Docs
PackagesHashiCorp Vault v6.1.0 published on Thursday, Apr 4, 2024 by Pulumi
vault.pkiSecret.SecretBackendRootCert
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const test = new vault.pkisecret.SecretBackendRootCert("test", {
backend: vault_mount.pki.path,
type: "internal",
commonName: "Root CA",
ttl: "315360000",
format: "pem",
privateKeyFormat: "der",
keyType: "rsa",
keyBits: 4096,
excludeCnFromSans: true,
ou: "My OU",
organization: "My organization",
}, {
dependsOn: [vault_mount.pki],
});
import pulumi
import pulumi_vault as vault
test = vault.pki_secret.SecretBackendRootCert("test",
backend=vault_mount["pki"]["path"],
type="internal",
common_name="Root CA",
ttl="315360000",
format="pem",
private_key_format="der",
key_type="rsa",
key_bits=4096,
exclude_cn_from_sans=True,
ou="My OU",
organization="My organization",
opts=pulumi.ResourceOptions(depends_on=[vault_mount["pki"]]))
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/pkiSecret"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := pkiSecret.NewSecretBackendRootCert(ctx, "test", &pkiSecret.SecretBackendRootCertArgs{
Backend: pulumi.Any(vault_mount.Pki.Path),
Type: pulumi.String("internal"),
CommonName: pulumi.String("Root CA"),
Ttl: pulumi.String("315360000"),
Format: pulumi.String("pem"),
PrivateKeyFormat: pulumi.String("der"),
KeyType: pulumi.String("rsa"),
KeyBits: pulumi.Int(4096),
ExcludeCnFromSans: pulumi.Bool(true),
Ou: pulumi.String("My OU"),
Organization: pulumi.String("My organization"),
}, pulumi.DependsOn([]pulumi.Resource{
vault_mount.Pki,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var test = new Vault.PkiSecret.SecretBackendRootCert("test", new()
{
Backend = vault_mount.Pki.Path,
Type = "internal",
CommonName = "Root CA",
Ttl = "315360000",
Format = "pem",
PrivateKeyFormat = "der",
KeyType = "rsa",
KeyBits = 4096,
ExcludeCnFromSans = true,
Ou = "My OU",
Organization = "My organization",
}, new CustomResourceOptions
{
DependsOn =
{
vault_mount.Pki,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.pkiSecret.SecretBackendRootCert;
import com.pulumi.vault.pkiSecret.SecretBackendRootCertArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new SecretBackendRootCert("test", SecretBackendRootCertArgs.builder()
.backend(vault_mount.pki().path())
.type("internal")
.commonName("Root CA")
.ttl("315360000")
.format("pem")
.privateKeyFormat("der")
.keyType("rsa")
.keyBits(4096)
.excludeCnFromSans(true)
.ou("My OU")
.organization("My organization")
.build(), CustomResourceOptions.builder()
.dependsOn(vault_mount.pki())
.build());
}
}
resources:
test:
type: vault:pkiSecret:SecretBackendRootCert
properties:
backend: ${vault_mount.pki.path}
type: internal
commonName: Root CA
ttl: '315360000'
format: pem
privateKeyFormat: der
keyType: rsa
keyBits: 4096
excludeCnFromSans: true
ou: My OU
organization: My organization
options:
dependson:
- ${vault_mount.pki}
Create SecretBackendRootCert Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecretBackendRootCert(name: string, args: SecretBackendRootCertArgs, opts?: CustomResourceOptions);@overload
def SecretBackendRootCert(resource_name: str,
args: SecretBackendRootCertArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecretBackendRootCert(resource_name: str,
opts: Optional[ResourceOptions] = None,
type: Optional[str] = None,
backend: Optional[str] = None,
common_name: Optional[str] = None,
managed_key_name: Optional[str] = None,
namespace: Optional[str] = None,
format: Optional[str] = None,
ip_sans: Optional[Sequence[str]] = None,
issuer_name: Optional[str] = None,
key_bits: Optional[int] = None,
key_name: Optional[str] = None,
key_ref: Optional[str] = None,
key_type: Optional[str] = None,
locality: Optional[str] = None,
managed_key_id: Optional[str] = None,
alt_names: Optional[Sequence[str]] = None,
max_path_length: Optional[int] = None,
exclude_cn_from_sans: Optional[bool] = None,
organization: Optional[str] = None,
other_sans: Optional[Sequence[str]] = None,
ou: Optional[str] = None,
permitted_dns_domains: Optional[Sequence[str]] = None,
postal_code: Optional[str] = None,
private_key_format: Optional[str] = None,
province: Optional[str] = None,
street_address: Optional[str] = None,
ttl: Optional[str] = None,
country: Optional[str] = None,
uri_sans: Optional[Sequence[str]] = None)func NewSecretBackendRootCert(ctx *Context, name string, args SecretBackendRootCertArgs, opts ...ResourceOption) (*SecretBackendRootCert, error)public SecretBackendRootCert(string name, SecretBackendRootCertArgs args, CustomResourceOptions? opts = null)
public SecretBackendRootCert(String name, SecretBackendRootCertArgs args)
public SecretBackendRootCert(String name, SecretBackendRootCertArgs args, CustomResourceOptions options)
type: vault:pkiSecret:SecretBackendRootCert
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecretBackendRootCertArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecretBackendRootCertArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecretBackendRootCertArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecretBackendRootCertArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecretBackendRootCertArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var secretBackendRootCertResource = new Vault.PkiSecret.SecretBackendRootCert("secretBackendRootCertResource", new()
{
Type = "string",
Backend = "string",
CommonName = "string",
ManagedKeyName = "string",
Namespace = "string",
Format = "string",
IpSans = new[]
{
"string",
},
IssuerName = "string",
KeyBits = 0,
KeyName = "string",
KeyRef = "string",
KeyType = "string",
Locality = "string",
ManagedKeyId = "string",
AltNames = new[]
{
"string",
},
MaxPathLength = 0,
ExcludeCnFromSans = false,
Organization = "string",
OtherSans = new[]
{
"string",
},
Ou = "string",
PermittedDnsDomains = new[]
{
"string",
},
PostalCode = "string",
PrivateKeyFormat = "string",
Province = "string",
StreetAddress = "string",
Ttl = "string",
Country = "string",
UriSans = new[]
{
"string",
},
});
example, err := pkiSecret.NewSecretBackendRootCert(ctx, "secretBackendRootCertResource", &pkiSecret.SecretBackendRootCertArgs{
Type: pulumi.String("string"),
Backend: pulumi.String("string"),
CommonName: pulumi.String("string"),
ManagedKeyName: pulumi.String("string"),
Namespace: pulumi.String("string"),
Format: pulumi.String("string"),
IpSans: pulumi.StringArray{
pulumi.String("string"),
},
IssuerName: pulumi.String("string"),
KeyBits: pulumi.Int(0),
KeyName: pulumi.String("string"),
KeyRef: pulumi.String("string"),
KeyType: pulumi.String("string"),
Locality: pulumi.String("string"),
ManagedKeyId: pulumi.String("string"),
AltNames: pulumi.StringArray{
pulumi.String("string"),
},
MaxPathLength: pulumi.Int(0),
ExcludeCnFromSans: pulumi.Bool(false),
Organization: pulumi.String("string"),
OtherSans: pulumi.StringArray{
pulumi.String("string"),
},
Ou: pulumi.String("string"),
PermittedDnsDomains: pulumi.StringArray{
pulumi.String("string"),
},
PostalCode: pulumi.String("string"),
PrivateKeyFormat: pulumi.String("string"),
Province: pulumi.String("string"),
StreetAddress: pulumi.String("string"),
Ttl: pulumi.String("string"),
Country: pulumi.String("string"),
UriSans: pulumi.StringArray{
pulumi.String("string"),
},
})
var secretBackendRootCertResource = new SecretBackendRootCert("secretBackendRootCertResource", SecretBackendRootCertArgs.builder()
.type("string")
.backend("string")
.commonName("string")
.managedKeyName("string")
.namespace("string")
.format("string")
.ipSans("string")
.issuerName("string")
.keyBits(0)
.keyName("string")
.keyRef("string")
.keyType("string")
.locality("string")
.managedKeyId("string")
.altNames("string")
.maxPathLength(0)
.excludeCnFromSans(false)
.organization("string")
.otherSans("string")
.ou("string")
.permittedDnsDomains("string")
.postalCode("string")
.privateKeyFormat("string")
.province("string")
.streetAddress("string")
.ttl("string")
.country("string")
.uriSans("string")
.build());
secret_backend_root_cert_resource = vault.pki_secret.SecretBackendRootCert("secretBackendRootCertResource",
type="string",
backend="string",
common_name="string",
managed_key_name="string",
namespace="string",
format="string",
ip_sans=["string"],
issuer_name="string",
key_bits=0,
key_name="string",
key_ref="string",
key_type="string",
locality="string",
managed_key_id="string",
alt_names=["string"],
max_path_length=0,
exclude_cn_from_sans=False,
organization="string",
other_sans=["string"],
ou="string",
permitted_dns_domains=["string"],
postal_code="string",
private_key_format="string",
province="string",
street_address="string",
ttl="string",
country="string",
uri_sans=["string"])
const secretBackendRootCertResource = new vault.pkisecret.SecretBackendRootCert("secretBackendRootCertResource", {
type: "string",
backend: "string",
commonName: "string",
managedKeyName: "string",
namespace: "string",
format: "string",
ipSans: ["string"],
issuerName: "string",
keyBits: 0,
keyName: "string",
keyRef: "string",
keyType: "string",
locality: "string",
managedKeyId: "string",
altNames: ["string"],
maxPathLength: 0,
excludeCnFromSans: false,
organization: "string",
otherSans: ["string"],
ou: "string",
permittedDnsDomains: ["string"],
postalCode: "string",
privateKeyFormat: "string",
province: "string",
streetAddress: "string",
ttl: "string",
country: "string",
uriSans: ["string"],
});
type: vault:pkiSecret:SecretBackendRootCert
properties:
altNames:
- string
backend: string
commonName: string
country: string
excludeCnFromSans: false
format: string
ipSans:
- string
issuerName: string
keyBits: 0
keyName: string
keyRef: string
keyType: string
locality: string
managedKeyId: string
managedKeyName: string
maxPathLength: 0
namespace: string
organization: string
otherSans:
- string
ou: string
permittedDnsDomains:
- string
postalCode: string
privateKeyFormat: string
province: string
streetAddress: string
ttl: string
type: string
uriSans:
- string
SecretBackendRootCert Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The SecretBackendRootCert resource accepts the following input properties:
- Backend string
- The PKI secret backend the resource belongs to.
- Common
Name string - CN of intermediate to create
- Type string
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- Alt
Names List<string> - List of alternative names
- Country string
- The country
- Exclude
Cn boolFrom Sans - Flag to exclude CN from SANs
- Format string
- The format of data
- Ip
Sans List<string> - List of alternative IPs
- Issuer
Name string - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - Key
Bits int - The number of bits to use
- Key
Name string - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - Key
Ref string - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - Key
Type string - The desired key type
- Locality string
- The locality
- Managed
Key stringId - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - Managed
Key stringName - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - Max
Path intLength - The maximum path length to encode in the generated certificate
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Organization string
- The organization
- Other
Sans List<string> - List of other SANs
- Ou string
- The organization unit
- Permitted
Dns List<string>Domains - List of domains for which certificates are allowed to be issued
- Postal
Code string - The postal code
- Private
Key stringFormat - The private key format
- Province string
- The province
- Street
Address string - The street address
- Ttl string
- Time to live
- Uri
Sans List<string> - List of alternative URIs
- Backend string
- The PKI secret backend the resource belongs to.
