HashiCorp Vault v7.3.1, Oct 21 25

HashiCorp Vault v7.3.1 published on Tuesday, Oct 21, 2025 by Pulumi

vault.pkiSecret.SecretBackendIntermediateCertRequest

HashiCorp Vault v7.3.1 published on Tuesday, Oct 21, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const test = new vault.pkisecret.SecretBackendIntermediateCertRequest("test", {
    backend: pki.path,
    type: "internal",
    commonName: "app.my.domain",
}, {
    dependsOn: [pki],
});

import pulumi
import pulumi_vault as vault

test = vault.pkisecret.SecretBackendIntermediateCertRequest("test",
    backend=pki["path"],
    type="internal",
    common_name="app.my.domain",
    opts = pulumi.ResourceOptions(depends_on=[pki]))

package main

import (
	"github.com/pulumi/pulumi-vault/sdk/v7/go/vault/pkisecret"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := pkisecret.NewSecretBackendIntermediateCertRequest(ctx, "test", &pkisecret.SecretBackendIntermediateCertRequestArgs{
			Backend:    pulumi.Any(pki.Path),
			Type:       pulumi.String("internal"),
			CommonName: pulumi.String("app.my.domain"),
		}, pulumi.DependsOn([]pulumi.Resource{
			pki,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;

return await Deployment.RunAsync(() => 
{
    var test = new Vault.PkiSecret.SecretBackendIntermediateCertRequest("test", new()
    {
        Backend = pki.Path,
        Type = "internal",
        CommonName = "app.my.domain",
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            pki,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.pkiSecret.SecretBackendIntermediateCertRequest;
import com.pulumi.vault.pkiSecret.SecretBackendIntermediateCertRequestArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test = new SecretBackendIntermediateCertRequest("test", SecretBackendIntermediateCertRequestArgs.builder()
            .backend(pki.path())
            .type("internal")
            .commonName("app.my.domain")
            .build(), CustomResourceOptions.builder()
                .dependsOn(pki)
                .build());

    }
}

resources:
  test:
    type: vault:pkiSecret:SecretBackendIntermediateCertRequest
    properties:
      backend: ${pki.path}
      type: internal
      commonName: app.my.domain
    options:
      dependsOn:
        - ${pki}

Create SecretBackendIntermediateCertRequest Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SecretBackendIntermediateCertRequest(name: string, args: SecretBackendIntermediateCertRequestArgs, opts?: CustomResourceOptions);

@overload
def SecretBackendIntermediateCertRequest(resource_name: str,
                                         args: SecretBackendIntermediateCertRequestArgs,
                                         opts: Optional[ResourceOptions] = None)

@overload
def SecretBackendIntermediateCertRequest(resource_name: str,
                                         opts: Optional[ResourceOptions] = None,
                                         common_name: Optional[str] = None,
                                         type: Optional[str] = None,
                                         backend: Optional[str] = None,
                                         managed_key_id: Optional[str] = None,
                                         namespace: Optional[str] = None,
                                         exclude_cn_from_sans: Optional[bool] = None,
                                         format: Optional[str] = None,
                                         ip_sans: Optional[Sequence[str]] = None,
                                         key_bits: Optional[int] = None,
                                         key_name: Optional[str] = None,
                                         key_ref: Optional[str] = None,
                                         key_type: Optional[str] = None,
                                         key_usages: Optional[Sequence[str]] = None,
                                         locality: Optional[str] = None,
                                         add_basic_constraints: Optional[bool] = None,
                                         managed_key_name: Optional[str] = None,
                                         country: Optional[str] = None,
                                         organization: Optional[str] = None,
                                         other_sans: Optional[Sequence[str]] = None,
                                         ou: Optional[str] = None,
                                         postal_code: Optional[str] = None,
                                         private_key_format: Optional[str] = None,
                                         province: Optional[str] = None,
                                         serial_number: Optional[str] = None,
                                         signature_bits: Optional[int] = None,
                                         street_address: Optional[str] = None,
                                         alt_names: Optional[Sequence[str]] = None,
                                         uri_sans: Optional[Sequence[str]] = None)

