans string[]
    List of other SANs
    privateKeyFormat string
    The private key format
    revoke boolean
    If set to true, the certificate will be revoked on resource destruction.
    ttl string
    Time to live
    uriSans string[]
    List of alternative URIs
    userIds string[]
    List of Subject User IDs
    backend str
    The PKI secret backend the resource belongs to.
    common_name str
    CN of certificate to create
    alt_names Sequence[str]
    List of alternative names
    auto_renew bool
    If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
    exclude_cn_from_sans bool
    Flag to exclude CN from SANs
    format str
    The format of data
    ip_sans Sequence[str]
    List of alternative IPs
    issuer_ref str
    Specifies the default issuer of this request.
    min_seconds_remaining int
    Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
    name str
    Name of the role to create the certificate against
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    other_sans Sequence[str]
    List of other SANs
    private_key_format str
    The private key format
    revoke bool
    If set to true, the certificate will be revoked on resource destruction.
    ttl str
    Time to live
    uri_sans Sequence[str]
    List of alternative URIs
    user_ids Sequence[str]
    List of Subject User IDs
    backend String
    The PKI secret backend the resource belongs to.
    commonName String
    CN of certificate to create
    altNames List<String>
    List of alternative names
    autoRenew Boolean
    If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
    excludeCnFromSans Boolean
    Flag to exclude CN from SANs
    format String
    The format of data
    ipSans List<String>
    List of alternative IPs
    issuerRef String
    Specifies the default issuer of this request.
    minSecondsRemaining Number
    Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
    name String
    Name of the role to create the certificate against
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    otherSans List<String>
    List of other SANs
    privateKeyFormat String
    The private key format
    revoke Boolean
    If set to true, the certificate will be revoked on resource destruction.
    ttl String
    Time to live
    uriSans List<String>
    List of alternative URIs
    userIds List<String>
    List of Subject User IDs

    Outputs

    All input properties are implicitly available as output properties. Additionally, the SecretBackendCert resource produces the following output properties:

    CaChain string
    The CA chain
    Certificate string
    The certificate
    Expiration int
    The expiration date of the certificate in unix epoch format
    Id string
    The provider-assigned unique ID for this managed resource.
    IssuingCa string
    The issuing CA
    PrivateKey string
    The private key
    PrivateKeyType string
    The private key type
    RenewPending bool
    true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
    SerialNumber string
    The serial number
    CaChain string
    The CA chain
    Certificate string
    The certificate
    Expiration int
    The expiration date of the certificate in unix epoch format
    Id string
    The provider-assigned unique ID for this managed resource.
    IssuingCa string
    The issuing CA
    PrivateKey string
    The private key
    PrivateKeyType string
    The private key type
    RenewPending bool
    true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
    SerialNumber string
    The serial number
    caChain String
    The CA chain
    certificate String
    The certificate
    expiration Integer
    The expiration date of the certificate in unix epoch format
    id String
    The provider-assigned unique ID for this managed resource.
    issuingCa String
    The issuing CA
    privateKey String
    The private key
    privateKeyType String
    The private key type
    renewPending Boolean
    true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
    serialNumber String
    The serial number
    caChain string
    The CA chain
    certificate string
    The certificate
    expiration number
    The expiration date of the certificate in unix epoch format
    id string
    The provider-assigned unique ID for this managed resource.
    issuingCa string
    The issuing CA
    privateKey string
    The private key
    privateKeyType string
    The private key type
    renewPending boolean
    true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
    serialNumber string
    The serial number
    ca_chain str
    The CA chain
    certificate str
    The certificate
    expiration int
    The expiration date of the certificate in unix epoch format
    id str
    The provider-assigned unique ID for this managed resource.
    issuing_ca str
    The issuing CA
    private_key str
    The private key
    private_key_type str
    The private key type
    renew_pending bool
    true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
    serial_number str
    The serial number
    caChain String
    The CA chain
    certificate String
    The certificate
    expiration Number
    The expiration date of the certificate in unix epoch format
    id String
    The provider-assigned unique ID for this managed resource.
    issuingCa String
    The issuing CA
    privateKey String
    The private key
    privateKeyType String
    The private key type
    renewPending Boolean
    true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
    serialNumber String
    The serial number

