1. Packages
  2. HashiCorp Vault
  3. API Docs
  4. pkiSecret
  5. SecretBackendIssuer
HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi

vault.pkiSecret.SecretBackendIssuer

Explore with Pulumi AI

vault logo
HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi

    Import

    PKI secret backend issuer can be imported using the id, e.g.

     $ pulumi import vault:pkiSecret/secretBackendIssuer:SecretBackendIssuer example pki/issuer/bf9b0d48-d0dd-652c-30be-77d04fc7e94d
    

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var pki = new Vault.Mount("pki", new()
        {
            Path = "pki",
            Type = "pki",
            DefaultLeaseTtlSeconds = 3600,
            MaxLeaseTtlSeconds = 86400,
        });
    
        var root = new Vault.PkiSecret.SecretBackendRootCert("root", new()
        {
            Backend = pki.Path,
            Type = "internal",
            CommonName = "test",
            Ttl = "86400",
        });
    
        var example = new Vault.PkiSecret.SecretBackendIssuer("example", new()
        {
            Backend = root.Backend,
            IssuerRef = root.IssuerId,
            IssuerName = "example-issuer",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-vault/sdk/v5/go/vault"
    	"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/pkiSecret"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		pki, err := vault.NewMount(ctx, "pki", &vault.MountArgs{
    			Path:                   pulumi.String("pki"),
    			Type:                   pulumi.String("pki"),
    			DefaultLeaseTtlSeconds: pulumi.Int(3600),
    			MaxLeaseTtlSeconds:     pulumi.Int(86400),
    		})
    		if err != nil {
    			return err
    		}
    		root, err := pkiSecret.NewSecretBackendRootCert(ctx, "root", &pkiSecret.SecretBackendRootCertArgs{
    			Backend:    pki.Path,
    			Type:       pulumi.String("internal"),
    			CommonName: pulumi.String("test"),
    			Ttl:        pulumi.String("86400"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = pkiSecret.NewSecretBackendIssuer(ctx, "example", &pkiSecret.SecretBackendIssuerArgs{
    			Backend:    root.Backend,
    			IssuerRef:  root.IssuerId,
    			IssuerName: pulumi.String("example-issuer"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.Mount;
    import com.pulumi.vault.MountArgs;
    import com.pulumi.vault.pkiSecret.SecretBackendRootCert;
    import com.pulumi.vault.pkiSecret.SecretBackendRootCertArgs;
    import com.pulumi.vault.pkiSecret.SecretBackendIssuer;
    import com.pulumi.vault.pkiSecret.SecretBackendIssuerArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var pki = new Mount("pki", MountArgs.builder()        
                .path("pki")
                .type("pki")
                .defaultLeaseTtlSeconds(3600)
                .maxLeaseTtlSeconds(86400)
                .build());
    
            var root = new SecretBackendRootCert("root", SecretBackendRootCertArgs.builder()        
                .backend(pki.path())
                .type("internal")
                .commonName("test")
                .ttl("86400")
                .build());
    
            var example = new SecretBackendIssuer("example", SecretBackendIssuerArgs.builder()        
                .backend(root.backend())
                .issuerRef(root.issuerId())
                .issuerName("example-issuer")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_vault as vault
    
    pki = vault.Mount("pki",
        path="pki",
        type="pki",
        default_lease_ttl_seconds=3600,
        max_lease_ttl_seconds=86400)
    root = vault.pki_secret.SecretBackendRootCert("root",
        backend=pki.path,
        type="internal",
        common_name="test",
        ttl="86400")
    example = vault.pki_secret.SecretBackendIssuer("example",
        backend=root.backend,
        issuer_ref=root.issuer_id,
        issuer_name="example-issuer")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const pki = new vault.Mount("pki", {
        path: "pki",
        type: "pki",
        defaultLeaseTtlSeconds: 3600,
        maxLeaseTtlSeconds: 86400,
    });
    const root = new vault.pkisecret.SecretBackendRootCert("root", {
        backend: pki.path,
        type: "internal",
        commonName: "test",
        ttl: "86400",
    });
    const example = new vault.pkisecret.SecretBackendIssuer("example", {
        backend: root.backend,
        issuerRef: root.issuerId,
        issuerName: "example-issuer",
    });
    
    resources:
      pki:
        type: vault:Mount
        properties:
          path: pki
          type: pki
          defaultLeaseTtlSeconds: 3600
          maxLeaseTtlSeconds: 86400
      root:
        type: vault:pkiSecret:SecretBackendRootCert
        properties:
          backend: ${pki.path}
          type: internal
          commonName: test
          ttl: '86400'
      example:
        type: vault:pkiSecret:SecretBackendIssuer
        properties:
          backend: ${root.backend}
          issuerRef: ${root.issuerId}
          issuerName: example-issuer
    

    Create SecretBackendIssuer Resource

    new SecretBackendIssuer(name: string, args: SecretBackendIssuerArgs, opts?: CustomResourceOptions);
    @overload
    def SecretBackendIssuer(resource_name: str,
                            opts: Optional[ResourceOptions] = None,
                            backend: Optional[str] = None,
                            crl_distribution_points: Optional[Sequence[str]] = None,
                            enable_aia_url_templating: Optional[bool] = None,
                            issuer_name: Optional[str] = None,
                            issuer_ref: Optional[str] = None,
                            issuing_certificates: Optional[Sequence[str]] = None,
                            leaf_not_after_behavior: Optional[str] = None,
                            manual_chains: Optional[Sequence[str]] = None,
                            namespace: Optional[str] = None,
                            ocsp_servers: Optional[Sequence[str]] = None,
                            revocation_signature_algorithm: Optional[str] = None,
                            usage: Optional[str] = None)
    @overload
    def SecretBackendIssuer(resource_name: str,
                            args: SecretBackendIssuerArgs,
                            opts: Optional[ResourceOptions] = None)
    func NewSecretBackendIssuer(ctx *Context, name string, args SecretBackendIssuerArgs, opts ...ResourceOption) (*SecretBackendIssuer, error)
    public SecretBackendIssuer(string name, SecretBackendIssuerArgs args, CustomResourceOptions? opts = null)
    public SecretBackendIssuer(String name, SecretBackendIssuerArgs args)
    public SecretBackendIssuer(String name, SecretBackendIssuerArgs args, CustomResourceOptions options)
    
    type: vault:pkiSecret:SecretBackendIssuer
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args SecretBackendIssuerArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SecretBackendIssuerArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SecretBackendIssuerArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SecretBackendIssuerArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SecretBackendIssuerArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    SecretBackendIssuer Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The SecretBackendIssuer resource accepts the following input properties:

    Backend string
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    IssuerRef string
    Reference to an existing issuer.
    CrlDistributionPoints List<string>
    Specifies the URL values for the CRL Distribution Points field.
    EnableAiaUrlTemplating bool
    Specifies that the AIA URL values should be templated.
    IssuerName string
    Name of the issuer.
    IssuingCertificates List<string>
    Specifies the URL values for the Issuing Certificate field.
    LeafNotAfterBehavior string
    Behavior of a leaf's NotAfter field during issuance.
    ManualChains List<string>
    Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    OcspServers List<string>
    Specifies the URL values for the OCSP Servers field.
    RevocationSignatureAlgorithm string
    Which signature algorithm to use when building CRLs.
    Usage string
    Allowed usages for this issuer.
    Backend string
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    IssuerRef string
    Reference to an existing issuer.
    CrlDistributionPoints []string
    Specifies the URL values for the CRL Distribution Points field.
    EnableAiaUrlTemplating bool
    Specifies that the AIA URL values should be templated.
    IssuerName string
    Name of the issuer.
    IssuingCertificates []string
    Specifies the URL values for the Issuing Certificate field.
    LeafNotAfterBehavior string
    Behavior of a leaf's NotAfter field during issuance.
    ManualChains []string
    Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    OcspServers []string
    Specifies the URL values for the OCSP Servers field.
    RevocationSignatureAlgorithm string
    Which signature algorithm to use when building CRLs.
    Usage string
    Allowed usages for this issuer.
    backend String
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    issuerRef String
    Reference to an existing issuer.
    crlDistributionPoints List<String>
    Specifies the URL values for the CRL Distribution Points field.
    enableAiaUrlTemplating Boolean
    Specifies that the AIA URL values should be templated.
    issuerName String
    Name of the issuer.
    issuingCertificates List<String>
    Specifies the URL values for the Issuing Certificate field.
    leafNotAfterBehavior String
    Behavior of a leaf's NotAfter field during issuance.
    manualChains List<String>
    Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    ocspServers List<String>
    Specifies the URL values for the OCSP Servers field.
    revocationSignatureAlgorithm String
    Which signature algorithm to use when building CRLs.
    usage String
    Allowed usages for this issuer.
    backend string
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    issuerRef string
    Reference to an existing issuer.
    crlDistributionPoints string[]
    Specifies the URL values for the CRL Distribution Points field.
    enableAiaUrlTemplating boolean
    Specifies that the AIA URL values should be templated.
    issuerName string
    Name of the issuer.
    issuingCertificates string[]
    Specifies the URL values for the Issuing Certificate field.
    leafNotAfterBehavior string
    Behavior of a leaf's NotAfter field during issuance.
    manualChains string[]
    Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    ocspServers string[]
    Specifies the URL values for the OCSP Servers field.
    revocationSignatureAlgorithm string
    Which signature algorithm to use when building CRLs.
    usage string
    Allowed usages for this issuer.
    backend str
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    issuer_ref str
    Reference to an existing issuer.
    crl_distribution_points Sequence[str]
    Specifies the URL values for the CRL Distribution Points field.
    enable_aia_url_templating bool
    Specifies that the AIA URL values should be templated.
    issuer_name str
    Name of the issuer.
    issuing_certificates Sequence[str]
    Specifies the URL values for the Issuing Certificate field.
    leaf_not_after_behavior str
    Behavior of a leaf's NotAfter field during issuance.
    manual_chains Sequence[str]
    Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    ocsp_servers Sequence[str]
    Specifies the URL values for the OCSP Servers field.
    revocation_signature_algorithm str
    Which signature algorithm to use when building CRLs.
    usage str
    Allowed usages for this issuer.
    backend String
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    issuerRef String
    Reference to an existing issuer.
    crlDistributionPoints List<String>
    Specifies the URL values for the CRL Distribution Points field.
    enableAiaUrlTemplating Boolean
    Specifies that the AIA URL values should be templated.
    issuerName String
    Name of the issuer.
    issuingCertificates List<String>
    Specifies the URL values for the Issuing Certificate field.
    leafNotAfterBehavior String
    Behavior of a leaf's NotAfter field during issuance.
    manualChains List<String>
    Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    ocspServers List<String>
    Specifies the URL values for the OCSP Servers field.
    revocationSignatureAlgorithm String
    Which signature algorithm to use when building CRLs.
    usage String
    Allowed usages for this issuer.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the SecretBackendIssuer resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    IssuerId string
    ID of the issuer.
    Id string
    The provider-assigned unique ID for this managed resource.
    IssuerId string
    ID of the issuer.
    id String
    The provider-assigned unique ID for this managed resource.
    issuerId String
    ID of the issuer.
    id string
    The provider-assigned unique ID for this managed resource.
    issuerId string
    ID of the issuer.
    id str
    The provider-assigned unique ID for this managed resource.
    issuer_id str
    ID of the issuer.
    id String
    The provider-assigned unique ID for this managed resource.
    issuerId String
    ID of the issuer.