- Common
Name string - CN of intermediate to create
- Type string
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- Alt
Names []string - List of alternative names
- Country string
- The country
- Exclude
Cn boolFrom Sans - Flag to exclude CN from SANs
- Format string
- The format of data
- Ip
Sans []string - List of alternative IPs
- Issuer
Name string - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - Key
Bits int - The number of bits to use
- Key
Name string - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - Key
Ref string - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - Key
Type string - The desired key type
- Locality string
- The locality
- Managed
Key stringId - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - Managed
Key stringName - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - Max
Path intLength - The maximum path length to encode in the generated certificate
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Organization string
- The organization
- Other
Sans []string - List of other SANs
- Ou string
- The organization unit
- Permitted
Dns []stringDomains - List of domains for which certificates are allowed to be issued
- Postal
Code string - The postal code
- Private
Key stringFormat - The private key format
- Province string
- The province
- Street
Address string - The street address
- Ttl string
- Time to live
- Uri
Sans []string - List of alternative URIs
- backend String
- The PKI secret backend the resource belongs to.
- common
Name String - CN of intermediate to create
- type String
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- alt
Names List<String> - List of alternative names
- country String
- The country
- exclude
Cn BooleanFrom Sans - Flag to exclude CN from SANs
- format String
- The format of data
- ip
Sans List<String> - List of alternative IPs
- issuer
Name String - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - key
Bits Integer - The number of bits to use
- key
Name String - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - key
Ref String - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - key
Type String - The desired key type
- locality String
- The locality
- managed
Key StringId - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - managed
Key StringName - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - max
Path IntegerLength - The maximum path length to encode in the generated certificate
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - organization String
- The organization
- other
Sans List<String> - List of other SANs
- ou String
- The organization unit
- permitted
Dns List<String>Domains - List of domains for which certificates are allowed to be issued
- postal
Code String - The postal code
- private
Key StringFormat - The private key format
- province String
- The province
- street
Address String - The street address
- ttl String
- Time to live
- uri
Sans List<String> - List of alternative URIs
- backend string
- The PKI secret backend the resource belongs to.
- common
Name string - CN of intermediate to create
- type string
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- alt
Names string[] - List of alternative names
- country string
- The country
- exclude
Cn booleanFrom Sans - Flag to exclude CN from SANs
- format string
- The format of data
- ip
Sans string[] - List of alternative IPs
- issuer
Name string - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - key
Bits number - The number of bits to use
- key
Name string - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - key
Ref string - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - key
Type string - The desired key type
- locality string
- The locality
- managed
Key stringId - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - managed
Key stringName - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - max
Path numberLength - The maximum path length to encode in the generated certificate
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - organization string
- The organization
- other
Sans string[] - List of other SANs
- ou string
- The organization unit
- permitted
Dns string[]Domains - List of domains for which certificates are allowed to be issued
- postal
Code string - The postal code
- private
Key stringFormat - The private key format
- province string
- The province
- street
Address string - The street address
- ttl string
- Time to live
- uri
Sans string[] - List of alternative URIs
- backend str
- The PKI secret backend the resource belongs to.
- common_
name str - CN of intermediate to create
- type str
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- alt_
names Sequence[str] - List of alternative names
- country str
- The country
- exclude_
cn_ boolfrom_ sans - Flag to exclude CN from SANs
- format str
- The format of data
- ip_
sans Sequence[str] - List of alternative IPs
- issuer_
name str - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - key_
bits int - The number of bits to use
- key_
name str - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - key_
ref str - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - key_
type str - The desired key type
- locality str
- The locality
- managed_
key_ strid - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - managed_
key_ strname - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - max_
path_ intlength - The maximum path length to encode in the generated certificate
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - organization str
- The organization
- other_
sans Sequence[str] - List of other SANs
- ou str
- The organization unit
- permitted_
dns_ Sequence[str]domains - List of domains for which certificates are allowed to be issued
- postal_
code str - The postal code
- private_
key_ strformat - The private key format
- province str
- The province
- street_
address str - The street address
- ttl str
- Time to live
- uri_
sans Sequence[str] - List of alternative URIs
- backend String
- The PKI secret backend the resource belongs to.
- common
Name String - CN of intermediate to create
- type String
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- alt
Names List<String> - List of alternative names
- country String
- The country
- exclude
Cn BooleanFrom Sans - Flag to exclude CN from SANs
- format String
- The format of data
- ip
Sans List<String> - List of alternative IPs
- issuer
Name String - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - key
Bits Number - The number of bits to use
- key
Name String - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - key
Ref String - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - key
Type String - The desired key type
- locality String
- The locality
- managed
Key StringId - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - managed
Key StringName - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - max
Path NumberLength - The maximum path length to encode in the generated certificate
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - organization String
- The organization
- other
Sans List<String> - List of other SANs
- ou String
- The organization unit
- permitted
Dns List<String>Domains - List of domains for which certificates are allowed to be issued
- postal
Code String - The postal code
- private
Key StringFormat - The private key format
- province String
- The province
- street
Address String - The street address
- ttl String
- Time to live
- uri
Sans List<String> - List of alternative URIs
Outputs
All input properties are implicitly available as output properties. Additionally, the SecretBackendRootCert resource produces the following output properties:
- Certificate string
- The certificate.
- Id string
- The provider-assigned unique ID for this managed resource.
- Issuer
Id string - The ID of the generated issuer.
- Issuing
Ca string - The issuing CA certificate.
- Key
Id string - The ID of the generated key.
- Serial
Number string - The certificate's serial number, hex formatted.
- Certificate string
- The certificate.
- Id string
- The provider-assigned unique ID for this managed resource.
- Issuer
Id string - The ID of the generated issuer.
- Issuing
Ca string - The issuing CA certificate.
- Key
Id string - The ID of the generated key.
- Serial
Number string - The certificate's serial number, hex formatted.
- certificate String
- The certificate.
- id String
- The provider-assigned unique ID for this managed resource.
- issuer
Id String - The ID of the generated issuer.
- issuing
Ca String - The issuing CA certificate.
- key
Id String - The ID of the generated key.
- serial
Number String - The certificate's serial number, hex formatted.
- certificate string
- The certificate.
- id string
- The provider-assigned unique ID for this managed resource.
- issuer
Id string - The ID of the generated issuer.
- issuing
Ca string - The issuing CA certificate.
- key
Id string - The ID of the generated key.
- serial
Number string - The certificate's serial number, hex formatted.
- certificate str
- The certificate.
- id str
- The provider-assigned unique ID for this managed resource.
- issuer_
id str - The ID of the generated issuer.
- issuing_
ca str - The issuing CA certificate.
- key_
id str - The ID of the generated key.
- serial_
number str - The certificate's serial number, hex formatted.
- certificate String
- The certificate.
- id String
- The provider-assigned unique ID for this managed resource.
- issuer
Id String - The ID of the generated issuer.
- issuing
Ca String - The issuing CA certificate.
- key
Id String - The ID of the generated key.
- serial
Number String - The certificate's serial number, hex formatted.
Look up Existing SecretBackendRootCert Resource
Get an existing SecretBackendRootCert resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecretBackendRootCertState, opts?: CustomResourceOptions): SecretBackendRootCert@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
alt_names: Optional[Sequence[str]] = None,
backend: Optional[str] = None,
certificate: Optional[str] = None,
common_name: Optional[str] = None,
country: Optional[str] = None,
exclude_cn_from_sans: Optional[bool] = None,
format: Optional[str] = None,
ip_sans: Optional[Sequence[str]] = None,
issuer_id: Optional[str] = None,
issuer_name: Optional[str] = None,
issuing_ca: Optional[str] = None,
key_bits: Optional[int] = None,
key_id: Optional[str] = None,
key_name: Optional[str] = None,
key_ref: Optional[str] = None,
key_type: Optional[str] = None,
locality: Optional[str] = None,
managed_key_id: Optional[str] = None,
managed_key_name: Optional[str] = None,
max_path_length: Optional[int] = None,
namespace: Optional[str] = None,
organization: Optional[str] = None,
other_sans: Optional[Sequence[str]] = None,
ou: Optional[str] = None,
permitted_dns_domains: Optional[Sequence[str]] = None,
postal_code: Optional[str] = None,
private_key_format: Optional[str] = None,
province: Optional[str] = None,
serial_number: Optional[str] = None,
street_address: Optional[str] = None,
ttl: Optional[str] = None,
type: Optional[str] = None,
uri_sans: Optional[Sequence[str]] = None) -> SecretBackendRootCertfunc GetSecretBackendRootCert(ctx *Context, name string, id IDInput, state *SecretBackendRootCertState, opts ...ResourceOption) (*SecretBackendRootCert, error)public static SecretBackendRootCert Get(string name, Input<string> id, SecretBackendRootCertState? state, CustomResourceOptions? opts = null)public static SecretBackendRootCert get(String name, Output<String> id, SecretBackendRootCertState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Alt
Names List<string> - List of alternative names
- Backend string
- The PKI secret backend the resource belongs to.
- Certificate string
- The certificate.
- Common
Name string - CN of intermediate to create
- Country string
- The country
- Exclude
Cn boolFrom Sans - Flag to exclude CN from SANs
- Format string
- The format of data
- Ip
Sans List<string> - List of alternative IPs
- Issuer
Id string - The ID of the generated issuer.
- Issuer
Name string - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - Issuing
Ca string - The issuing CA certificate.
- Key
Bits int - The number of bits to use
- Key
Id string - The ID of the generated key.
- Key
Name string - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - Key
Ref string - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - Key
Type string - The desired key type
- Locality string
- The locality
- Managed
Key stringId - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - Managed
Key stringName - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - Max
Path intLength - The maximum path length to encode in the generated certificate
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Organization string
- The organization
- Other
Sans List<string> - List of other SANs
- Ou string
- The organization unit
- Permitted
Dns List<string>Domains - List of domains for which certificates are allowed to be issued
- Postal
Code string - The postal code
- Private
Key stringFormat - The private key format
- Province string
- The province
- Serial
Number string - The certificate's serial number, hex formatted.
- Street
Address string - The street address
- Ttl string
- Time to live
- Type string
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- Uri
Sans List<string> - List of alternative URIs
- Alt
Names []string - List of alternative names
- Backend string
- The PKI secret backend the resource belongs to.
- Certificate string
- The certificate.
- Common
Name string - CN of intermediate to create
- Country string
- The country
- Exclude
Cn boolFrom Sans - Flag to exclude CN from SANs
- Format string
- The format of data
- Ip
Sans []string - List of alternative IPs
- Issuer
Id string - The ID of the generated issuer.
- Issuer
Name string - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - Issuing
Ca string - The issuing CA certificate.
- Key
Bits int - The number of bits to use
- Key
Id string - The ID of the generated key.
- Key
Name string - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - Key
Ref string - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - Key
Type string - The desired key type
- Locality string
- The locality
- Managed
Key stringId - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - Managed
Key stringName - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - Max
Path intLength - The maximum path length to encode in the generated certificate
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Organization string
- The organization
- Other
Sans []string - List of other SANs
- Ou string
- The organization unit
- Permitted
Dns []stringDomains - List of domains for which certificates are allowed to be issued
- Postal
Code string - The postal code
- Private
Key stringFormat - The private key format
- Province string
- The province
- Serial
Number string - The certificate's serial number, hex formatted.
- Street
Address string - The street address
- Ttl string
- Time to live
- Type string
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- Uri
Sans []string - List of alternative URIs
- alt
Names List<String> - List of alternative names
- backend String
- The PKI secret backend the resource belongs to.
- certificate String
- The certificate.
- common
Name String - CN of intermediate to create
- country String
- The country
- exclude
Cn BooleanFrom Sans - Flag to exclude CN from SANs
- format String
- The format of data
- ip
Sans List<String> - List of alternative IPs
- issuer
Id String - The ID of the generated issuer.
- issuer
Name String - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - issuing
Ca String - The issuing CA certificate.
- key
Bits Integer - The number of bits to use
- key
Id String - The ID of the generated key.
- key
Name String - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - key
Ref String - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - key
Type String - The desired key type
- locality String
- The locality
- managed
Key StringId - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - managed
Key StringName - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - max
Path IntegerLength - The maximum path length to encode in the generated certificate
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - organization String
- The organization
- other
Sans List<String> - List of other SANs
- ou String
- The organization unit
- permitted
Dns List<String>Domains - List of domains for which certificates are allowed to be issued
- postal
Code String - The postal code
- private
Key StringFormat - The private key format
- province String
- The province
- serial
Number String - The certificate's serial number, hex formatted.
- street
Address String - The street address
- ttl String
- Time to live
- type String
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- uri
Sans List<String> - List of alternative URIs
- alt
Names string[] - List of alternative names
- backend string
- The PKI secret backend the resource belongs to.
- certificate string
- The certificate.
- common
Name string - CN of intermediate to create
- country string
- The country
- exclude
Cn booleanFrom Sans - Flag to exclude CN from SANs
- format string
- The format of data
- ip
Sans string[] - List of alternative IPs
- issuer
Id string - The ID of the generated issuer.
- issuer
Name string - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - issuing
Ca string - The issuing CA certificate.
- key
Bits number - The number of bits to use
- key
Id string - The ID of the generated key.
- key
Name string - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - key
Ref string - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - key
Type string - The desired key type
- locality string
- The locality
- managed
Key stringId - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - managed
Key stringName - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - max
Path numberLength - The maximum path length to encode in the generated certificate
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - organization string
- The organization
- other
Sans string[] - List of other SANs
- ou string
- The organization unit
- permitted
Dns string[]Domains - List of domains for which certificates are allowed to be issued
- postal
Code string - The postal code
- private
Key stringFormat - The private key format
- province string
- The province
- serial
Number string - The certificate's serial number, hex formatted.
- street
Address string - The street address
- ttl string
- Time to live
- type string
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- uri
Sans string[] - List of alternative URIs
- alt_
names Sequence[str] - List of alternative names
- backend str
- The PKI secret backend the resource belongs to.
- certificate str
- The certificate.
- common_
name str - CN of intermediate to create
- country str
- The country
- exclude_
cn_ boolfrom_ sans - Flag to exclude CN from SANs
- format str
- The format of data
- ip_
sans Sequence[str] - List of alternative IPs
- issuer_
id str - The ID of the generated issuer.
- issuer_
name str - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - issuing_
ca str - The issuing CA certificate.
- key_
bits int - The number of bits to use
- key_
id str - The ID of the generated key.
- key_
name str - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - key_
ref str - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - key_
type str - The desired key type
- locality str
- The locality
- managed_
key_ strid - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - managed_
key_ strname - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - max_
path_ intlength - The maximum path length to encode in the generated certificate
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - organization str
- The organization
- other_
sans Sequence[str] - List of other SANs
- ou str
- The organization unit
- permitted_
dns_ Sequence[str]domains - List of domains for which certificates are allowed to be issued
- postal_
code str - The postal code
- private_
key_ strformat - The private key format
- province str
- The province
- serial_
number str - The certificate's serial number, hex formatted.
- street_
address str - The street address
- ttl str
- Time to live
- type str
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- uri_
sans Sequence[str] - List of alternative URIs
- alt
Names List<String> - List of alternative names
- backend String
- The PKI secret backend the resource belongs to.
- certificate String
- The certificate.
- common
Name String - CN of intermediate to create
- country String
- The country
- exclude
Cn BooleanFrom Sans - Flag to exclude CN from SANs
- format String
- The format of data
- ip
Sans List<String> - List of alternative IPs
- issuer
Id String - The ID of the generated issuer.
- issuer
Name String - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - issuing
Ca String - The issuing CA certificate.
- key
Bits Number - The number of bits to use
- key
Id String - The ID of the generated key.
- key
Name String - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - key
Ref String - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - key
Type String - The desired key type
- locality String
- The locality
- managed
Key StringId - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - managed
Key StringName - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - max
Path NumberLength - The maximum path length to encode in the generated certificate
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - organization String
- The organization
- other
Sans List<String> - List of other SANs
- ou String
- The organization unit
- permitted
Dns List<String>Domains - List of domains for which certificates are allowed to be issued
- postal
Code String - The postal code
- private
Key StringFormat - The private key format
- province String
- The province
- serial
Number String - The certificate's serial number, hex formatted.
- street
Address String - The street address
- ttl String
- Time to live
- type String
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- uri
Sans List<String> - List of alternative URIs
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vaultTerraform Provider.