    Look up Existing SecretBackendCert Resource

    Get an existing SecretBackendCert resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SecretBackendCertState, opts?: CustomResourceOptions): SecretBackendCert
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            alt_names: Optional[Sequence[str]] = None,
            auto_renew: Optional[bool] = None,
            backend: Optional[str] = None,
            ca_chain: Optional[str] = None,
            certificate: Optional[str] = None,
            common_name: Optional[str] = None,
            exclude_cn_from_sans: Optional[bool] = None,
            expiration: Optional[int] = None,
            format: Optional[str] = None,
            ip_sans: Optional[Sequence[str]] = None,
            issuer_ref: Optional[str] = None,
            issuing_ca: Optional[str] = None,
            min_seconds_remaining: Optional[int] = None,
            name: Optional[str] = None,
            namespace: Optional[str] = None,
            other_sans: Optional[Sequence[str]] = None,
            private_key: Optional[str] = None,
            private_key_format: Optional[str] = None,
            private_key_type: Optional[str] = None,
            renew_pending: Optional[bool] = None,
            revoke: Optional[bool] = None,
            serial_number: Optional[str] = None,
            ttl: Optional[str] = None,
            uri_sans: Optional[Sequence[str]] = None,
            user_ids: Optional[Sequence[str]] = None) -> SecretBackendCert
    func GetSecretBackendCert(ctx *Context, name string, id IDInput, state *SecretBackendCertState, opts ...ResourceOption) (*SecretBackendCert, error)
    public static SecretBackendCert Get(string name, Input<string> id, SecretBackendCertState? state, CustomResourceOptions? opts = null)
    public static SecretBackendCert get(String name, Output<String> id, SecretBackendCertState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AltNames List<string>
    List of alternative names
    AutoRenew bool
    If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
    Backend string
    The PKI secret backend the resource belongs to.
    CaChain string
    The CA chain
    Certificate string
    The certificate
    CommonName string
    CN of certificate to create
    ExcludeCnFromSans bool
    Flag to exclude CN from SANs
    Expiration int
    The expiration date of the certificate in unix epoch format
    Format string
    The format of data
    IpSans List<string>
    List of alternative IPs
    IssuerRef string
    Specifies the default issuer of this request.
    IssuingCa string
    The issuing CA
    MinSecondsRemaining int
    Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
    Name string
    Name of the role to create the certificate against
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    OtherSans List<string>
    List of other SANs
    PrivateKey string
    The private key
    PrivateKeyFormat string
    The private key format
    PrivateKeyType string
    The private key type
    RenewPending bool
    true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
    Revoke bool
    If set to true, the certificate will be revoked on resource destruction.
    SerialNumber string
    The serial number
    Ttl string
    Time to live
    UriSans List<string>
    List of alternative URIs
    UserIds List<string>
    List of Subject User IDs
    AltNames []string
    List of alternative names
    AutoRenew bool
    If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
    Backend string
    The PKI secret backend the resource belongs to.
    CaChain string
    The CA chain
    Certificate string
    The certificate
    CommonName string
    CN of certificate to create
    ExcludeCnFromSans bool
    Flag to exclude CN from SANs
    Expiration int
    The expiration date of the certificate in unix epoch format
    Format string
    The format of data
    IpSans []string
    List of alternative IPs
    IssuerRef string
    Specifies the default issuer of this request.
    IssuingCa string
    The issuing CA
    MinSecondsRemaining int
    Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
    Name string
    Name of the role to create the certificate against
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    OtherSans []string
    List of other SANs
    PrivateKey string
    The private key
    PrivateKeyFormat string
    The private key format
    PrivateKeyType string
    The private key type
    RenewPending bool
    true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
    Revoke bool
    If set to true, the certificate will be revoked on resource destruction.
    SerialNumber string
    The serial number
    Ttl string
    Time to live
    UriSans []string
    List of alternative URIs
    UserIds []string
    List of Subject User IDs
    altNames List<String>
    List of alternative names
    autoRenew Boolean
    If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
    backend String
    The PKI secret backend the resource belongs to.
    caChain String
    The CA chain
    certificate String
    The certificate
    commonName String
    CN of certificate to create
    excludeCnFromSans Boolean
    Flag to exclude CN from SANs
    expiration Integer
    The expiration date of the certificate in unix epoch format
    format String
    The format of data