func NewSecretBackendIntermediateCertRequest(ctx *Context, name string, args SecretBackendIntermediateCertRequestArgs, opts ...ResourceOption) (*SecretBackendIntermediateCertRequest, error)

public SecretBackendIntermediateCertRequest(string name, SecretBackendIntermediateCertRequestArgs args, CustomResourceOptions? opts = null)

public SecretBackendIntermediateCertRequest(String name, SecretBackendIntermediateCertRequestArgs args)
public SecretBackendIntermediateCertRequest(String name, SecretBackendIntermediateCertRequestArgs args, CustomResourceOptions options)

type: vault:pkiSecret:SecretBackendIntermediateCertRequest
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SecretBackendIntermediateCertRequestArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecretBackendIntermediateCertRequestArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecretBackendIntermediateCertRequestArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecretBackendIntermediateCertRequestArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecretBackendIntermediateCertRequestArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var secretBackendIntermediateCertRequestResource = new Vault.PkiSecret.SecretBackendIntermediateCertRequest("secretBackendIntermediateCertRequestResource", new()
{
    CommonName = "string",
    Type = "string",
    Backend = "string",
    ManagedKeyId = "string",
    Namespace = "string",
    ExcludeCnFromSans = false,
    Format = "string",
    IpSans = new[]
    {
        "string",
    },
    KeyBits = 0,
    KeyName = "string",
    KeyRef = "string",
    KeyType = "string",
    KeyUsages = new[]
    {
        "string",
    },
    Locality = "string",
    AddBasicConstraints = false,
    ManagedKeyName = "string",
    Country = "string",
    Organization = "string",
    OtherSans = new[]
    {
        "string",
    },
    Ou = "string",
    PostalCode = "string",
    PrivateKeyFormat = "string",
    Province = "string",
    SerialNumber = "string",
    SignatureBits = 0,
    StreetAddress = "string",
    AltNames = new[]
    {
        "string",
    },
    UriSans = new[]
    {
        "string",
    },
});

example, err := pkisecret.NewSecretBackendIntermediateCertRequest(ctx, "secretBackendIntermediateCertRequestResource", &pkisecret.SecretBackendIntermediateCertRequestArgs{
	CommonName:        pulumi.String("string"),
	Type:              pulumi.String("string"),
	Backend:           pulumi.String("string"),
	ManagedKeyId:      pulumi.String("string"),
	Namespace:         pulumi.String("string"),
	ExcludeCnFromSans: pulumi.Bool(false),
	Format:            pulumi.String("string"),
	IpSans: pulumi.StringArray{
		pulumi.String("string"),
	},
	KeyBits: pulumi.Int(0),
	KeyName: pulumi.String("string"),
	KeyRef:  pulumi.String("string"),
	KeyType: pulumi.String("string"),
	KeyUsages: pulumi.StringArray{
		pulumi.String("string"),
	},
	Locality:            pulumi.String("string"),
	AddBasicConstraints: pulumi.Bool(false),
	ManagedKeyName:      pulumi.String("string"),
	Country:             pulumi.String("string"),
	Organization:        pulumi.String("string"),
	OtherSans: pulumi.StringArray{
		pulumi.String("string"),
	},
	Ou:               pulumi.String("string"),
	PostalCode:       pulumi.String("string"),
	PrivateKeyFormat: pulumi.String("string"),
	Province:         pulumi.String("string"),
	SerialNumber:     pulumi.String("string"),
	SignatureBits:    pulumi.Int(0),
	StreetAddress:    pulumi.String("string"),
	AltNames: pulumi.StringArray{
		pulumi.String("string"),
	},
	UriSans: pulumi.StringArray{
		pulumi.String("string"),
	},
})

var secretBackendIntermediateCertRequestResource = new SecretBackendIntermediateCertRequest("secretBackendIntermediateCertRequestResource", SecretBackendIntermediateCertRequestArgs.builder()
    .commonName("string")
    .type("string")
    .backend("string")
    .managedKeyId("string")
    .namespace("string")
    .excludeCnFromSans(false)
    .format("string")
    .ipSans("string")
    .keyBits(0)
    .keyName("string")
    .keyRef("string")
    .keyType("string")
    .keyUsages("string")
    .locality("string")
    .addBasicConstraints(false)
    .managedKeyName("string")
    .country("string")
    .organization("string")
    .otherSans("string")
    .ou("string")
    .postalCode("string")
    .privateKeyFormat("string")
    .province("string")
    .serialNumber("string")
    .signatureBits(0)
    .streetAddress("string")
    .altNames("string")
    .uriSans("string")
    .build());

secret_backend_intermediate_cert_request_resource = vault.pkisecret.SecretBackendIntermediateCertRequest("secretBackendIntermediateCertRequestResource",
    common_name="string",
    type="string",
    backend="string",
    managed_key_id="string",
    namespace="string",
    exclude_cn_from_sans=False,
    format="string",
    ip_sans=["string"],
    key_bits=0,
    key_name="string",
    key_ref="string",
    key_type="string",
    key_usages=["string"],
    locality="string",
    add_basic_constraints=False,
    managed_key_name="string",
    country="string",
    organization="string",
    other_sans=["string"],
    ou="string",
    postal_code="string",
    private_key_format="string",
    province="string",
    serial_number="string",
    signature_bits=0,
    street_address="string",
    alt_names=["string"],
    uri_sans=["string"])

const secretBackendIntermediateCertRequestResource = new vault.pkisecret.SecretBackendIntermediateCertRequest("secretBackendIntermediateCertRequestResource", {
    commonName: "string",
    type: "string",
    backend: "string",
    managedKeyId: "string",
    namespace: "string",
    excludeCnFromSans: false,
    format: "string",
    ipSans: ["string"],
    keyBits: 0,
    keyName: "string",
    keyRef: "string",
    keyType: "string",
    keyUsages: ["string"],
    locality: "string",
    addBasicConstraints: false,
    managedKeyName: "string",
    country: "string",
    organization: "string",
    otherSans: ["string"],
    ou: "string",
    postalCode: "string",
    privateKeyFormat: "string",
    province: "string",
    serialNumber: "string",
    signatureBits: 0,
    streetAddress: "string",
    altNames: ["string"],
    uriSans: ["string"],
});

type: vault:pkiSecret:SecretBackendIntermediateCertRequest
properties:
    addBasicConstraints: false
    altNames:
        - string
    backend: string
    commonName: string
    country: string
    excludeCnFromSans: false
    format: string
    ipSans:
        - string
    keyBits: 0
    keyName: string
    keyRef: string
    keyType: string
    keyUsages:
        - string
    locality: string
    managedKeyId: string
    managedKeyName: string
    namespace: string
    organization: string
    otherSans:
        - string
    ou: string
    postalCode: string
    privateKeyFormat: string
    province: string
    serialNumber: string
    signatureBits: 0
    streetAddress: string
    type: string
    uriSans:
        - string

SecretBackendIntermediateCertRequest Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SecretBackendIntermediateCertRequest resource accepts the following input properties:

Backend string: The PKI secret backend the resource belongs to.
CommonName string: CN of intermediate to create
Type string: Type of intermediate to create. Must be either "exported" or "internal" or "kms"
AddBasicConstraints bool: Adds a Basic Constraints extension with 'CA: true'. Only needed as a workaround in some compatibility scenarios with Active Directory Certificate Services
AltNames List<string>: List of alternative names
Country string: The country
ExcludeCnFromSans bool: Flag to exclude CN from SANs
Format string: The format of data
IpSans List<string>: List of alternative IPs
KeyBits int: The number of bits to use
KeyName string: When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
KeyRef string: Specifies the key (either default, by name, or by identifier) to use for generating this request. Only suitable for type=existing requests.
KeyType string: The desired key type
KeyUsages List<string>: Specifies key_usage to encode in the generated certificate.
Locality string: The locality
ManagedKeyId string: The ID of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_name
ManagedKeyName string: The name of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_id
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
Organization string: The organization
OtherSans List<string>: List of other SANs
Ou string: The organization unit
PostalCode string: The postal code
PrivateKeyFormat string: The private key format
Province string: The province
SerialNumber string: The requested Subject's named Serial Number
SignatureBits int: The number of bits to use in the signature algorithm
StreetAddress string: The street address
UriSans List<string>: List of alternative URIs

Backend string: The PKI secret backend the resource belongs to.
CommonName string: CN of intermediate to create
Type string: Type of intermediate to create. Must be either "exported" or "internal" or "kms"
AddBasicConstraints bool: Adds a Basic Constraints extension with 'CA: true'. Only needed as a workaround in some compatibility scenarios with Active Directory Certificate Services
AltNames []string: List of alternative names
Country string: The country
ExcludeCnFromSans bool: Flag to exclude CN from SANs
Format string: The format of data
IpSans []string: List of alternative IPs
KeyBits int: The number of bits to use
KeyName string: When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
KeyRef string: Specifies the key (either default, by name, or by identifier) to use for generating this request. Only suitable for type=existing requests.
KeyType string: The desired key type
KeyUsages []string: Specifies key_usage to encode in the generated certificate.
Locality string: The locality
ManagedKeyId string: The ID of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_name
ManagedKeyName string: The name of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_id
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
Organization string: The organization
OtherSans []string: List of other SANs
Ou string: The organization unit
PostalCode string: The postal code
PrivateKeyFormat string: The private key format
Province string: The province
SerialNumber string: The requested Subject's named Serial Number
SignatureBits int: The number of bits to use in the signature algorithm
StreetAddress string: The street address
UriSans []string: List of alternative URIs

backend String: The PKI secret backend the resource belongs to.
commonName String: CN of intermediate to create
type String: Type of intermediate to create. Must be either "exported" or "internal" or "kms"
addBasicConstraints Boolean: Adds a Basic Constraints extension with 'CA: true'. Only needed as a workaround in some compatibility scenarios with Active Directory Certificate Services
altNames List<String>: List of alternative names
country String: The country
excludeCnFromSans Boolean: Flag to exclude CN from SANs
format String: The format of data
ipSans List<String>: List of alternative IPs
keyBits Integer: The number of bits to use
keyName String: When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
keyRef String: Specifies the key (either default, by name, or by identifier) to use for generating this request. Only suitable for type=existing requests.
keyType String: The desired key type
keyUsages List<String>: Specifies key_usage to encode in the generated certificate.
locality String: The locality
managedKeyId String: The ID of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_name
managedKeyName String: The name of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_id
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
organization String: The organization
otherSans List<String>: List of other SANs
ou String: The organization unit
postalCode String: The postal code
privateKeyFormat String: The private key format
province String: The province
serialNumber String: The requested Subject's named Serial Number
signatureBits Integer: The number of bits to use in the signature algorithm
streetAddress String: The street address
uriSans List<String>: List of alternative URIs

backend string: The PKI secret backend the resource belongs to.
commonName string: CN of intermediate to create
type string: Type of intermediate to create. Must be either "exported" or "internal" or "kms"
addBasicConstraints boolean: Adds a Basic Constraints extension with 'CA: true'. Only needed as a workaround in some compatibility scenarios with Active Directory Certificate Services
altNames string[]: List of alternative names
country string: The country
excludeCnFromSans boolean: Flag to exclude CN from SANs
format string: The format of data
ipSans string[]: List of alternative IPs
keyBits number: The number of bits to use
keyName string: When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
keyRef string: Specifies the key (either default, by name, or by identifier) to use for generating this request. Only suitable for type=existing requests.
keyType string: The desired key type
keyUsages string[]: Specifies key_usage to encode in the generated certificate.
locality string: The locality
managedKeyId string: The ID of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_name
managedKeyName string: The name of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_id
namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
organization string: The organization
otherSans string[]: List of other SANs
ou string: The organization unit
postalCode string: The postal code
privateKeyFormat string: The private key format
province string: The province
serialNumber string: The requested Subject's named Serial Number
signatureBits number: The number of bits to use in the signature algorithm
streetAddress string: The street address
uriSans string[]: List of alternative URIs

backend str: The PKI secret backend the resource belongs to.
common_name str: CN of intermediate to create
type str: Type of intermediate to create. Must be either "exported" or "internal" or "kms"
add_basic_constraints bool: Adds a Basic Constraints extension with 'CA: true'. Only needed as a workaround in some compatibility scenarios with Active Directory Certificate Services
alt_names Sequence[str]: List of alternative names
country str: The country
exclude_cn_from_sans bool: Flag to exclude CN from SANs
format str: The format of data
ip_sans Sequence[str]: List of alternative IPs
key_bits int: The number of bits to use
key_name str: When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
key_ref str: Specifies the key (either default, by name, or by identifier) to use for generating this request. Only suitable for type=existing requests.
key_type str: The desired key type
key_usages Sequence[str]: Specifies key_usage to encode in the generated certificate.
locality str: The locality
managed_key_id str: The ID of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_name
managed_key_name str: The name of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_id
namespace str: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
organization str: The organization
other_sans Sequence[str]: List of other SANs
ou str: The organization unit
postal_code str: The postal code
private_key_format str: The private key format
province str: The province
serial_number str: The requested Subject's named Serial Number
signature_bits int: The number of bits to use in the signature algorithm
street_address str: The street address
uri_sans Sequence[str]: List of alternative URIs

backend String: The PKI secret backend the resource belongs to.
commonName String: CN of intermediate to create
type String: Type of intermediate to create. Must be either "exported" or "internal" or "kms"
addBasicConstraints Boolean: Adds a Basic Constraints extension with 'CA: true'. Only needed as a workaround in some compatibility scenarios with Active Directory Certificate Services
altNames List<String>: List of alternative names
country String: The country
excludeCnFromSans Boolean: Flag to exclude CN from SANs
format String: The format of data
ipSans List<String>: List of alternative IPs
keyBits Number: The number of bits to use
keyName String: When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
keyRef String: Specifies the key (either default, by name, or by identifier) to use for generating this request. Only suitable for type=existing requests.
keyType String: The desired key type
keyUsages List<String>: Specifies key_usage to encode in the generated certificate.
locality String: The locality
managedKeyId String: The ID of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_name
managedKeyName String: The name of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_id
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
organization String: The organization
otherSans List<String>: List of other SANs
ou String: The organization unit
postalCode String: The postal code
privateKeyFormat String: The private key format
province String: The province
serialNumber String: The requested Subject's named Serial Number
signatureBits Number: The number of bits to use in the signature algorithm
streetAddress String: The street address
uriSans List<String>: List of alternative URIs

Outputs

All input properties are implicitly available as output properties. Additionally, the SecretBackendIntermediateCertRequest resource produces the following output properties:

Csr string: The CSR
Id string: The provider-assigned unique ID for this managed resource.
KeyId string: The ID of the generated key.
PrivateKey string: The private key
PrivateKeyType string: The private key type

Csr string: The CSR
Id string: The provider-assigned unique ID for this managed resource.
KeyId string: The ID of the generated key.
PrivateKey string: The private key
PrivateKeyType string: The private key type

csr String: The CSR
id String: The provider-assigned unique ID for this managed resource.
keyId String: The ID of the generated key.
privateKey String: The private key
privateKeyType String: The private key type

csr string: The CSR
id string: The provider-assigned unique ID for this managed resource.
keyId string: The ID of the generated key.
privateKey string: The private key
privateKeyType string: The private key type

csr str: The CSR
id str: The provider-assigned unique ID for this managed resource.
key_id str: The ID of the generated key.
private_key str: The private key
private_key_type str: The private key type

csr String: The CSR
id String: The provider-assigned unique ID for this managed resource.
keyId String: The ID of the generated key.
privateKey String: The private key
privateKeyType String: The private key type

Look up Existing SecretBackendIntermediateCertRequest Resource

Get an existing SecretBackendIntermediateCertRequest resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecretBackendIntermediateCertRequestState, opts?: CustomResourceOptions): SecretBackendIntermediateCertRequest

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        add_basic_constraints: Optional[bool] = None,
        alt_names: Optional[Sequence[str]] = None,
        backend: Optional[str] = None,
        common_name: Optional[str] = None,
        country: Optional[str] = None,
        csr: Optional[str] = None,
        exclude_cn_from_sans: Optional[bool] = None,
        format: Optional[str] = None,
        ip_sans: Optional[Sequence[str]] = None,
        key_bits: Optional[int] = None,
        key_id: Optional[str] = None,
        key_name: Optional[str] = None,
        key_ref: Optional[str] = None,
        key_type: Optional[str] = None,
        key_usages: Optional[Sequence[str]] = None,
        locality: Optional[str] = None,
        managed_key_id: Optional[str] = None,
        managed_key_name: Optional[str] = None,
        namespace: Optional[str] = None,
        organization: Optional[str] = None,
        other_sans: Optional[Sequence[str]] = None,
        ou: Optional[str] = None,
        postal_code: Optional[str] = None,
        private_key: Optional[str] = None,
        private_key_format: Optional[str] = None,
        private_key_type: Optional[str] = None,
        province: Optional[str] = None,
        serial_number: Optional[str] = None,
        signature_bits: Optional[int] = None,
        street_address: Optional[str] = None,
        type: Optional[str] = None,
        uri_sans: Optional[Sequence[str]] = None) -> SecretBackendIntermediateCertRequest

func GetSecretBackendIntermediateCertRequest(ctx *Context, name string, id IDInput, state *SecretBackendIntermediateCertRequestState, opts ...ResourceOption) (*SecretBackendIntermediateCertRequest, error)

public static SecretBackendIntermediateCertRequest Get(string name, Input<string> id, SecretBackendIntermediateCertRequestState? state, CustomResourceOptions? opts = null)

public static SecretBackendIntermediateCertRequest get(String name, Output<String> id, SecretBackendIntermediateCertRequestState state, CustomResourceOptions options)

resources:  _:    type: vault:pkiSecret:SecretBackendIntermediateCertRequest    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AddBasicConstraints bool: Adds a Basic Constraints extension with 'CA: true'. Only needed as a workaround in some compatibility scenarios with Active Directory Certificate Services
AltNames List<string>: List of alternative names
Backend string: The PKI secret backend the resource belongs to.
CommonName string: CN of intermediate to create
Country string: The country
Csr string: The CSR
ExcludeCnFromSans bool: Flag to exclude CN from SANs
Format string: The format of data
IpSans List<string>: List of alternative IPs
KeyBits int: The number of bits to use
KeyId string: The ID of the generated key.
KeyName string: When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
KeyRef string: Specifies the key (either default, by name, or by identifier) to use for generating this request. Only suitable for type=existing requests.
KeyType string: The desired key type
KeyUsages List<string>: Specifies key_usage to encode in the generated certificate.
Locality string: The locality
ManagedKeyId string: The ID of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_name
ManagedKeyName string: The name of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_id
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
Organization string: The organization
OtherSans List<string>: List of other SANs
Ou string: The organization unit
PostalCode string: The postal code
PrivateKey string: The private key
PrivateKeyFormat string: The private key format
PrivateKeyType string: The private key type
Province string: The province
SerialNumber string: The requested Subject's named Serial Number
SignatureBits int: The number of bits to use in the signature algorithm
StreetAddress string: The street address
Type string: Type of intermediate to create. Must be either "exported" or "internal" or "kms"
UriSans List<string>: List of alternative URIs

AddBasicConstraints bool: Adds a Basic Constraints extension with 'CA: true'. Only needed as a workaround in some compatibility scenarios with Active Directory Certificate Services
AltNames []string: List of alternative names
Backend string: The PKI secret backend the resource belongs to.
CommonName string: CN of intermediate to create
Country string: The country
Csr string: The CSR
ExcludeCnFromSans bool: Flag to exclude CN from SANs
Format string: The format of data
IpSans []string: List of alternative IPs
KeyBits int: The number of bits to use
KeyId string: The ID of the generated key.
KeyName string: When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
KeyRef string: Specifies the key (either default, by name, or by identifier) to use for generating this request. Only suitable for type=existing requests.
KeyType string: The desired key type
KeyUsages []string: Specifies key_usage to encode in the generated certificate.
Locality string: The locality
ManagedKeyId string: The ID of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_name
ManagedKeyName string: The name of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_id
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
Organization string: The organization
OtherSans []string: List of other SANs
Ou string: The organization unit
PostalCode string: The postal code
PrivateKey string: The private key
PrivateKeyFormat string: The private key format
PrivateKeyType string: The private key type
Province string: The province
SerialNumber string: The requested Subject's named Serial Number
SignatureBits int: The number of bits to use in the signature algorithm
StreetAddress string: The street address
Type string: Type of intermediate to create. Must be either "exported" or "internal" or "kms"
UriSans []string: List of alternative URIs

addBasicConstraints Boolean: Adds a Basic Constraints extension with 'CA: true'. Only needed as a workaround in some compatibility scenarios with Active Directory Certificate Services
altNames List<String>: List of alternative names
backend String: The PKI secret backend the resource belongs to.
commonName String: CN of intermediate to create
country String: The country
csr String: The CSR
excludeCnFromSans Boolean: Flag to exclude CN from SANs
format String: The format of data
ipSans List<String>: List of alternative IPs
keyBits Integer: The number of bits to use
keyId String: The ID of the generated key.
keyName String: When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
keyRef String: Specifies the key (either default, by name, or by identifier) to use for generating this request. Only suitable for type=existing requests.
keyType String: The desired key type
keyUsages List<String>: Specifies key_usage to encode in the generated certificate.
locality String: The locality
managedKeyId String: The ID of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_name
managedKeyName String: The name of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_id
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
organization String: The organization
otherSans List<String>: List of other SANs
ou String: The organization unit
postalCode String: The postal code
privateKey String: The private key
privateKeyFormat String: The private key format
privateKeyType String: The private key type
province String: The province
serialNumber String: The requested Subject's named Serial Number
signatureBits Integer: The number of bits to use in the signature algorithm
streetAddress String: The street address
type String: Type of intermediate to create. Must be either "exported" or "internal" or "kms"
uriSans List<String>: List of alternative URIs

addBasicConstraints boolean: Adds a Basic Constraints extension with 'CA: true'. Only needed as a workaround in some compatibility scenarios with Active Directory Certificate Services
altNames string[]: List of alternative names
backend string: The PKI secret backend the resource belongs to.
commonName string: CN of intermediate to create
country string: The country
csr string: The CSR
excludeCnFromSans boolean: Flag to exclude CN from SANs
format string: The format of data
ipSans string[]: List of alternative IPs
keyBits number: The number of bits to use
keyId string: The ID of the generated key.
keyName string: When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
keyRef string: Specifies the key (either default, by name, or by identifier) to use for generating this request. Only suitable for type=existing requests.
keyType string: The desired key type
keyUsages string[]: Specifies key_usage to encode in the generated certificate.
locality string: The locality
managedKeyId string: The ID of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_name
managedKeyName string: The name of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_id
namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
organization string: The organization
otherSans string[]: List of other SANs
ou string: The organization unit
postalCode string: The postal code
privateKey string: The private key
privateKeyFormat string: The private key format
privateKeyType string: The private key type
province string: The province
serialNumber string: The requested Subject's named Serial Number
signatureBits number: The number of bits to use in the signature algorithm
streetAddress string: The street address
type string: Type of intermediate to create. Must be either "exported" or "internal" or "kms"
uriSans string[]: List of alternative URIs

add_basic_constraints bool: Adds a Basic Constraints extension with 'CA: true'. Only needed as a workaround in some compatibility scenarios with Active Directory Certificate Services
alt_names Sequence[str]: List of alternative names
backend str: The PKI secret backend the resource belongs to.
common_name str: CN of intermediate to create
country str: The country
csr str: The CSR
exclude_cn_from_sans bool: Flag to exclude CN from SANs
format str: The format of data
ip_sans Sequence[str]: List of alternative IPs
key_bits int: The number of bits to use
key_id str: The ID of the generated key.
key_name str: When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
key_ref str: Specifies the key (either default, by name, or by identifier) to use for generating this request. Only suitable for type=existing requests.
key_type str: The desired key type
key_usages Sequence[str]: Specifies key_usage to encode in the generated certificate.
locality str: The locality
managed_key_id str: The ID of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_name
managed_key_name str: The name of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_id
namespace str: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
organization str: The organization
other_sans Sequence[str]: List of other SANs
ou str: The organization unit
postal_code str: The postal code
private_key str: The private key
private_key_format str: The private key format
private_key_type str: The private key type
province str: The province
serial_number str: The requested Subject's named Serial Number
signature_bits int: The number of bits to use in the signature algorithm
street_address str: The street address
type str: Type of intermediate to create. Must be either "exported" or "internal" or "kms"
uri_sans Sequence[str]: List of alternative URIs

addBasicConstraints Boolean: Adds a Basic Constraints extension with 'CA: true'. Only needed as a workaround in some compatibility scenarios with Active Directory Certificate Services
altNames List<String>: List of alternative names
backend String: The PKI secret backend the resource belongs to.
commonName String: CN of intermediate to create
country String: The country
csr String: The CSR
excludeCnFromSans Boolean: Flag to exclude CN from SANs
format String: The format of data
ipSans List<String>: List of alternative IPs
keyBits Number: The number of bits to use
keyId String: The ID of the generated key.
keyName String: When a new key is created with this request, optionally specifies the name for this. The global ref default may not be used as a name.
keyRef String: Specifies the key (either default, by name, or by identifier) to use for generating this request. Only suitable for type=existing requests.
keyType String: The desired key type
keyUsages List<String>: Specifies key_usage to encode in the generated certificate.
locality String: The locality
managedKeyId String: The ID of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_name
managedKeyName String: The name of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_id
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
organization String: The organization
otherSans List<String>: List of other SANs
ou String: The organization unit
postalCode String: The postal code
privateKey String: The private key
privateKeyFormat String: The private key format
privateKeyType String: The private key type
province String: The province
serialNumber String: The requested Subject's named Serial Number
signatureBits Number: The number of bits to use in the signature algorithm
streetAddress String: The street address
type String: Type of intermediate to create. Must be either "exported" or "internal" or "kms"
uriSans List<String>: List of alternative URIs

Package Details

Repository: Vault pulumi/pulumi-vault
License: Apache-2.0
Notes: This Pulumi package is based on the vault Terraform Provider.

HashiCorp Vault v7.3.1 published on Tuesday, Oct 21, 2025 by Pulumi

pulumi/pulumi-vault

vault.pkiSecret.SecretBackendIntermediateCertRequest

On this page

On this page

Example Usage

Create SecretBackendIntermediateCertRequest Resource

Constructor syntax

Parameters

Constructor example

SecretBackendIntermediateCertRequest Resource Properties

Inputs

Outputs

Look up Existing SecretBackendIntermediateCertRequest Resource

Package Details

On this page

On this page