    Look up Existing SecretBackendIssuer Resource

    Get an existing SecretBackendIssuer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SecretBackendIssuerState, opts?: CustomResourceOptions): SecretBackendIssuer
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            backend: Optional[str] = None,
            crl_distribution_points: Optional[Sequence[str]] = None,
            enable_aia_url_templating: Optional[bool] = None,
            issuer_id: Optional[str] = None,
            issuer_name: Optional[str] = None,
            issuer_ref: Optional[str] = None,
            issuing_certificates: Optional[Sequence[str]] = None,
            leaf_not_after_behavior: Optional[str] = None,
            manual_chains: Optional[Sequence[str]] = None,
            namespace: Optional[str] = None,
            ocsp_servers: Optional[Sequence[str]] = None,
            revocation_signature_algorithm: Optional[str] = None,
            usage: Optional[str] = None) -> SecretBackendIssuer
    func GetSecretBackendIssuer(ctx *Context, name string, id IDInput, state *SecretBackendIssuerState, opts ...ResourceOption) (*SecretBackendIssuer, error)
    public static SecretBackendIssuer Get(string name, Input<string> id, SecretBackendIssuerState? state, CustomResourceOptions? opts = null)
    public static SecretBackendIssuer get(String name, Output<String> id, SecretBackendIssuerState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Backend string
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    CrlDistributionPoints List<string>
    Specifies the URL values for the CRL Distribution Points field.
    EnableAiaUrlTemplating bool
    Specifies that the AIA URL values should be templated.
    IssuerId string
    ID of the issuer.
    IssuerName string
    Name of the issuer.
    IssuerRef string
    Reference to an existing issuer.
    IssuingCertificates List<string>
    Specifies the URL values for the Issuing Certificate field.
    LeafNotAfterBehavior string
    Behavior of a leaf's NotAfter field during issuance.
    ManualChains List<string>
    Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    OcspServers List<string>
    Specifies the URL values for the OCSP Servers field.
    RevocationSignatureAlgorithm string
    Which signature algorithm to use when building CRLs.
    Usage string
    Allowed usages for this issuer.
    Backend string
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    CrlDistributionPoints []string
    Specifies the URL values for the CRL Distribution Points field.
    EnableAiaUrlTemplating bool
    Specifies that the AIA URL values should be templated.
    IssuerId string
    ID of the issuer.
    IssuerName string
    Name of the issuer.
    IssuerRef string
    Reference to an existing issuer.
    IssuingCertificates []string
    Specifies the URL values for the Issuing Certificate field.
    LeafNotAfterBehavior string
    Behavior of a leaf's NotAfter field during issuance.
    ManualChains []string
    Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    OcspServers []string
    Specifies the URL values for the OCSP Servers field.
    RevocationSignatureAlgorithm string
    Which signature algorithm to use when building CRLs.
    Usage string
    Allowed usages for this issuer.
    backend String
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    crlDistributionPoints List<String>
    Specifies the URL values for the CRL Distribution Points field.
    enableAiaUrlTemplating Boolean
    Specifies that the AIA URL values should be templated.
    issuerId String
    ID of the issuer.
    issuerName String
    Name of the issuer.
    issuerRef String
    Reference to an existing issuer.
    issuingCertificates List<String>
    Specifies the URL values for the Issuing Certificate field.
    leafNotAfterBehavior String
    Behavior of a leaf's NotAfter field during issuance.
    manualChains List<String>
    Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    ocspServers List<String>
    Specifies the URL values for the OCSP Servers field.
    revocationSignatureAlgorithm String
    Which signature algorithm to use when building CRLs.
    usage String
    Allowed usages for this issuer.
    backend string
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    crlDistributionPoints string[]
    Specifies the URL values for the CRL Distribution Points field.
    enableAiaUrlTemplating boolean
    Specifies that the AIA URL values should be templated.
    issuerId string
    ID of the issuer.
    issuerName string
    Name of the issuer.
    issuerRef string
    Reference to an existing issuer.
    issuingCertificates string[]
    Specifies the URL values for the Issuing Certificate field.
    leafNotAfterBehavior string
    Behavior of a leaf's NotAfter field during issuance.
    manualChains string[]
    Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    ocspServers string[]
    Specifies the URL values for the OCSP Servers field.
    revocationSignatureAlgorithm string
    Which signature algorithm to use when building CRLs.
    usage string
    Allowed usages for this issuer.
    backend str
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    crl_distribution_points Sequence[str]
    Specifies the URL values for the CRL Distribution Points field.
    enable_aia_url_templating bool
    Specifies that the AIA URL values should be templated.
    issuer_id str
    ID of the issuer.
    issuer_name str
    Name of the issuer.
    issuer_ref str
    Reference to an existing issuer.
    issuing_certificates Sequence[str]
    Specifies the URL values for the Issuing Certificate field.
    leaf_not_after_behavior str
    Behavior of a leaf's NotAfter field during issuance.
    manual_chains Sequence[str]
    Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    ocsp_servers Sequence[str]
    Specifies the URL values for the OCSP Servers field.
    revocation_signature_algorithm str
    Which signature algorithm to use when building CRLs.
    usage str
    Allowed usages for this issuer.
    backend String
    The path the PKI secret backend is mounted at, with no leading or trailing /s.
    crlDistributionPoints List<String>
    Specifies the URL values for the CRL Distribution Points field.
    enableAiaUrlTemplating Boolean
    Specifies that the AIA URL values should be templated.
    issuerId String
    ID of the issuer.
    issuerName String
    Name of the issuer.
    issuerRef String
    Reference to an existing issuer.
    issuingCertificates List<String>
    Specifies the URL values for the Issuing Certificate field.
    leafNotAfterBehavior String
    Behavior of a leaf's NotAfter field during issuance.
    manualChains List<String>
    Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    ocspServers List<String>
    Specifies the URL values for the OCSP Servers field.
    revocationSignatureAlgorithm String
    Which signature algorithm to use when building CRLs.
    usage String
    Allowed usages for this issuer.

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v5.20.0 published on Tuesday, Feb 20, 2024 by Pulumi