    ipSans List<String>
    List of alternative IPs
    issuerRef String
    Specifies the default issuer of this request.
    issuingCa String
    The issuing CA
    minSecondsRemaining Integer
    Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
    name String
    Name of the role to create the certificate against
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    otherSans List<String>
    List of other SANs
    privateKey String
    The private key
    privateKeyFormat String
    The private key format
    privateKeyType String
    The private key type
    renewPending Boolean
    true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
    revoke Boolean
    If set to true, the certificate will be revoked on resource destruction.
    serialNumber String
    The serial number
    ttl String
    Time to live
    uriSans List<String>
    List of alternative URIs
    userIds List<String>
    List of Subject User IDs
    altNames string[]
    List of alternative names
    autoRenew boolean
    If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
    backend string
    The PKI secret backend the resource belongs to.
    caChain string
    The CA chain
    certificate string
    The certificate
    commonName string
    CN of certificate to create
    excludeCnFromSans boolean
    Flag to exclude CN from SANs
    expiration number
    The expiration date of the certificate in unix epoch format
    format string
    The format of data
    ipSans string[]
    List of alternative IPs
    issuerRef string
    Specifies the default issuer of this request.
    issuingCa string
    The issuing CA
    minSecondsRemaining number
    Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
    name string
    Name of the role to create the certificate against
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    otherSans string[]
    List of other SANs
    privateKey string
    The private key
    privateKeyFormat string
    The private key format
    privateKeyType string
    The private key type
    renewPending boolean
    true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
    revoke boolean
    If set to true, the certificate will be revoked on resource destruction.
    serialNumber string
    The serial number
    ttl string
    Time to live
    uriSans string[]
    List of alternative URIs
    userIds string[]
    List of Subject User IDs
    alt_names Sequence[str]
    List of alternative names
    auto_renew bool
    If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
    backend str
    The PKI secret backend the resource belongs to.
    ca_chain str
    The CA chain
    certificate str
    The certificate
    common_name str
    CN of certificate to create
    exclude_cn_from_sans bool
    Flag to exclude CN from SANs
    expiration int
    The expiration date of the certificate in unix epoch format
    format str
    The format of data
    ip_sans Sequence[str]
    List of alternative IPs
    issuer_ref str
    Specifies the default issuer of this request.
    issuing_ca str
    The issuing CA
    min_seconds_remaining int
    Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
    name str
    Name of the role to create the certificate against
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    other_sans Sequence[str]
    List of other SANs
    private_key str
    The private key
    private_key_format str
    The private key format
    private_key_type str
    The private key type
    renew_pending bool
    true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
    revoke bool
    If set to true, the certificate will be revoked on resource destruction.
    serial_number str
    The serial number
    ttl str
    Time to live
    uri_sans Sequence[str]
    List of alternative URIs
    user_ids Sequence[str]
    List of Subject User IDs
    altNames List<String>
    List of alternative names
    autoRenew Boolean
    If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
    backend String
    The PKI secret backend the resource belongs to.
    caChain String
    The CA chain
    certificate String
    The certificate
    commonName String
    CN of certificate to create
    excludeCnFromSans Boolean
    Flag to exclude CN from SANs
    expiration Number
    The expiration date of the certificate in unix epoch format
    format String
    The format of data
    ipSans List<String>
    List of alternative IPs
    issuerRef String
    Specifies the default issuer of this request.
    issuingCa String
    The issuing CA
    minSecondsRemaining Number
    Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
    name String
    Name of the role to create the certificate against
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    otherSans List<String>
    List of other SANs
    privateKey String
    The private key
    privateKeyFormat String
    The private key format
    privateKeyType String
    The private key type
    renewPending Boolean
    true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
    revoke Boolean
    If set to true, the certificate will be revoked on resource destruction.
    serialNumber String
    The serial number
    ttl String
    Time to live
    uriSans List<String>
    List of alternative URIs
    userIds List<String>
    List of Subject User IDs

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi