Viewing docs for Venafi v1.12.3
published on Thursday, Feb 26, 2026 by Pulumi
published on Thursday, Feb 26, 2026 by Pulumi
Viewing docs for Venafi v1.12.3
published on Thursday, Feb 26, 2026 by Pulumi
published on Thursday, Feb 26, 2026 by Pulumi
!> We dropped support for RSA PKCS#1 formatted keys for TLS certificates in version 15.0 and also for EC Keys in version 0.15.4 (you can find out more about this transition in here). For backward compatibility during Terraform state refresh please update to version 0.15.5 or above.
Provides access to TLS key and certificate data enrolled using Venafi. This can be used to define a certificate.
The venafi.Certificate resource handles certificate renewals as long as a
pulumi up is run within the expiration_window period. Keep in mind that the
expiration_window in the provider configuration needs to align with the renewal
window of the issuing CA to achieve the desired result.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as venafi from "@pulumi/venafi";
const webserver = new venafi.Certificate("webserver", {
commonName: "web.venafi.example",
sanDns: [
"web01.venafi.example",
"web02.venafi.example",
],
algorithm: "RSA",
rsaBits: 2048,
keyPassword: pkPass,
customFields: {
"Cost Center": "AB1234",
Environment: "UAT|Staging",
},
});
import pulumi
import pulumi_venafi as venafi
webserver = venafi.Certificate("webserver",
common_name="web.venafi.example",
san_dns=[
"web01.venafi.example",
"web02.venafi.example",
],
algorithm="RSA",
rsa_bits=2048,
key_password=pk_pass,
custom_fields={
"Cost Center": "AB1234",
"Environment": "UAT|Staging",
})
package main
import (
"github.com/pulumi/pulumi-venafi/sdk/go/venafi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := venafi.NewCertificate(ctx, "webserver", &venafi.CertificateArgs{
CommonName: pulumi.String("web.venafi.example"),
SanDns: pulumi.StringArray{
pulumi.String("web01.venafi.example"),
pulumi.String("web02.venafi.example"),
},
Algorithm: pulumi.String("RSA"),
RsaBits: pulumi.Int(2048),
KeyPassword: pulumi.Any(pkPass),
CustomFields: pulumi.StringMap{
"Cost Center": pulumi.String("AB1234"),
"Environment": pulumi.String("UAT|Staging"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Venafi = Pulumi.Venafi;
return await Deployment.RunAsync(() =>
{
var webserver = new Venafi.Certificate("webserver", new()
{
CommonName = "web.venafi.example",
SanDns = new[]
{
"web01.venafi.example",
"web02.venafi.example",
},
Algorithm = "RSA",
RsaBits = 2048,
KeyPassword = pkPass,
CustomFields =
{
{ "Cost Center", "AB1234" },
{ "Environment", "UAT|Staging" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.venafi.Certificate;
import com.pulumi.venafi.CertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var webserver = new Certificate("webserver", CertificateArgs.builder()
.commonName("web.venafi.example")
.sanDns(
"web01.venafi.example",
"web02.venafi.example")
.algorithm("RSA")
.rsaBits(2048)
.keyPassword(pkPass)
.customFields(Map.ofEntries(
Map.entry("Cost Center", "AB1234"),
Map.entry("Environment", "UAT|Staging")
))
.build());
}
}
resources:
webserver:
type: venafi:Certificate
properties:
commonName: web.venafi.example
sanDns:
- web01.venafi.example
- web02.venafi.example
algorithm: RSA
rsaBits: '2048'
keyPassword: ${pkPass}
customFields:
Cost Center: AB1234
Environment: UAT|Staging
Certificate Renewal
The venafi.Certificate resource handles certificate renewals as long as a
pulumi up is done within the expiration_window period. Keep in mind that the
expiration_window in the Terraform configuration needs to align with the renewal
window of the issuing CA to achieve the desired result.
Create Certificate Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Certificate(name: string, args: CertificateArgs, opts?: CustomResourceOptions);@overload
def Certificate(resource_name: str,
args: CertificateArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Certificate(resource_name: str,
opts: Optional[ResourceOptions] = None,
common_name: Optional[str] = None,
nickname: Optional[str] = None,
san_uris: Optional[Sequence[str]] = None,
country: Optional[str] = None,
csr_origin: Optional[str] = None,
csr_pem: Optional[str] = None,
custom_fields: Optional[Mapping[str, str]] = None,
ecdsa_curve: Optional[str] = None,
expiration_window: Optional[int] = None,
issuer_hint: Optional[str] = None,
key_password: Optional[str] = None,
locality: Optional[str] = None,
algorithm: Optional[str] = None,
certificate_dn: Optional[str] = None,
pkcs12: Optional[str] = None,
organization: Optional[str] = None,
private_key_pem: Optional[str] = None,
renew_required: Optional[bool] = None,
rsa_bits: Optional[int] = None,
san_dns: Optional[Sequence[str]] = None,
san_emails: Optional[Sequence[str]] = None,
san_ips: Optional[Sequence[str]] = None,
organizational_units: Optional[Sequence[str]] = None,
state: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
valid_days: Optional[int] = None)func NewCertificate(ctx *Context, name string, args CertificateArgs, opts ...ResourceOption) (*Certificate, error)public Certificate(string name, CertificateArgs args, CustomResourceOptions? opts = null)
public Certificate(String name, CertificateArgs args)
public Certificate(String name, CertificateArgs args, CustomResourceOptions options)
type: venafi:Certificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var certificateResource = new Venafi.Certificate("certificateResource", new()
{
CommonName = "string",
Nickname = "string",
SanUris = new[]
{
"string",
},
Country = "string",
CsrOrigin = "string",
CsrPem = "string",
CustomFields =
{
{ "string", "string" },
},
EcdsaCurve = "string",
ExpirationWindow = 0,
IssuerHint = "string",
KeyPassword = "string",
Locality = "string",
Algorithm = "string",
CertificateDn = "string",
Pkcs12 = "string",
Organization = "string",
PrivateKeyPem = "string",
RenewRequired = false,
RsaBits = 0,
SanDns = new[]
{
"string",
},
SanEmails = new[]
{
"string",
},
SanIps = new[]
{
"string",
},
OrganizationalUnits = new[]
{
"string",
},
State = "string",
Tags = new[]
{
"string",
},
ValidDays = 0,
});
example, err := venafi.NewCertificate(ctx, "certificateResource", &venafi.CertificateArgs{
CommonName: pulumi.String("string"),
Nickname: pulumi.String("string"),
SanUris: pulumi.StringArray{
pulumi.String("string"),
},
Country: pulumi.String("string"),
CsrOrigin: pulumi.String("string"),
CsrPem: pulumi.String("string"),
CustomFields: pulumi.StringMap{
"string": pulumi.String("string"),
},
EcdsaCurve: pulumi.String("string"),
ExpirationWindow: pulumi.Int(0),
IssuerHint: pulumi.String("string"),
KeyPassword: pulumi.String("string"),
Locality: pulumi.String("string"),
Algorithm: pulumi.String("string"),
CertificateDn: pulumi.String("string"),
Pkcs12: pulumi.String("string"),
Organization: pulumi.String("string"),
PrivateKeyPem: pulumi.String("string"),
RenewRequired: pulumi.Bool(false),
RsaBits: pulumi.Int(0),
SanDns: pulumi.StringArray{
pulumi.String("string"),
},
SanEmails: pulumi.StringArray{
pulumi.String("string"),
},
SanIps: pulumi.StringArray{
pulumi.String("string"),
},
OrganizationalUnits: pulumi.StringArray{
pulumi.String("string"),
},
State: pulumi.String("string"),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
ValidDays: pulumi.Int(0),
})
var certificateResource = new Certificate("certificateResource", CertificateArgs.builder()
.commonName("string")
.nickname("string")
.sanUris("string")
.country("string")
.csrOrigin("string")
.csrPem("string")
.customFields(Map.of("string", "string"))
.ecdsaCurve("string")
.expirationWindow(0)
.issuerHint("string")
.keyPassword("string")
.locality("string")
.algorithm("string")
.certificateDn("string")
.pkcs12("string")
.organization("string")
.privateKeyPem("string")
.renewRequired(false)
.rsaBits(0)
.sanDns("string")
.sanEmails("string")
.sanIps("string")
.organizationalUnits("string")
.state("string")
.tags("string")
.validDays(0)
.build());
certificate_resource = venafi.Certificate("certificateResource",
common_name="string",
nickname="string",
san_uris=["string"],
country="string",
csr_origin="string",
csr_pem="string",
custom_fields={
"string": "string",
},
ecdsa_curve="string",
expiration_window=0,
issuer_hint="string",
key_password="string",
locality="string",
algorithm="string",
certificate_dn="string",
pkcs12="string",
organization="string",
private_key_pem="string",
renew_required=False,
rsa_bits=0,
san_dns=["string"],
san_emails=["string"],
san_ips=["string"],
organizational_units=["string"],
state="string",
tags=["string"],
valid_days=0)
const certificateResource = new venafi.Certificate("certificateResource", {
commonName: "string",
nickname: "string",
sanUris: ["string"],
country: "string",
csrOrigin: "string",
csrPem: "string",
customFields: {
string: "string",
},
ecdsaCurve: "string",
expirationWindow: 0,
issuerHint: "string",
keyPassword: "string",
locality: "string",
algorithm: "string",
certificateDn: "string",
pkcs12: "string",
organization: "string",
privateKeyPem: "string",
renewRequired: false,
rsaBits: 0,
sanDns: ["string"],
sanEmails: ["string"],
sanIps: ["string"],
organizationalUnits: ["string"],
state: "string",
tags: ["string"],
validDays: 0,
});
type: venafi:Certificate
properties:
algorithm: string
certificateDn: string
commonName: string
country: string
csrOrigin: string
csrPem: string
customFields:
string: string
ecdsaCurve: string
expirationWindow: 0
issuerHint: string
keyPassword: string
locality: string
nickname: string
organization: string
organizationalUnits:
- string
pkcs12: string
privateKeyPem: string
renewRequired: false
rsaBits: 0
sanDns:
- string
sanEmails:
- string
sanIps:
- string
sanUris:
- string
state: string
tags:
- string
validDays: 0
Certificate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Certificate resource accepts the following input properties:
- Common
Name string - The common name of the certificate.
- Algorithm string
- Key encryption algorithm, either RSA or ECDSA. Defaults to
RSA. - Certificate
Dn string - Country string
- Country of the certificate (C)
- Csr
Origin string - Whether key-pair generation will be
localorservicegenerated. Default islocal. - Csr
Pem string - Custom
Fields Dictionary<string, string> - Collection of Custom Field name-value pairs to assign to the certificate.
- Ecdsa
Curve string - ECDSA curve to use when generating a key
- Expiration
Window int - Number of hours before certificate expiry to request a new certificate.
Defaults to
168. - Issuer
Hint string - Used with
valid_daysto indicate the target issuer when using Trust Protection Platform. Relevant values are:DigiCert,Entrust, andMicrosoft. - Key
Password string - The password used to encrypt the private key.
- Locality string
- Locality/City of the certificate (L)
- Nickname string
- Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
- Organization string
- Organization of the certificate (O)
- Organizational
Units List<string> - List of Organizational Units of the certificate (OU)
- Pkcs12 string
- A base64-encoded PKCS#12 keystore secured by the
key_password. Useful when working with resources like azure key_vault_certificate. - Private
Key stringPem - The private key in PEM format.
- Renew
Required bool - Indicates the certificate should be reissued. This means the resource will destroyed and recreated
- Rsa
Bits int - Number of bits to use when generating an RSA key. Applies when algorithm is
RSA. Defaults to2048. - San
Dns List<string> - List of DNS names to use as alternative subjects of the certificate.
- San
Emails List<string> - List of email addresses to use as alternative subjects of the certificate.
- San
Ips List<string> - List of IP addresses to use as alternative subjects of the certificate.
- San
Uris List<string> - List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
- State string
- State of the certificate (S)
- List<string>
- List of Certificate Tags defined in Venafi Control Plane.
- Valid
Days int - Desired number of days for which the new certificate will be valid.
- Common
Name string - The common name of the certificate.
- Algorithm string
- Key encryption algorithm, either RSA or ECDSA. Defaults to
RSA. - Certificate
Dn string - Country string
- Country of the certificate (C)
- Csr
Origin string - Whether key-pair generation will be
localorservicegenerated. Default islocal. - Csr
Pem string - Custom
Fields map[string]string - Collection of Custom Field name-value pairs to assign to the certificate.
- Ecdsa
Curve string - ECDSA curve to use when generating a key
- Expiration
Window int - Number of hours before certificate expiry to request a new certificate.
Defaults to
168. - Issuer
Hint string - Used with
valid_daysto indicate the target issuer when using Trust Protection Platform. Relevant values are:DigiCert,Entrust, andMicrosoft. - Key
Password string - The password used to encrypt the private key.
- Locality string
- Locality/City of the certificate (L)
- Nickname string
- Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
- Organization string
- Organization of the certificate (O)
- Organizational
Units []string - List of Organizational Units of the certificate (OU)
- Pkcs12 string
- A base64-encoded PKCS#12 keystore secured by the
key_password. Useful when working with resources like azure key_vault_certificate. - Private
Key stringPem - The private key in PEM format.
- Renew
Required bool - Indicates the certificate should be reissued. This means the resource will destroyed and recreated
- Rsa
Bits int - Number of bits to use when generating an RSA key. Applies when algorithm is
RSA. Defaults to2048. - San
Dns []string - List of DNS names to use as alternative subjects of the certificate.
- San
Emails []string - List of email addresses to use as alternative subjects of the certificate.
- San
Ips []string - List of IP addresses to use as alternative subjects of the certificate.
- San
Uris []string - List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
- State string
- State of the certificate (S)
- []string
- List of Certificate Tags defined in Venafi Control Plane.
- Valid
Days int - Desired number of days for which the new certificate will be valid.
- common
Name String - The common name of the certificate.
- algorithm String
- Key encryption algorithm, either RSA or ECDSA. Defaults to
RSA. - certificate
Dn String - country String
- Country of the certificate (C)
- csr
Origin String - Whether key-pair generation will be
localorservicegenerated. Default islocal. - csr
Pem String - custom
Fields Map<String,String> - Collection of Custom Field name-value pairs to assign to the certificate.
- ecdsa
Curve String - ECDSA curve to use when generating a key
- expiration
Window Integer - Number of hours before certificate expiry to request a new certificate.
Defaults to
168. - issuer
Hint String - Used with
valid_daysto indicate the target issuer when using Trust Protection Platform. Relevant values are:DigiCert,Entrust, andMicrosoft. - key
Password String - The password used to encrypt the private key.
- locality String
- Locality/City of the certificate (L)
- nickname String
- Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
- organization String
- Organization of the certificate (O)
- organizational
Units List<String> - List of Organizational Units of the certificate (OU)
- pkcs12 String
- A base64-encoded PKCS#12 keystore secured by the
key_password. Useful when working with resources like azure key_vault_certificate. - private
Key StringPem - The private key in PEM format.
- renew
Required Boolean - Indicates the certificate should be reissued. This means the resource will destroyed and recreated
- rsa
Bits Integer - Number of bits to use when generating an RSA key. Applies when algorithm is
RSA. Defaults to2048. - san
Dns List<String> - List of DNS names to use as alternative subjects of the certificate.
- san
Emails List<String> - List of email addresses to use as alternative subjects of the certificate.
- san
Ips List<String> - List of IP addresses to use as alternative subjects of the certificate.
- san
Uris List<String> - List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
- state String
- State of the certificate (S)
- List<String>
- List of Certificate Tags defined in Venafi Control Plane.
- valid
Days Integer - Desired number of days for which the new certificate will be valid.
- common
Name string - The common name of the certificate.
- algorithm string
- Key encryption algorithm, either RSA or ECDSA. Defaults to
RSA. - certificate
Dn string - country string
- Country of the certificate (C)
- csr
Origin string - Whether key-pair generation will be
localorservicegenerated. Default islocal. - csr
Pem string - custom
Fields {[key: string]: string} - Collection of Custom Field name-value pairs to assign to the certificate.
- ecdsa
Curve string - ECDSA curve to use when generating a key
- expiration
Window number - Number of hours before certificate expiry to request a new certificate.
Defaults to
168. - issuer
Hint string - Used with
valid_daysto indicate the target issuer when using Trust Protection Platform. Relevant values are:DigiCert,Entrust, andMicrosoft. - key
Password string - The password used to encrypt the private key.
- locality string
- Locality/City of the certificate (L)
- nickname string
- Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
- organization string
- Organization of the certificate (O)
- organizational
Units string[] - List of Organizational Units of the certificate (OU)
- pkcs12 string
- A base64-encoded PKCS#12 keystore secured by the
key_password. Useful when working with resources like azure key_vault_certificate. - private
Key stringPem - The private key in PEM format.
- renew
Required boolean - Indicates the certificate should be reissued. This means the resource will destroyed and recreated
- rsa
Bits number - Number of bits to use when generating an RSA key. Applies when algorithm is
RSA. Defaults to2048. - san
Dns string[] - List of DNS names to use as alternative subjects of the certificate.
- san
Emails string[] - List of email addresses to use as alternative subjects of the certificate.
- san
Ips string[] - List of IP addresses to use as alternative subjects of the certificate.
- san
Uris string[] - List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
- state string
- State of the certificate (S)
- string[]
- List of Certificate Tags defined in Venafi Control Plane.
- valid
Days number - Desired number of days for which the new certificate will be valid.
- common_
name str - The common name of the certificate.
- algorithm str
- Key encryption algorithm, either RSA or ECDSA. Defaults to
RSA. - certificate_
dn str - country str
- Country of the certificate (C)
- csr_
origin str - Whether key-pair generation will be
localorservicegenerated. Default islocal. - csr_
pem str - custom_
fields Mapping[str, str] - Collection of Custom Field name-value pairs to assign to the certificate.
- ecdsa_
curve str - ECDSA curve to use when generating a key
- expiration_
window int - Number of hours before certificate expiry to request a new certificate.
Defaults to
168. - issuer_
hint str - Used with
valid_daysto indicate the target issuer when using Trust Protection Platform. Relevant values are:DigiCert,Entrust, andMicrosoft. - key_
password str - The password used to encrypt the private key.
- locality str
- Locality/City of the certificate (L)
- nickname str
- Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
- organization str
- Organization of the certificate (O)
- organizational_
units Sequence[str] - List of Organizational Units of the certificate (OU)
- pkcs12 str
- A base64-encoded PKCS#12 keystore secured by the
key_password. Useful when working with resources like azure key_vault_certificate. - private_
key_ strpem - The private key in PEM format.
- renew_
required bool - Indicates the certificate should be reissued. This means the resource will destroyed and recreated
- rsa_
bits int - Number of bits to use when generating an RSA key. Applies when algorithm is
RSA. Defaults to2048. - san_
dns Sequence[str] - List of DNS names to use as alternative subjects of the certificate.
- san_
emails Sequence[str] - List of email addresses to use as alternative subjects of the certificate.
- san_
ips Sequence[str] - List of IP addresses to use as alternative subjects of the certificate.
- san_
uris Sequence[str] - List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
- state str
- State of the certificate (S)
- Sequence[str]
- List of Certificate Tags defined in Venafi Control Plane.
- valid_
days int - Desired number of days for which the new certificate will be valid.
- common
Name String - The common name of the certificate.
- algorithm String
- Key encryption algorithm, either RSA or ECDSA. Defaults to
RSA. - certificate
Dn String - country String
- Country of the certificate (C)
- csr
Origin String - Whether key-pair generation will be
localorservicegenerated. Default islocal. - csr
Pem String - custom
Fields Map<String> - Collection of Custom Field name-value pairs to assign to the certificate.
- ecdsa
Curve String - ECDSA curve to use when generating a key
- expiration
Window Number - Number of hours before certificate expiry to request a new certificate.
Defaults to
168. - issuer
Hint String - Used with
valid_daysto indicate the target issuer when using Trust Protection Platform. Relevant values are:DigiCert,Entrust, andMicrosoft. - key
Password String - The password used to encrypt the private key.
- locality String
- Locality/City of the certificate (L)
- nickname String
- Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
- organization String
- Organization of the certificate (O)
- organizational
Units List<String> - List of Organizational Units of the certificate (OU)
- pkcs12 String
- A base64-encoded PKCS#12 keystore secured by the
key_password. Useful when working with resources like azure key_vault_certificate. - private
Key StringPem - The private key in PEM format.
- renew
Required Boolean - Indicates the certificate should be reissued. This means the resource will destroyed and recreated
- rsa
Bits Number - Number of bits to use when generating an RSA key. Applies when algorithm is
RSA. Defaults to2048. - san
Dns List<String> - List of DNS names to use as alternative subjects of the certificate.
- san
Emails List<String> - List of email addresses to use as alternative subjects of the certificate.
- san
Ips List<String> - List of IP addresses to use as alternative subjects of the certificate.
- san
Uris List<String> - List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
- state String
- State of the certificate (S)
- List<String>
- List of Certificate Tags defined in Venafi Control Plane.
- valid
Days Number - Desired number of days for which the new certificate will be valid.
Outputs
All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:
- Certificate
Details string - The X509 certificate in PEM format.
- Certificate
Id string - ID of the issued certificate
- Chain string
- The trust chain of X509 certificate authority certificates in PEM format concatenated together.
- Id string
- The provider-assigned unique ID for this managed resource.
- Certificate string
- The X509 certificate in PEM format.
- Certificate
Id string - ID of the issued certificate
- Chain string
- The trust chain of X509 certificate authority certificates in PEM format concatenated together.
- Id string
- The provider-assigned unique ID for this managed resource.
- certificate String
- The X509 certificate in PEM format.
- certificate
Id String - ID of the issued certificate
- chain String
- The trust chain of X509 certificate authority certificates in PEM format concatenated together.
- id String
- The provider-assigned unique ID for this managed resource.
- certificate string
- The X509 certificate in PEM format.
- certificate
Id string - ID of the issued certificate
- chain string
- The trust chain of X509 certificate authority certificates in PEM format concatenated together.
- id string
- The provider-assigned unique ID for this managed resource.
- certificate str
- The X509 certificate in PEM format.
- certificate_
id str - ID of the issued certificate
- chain str
- The trust chain of X509 certificate authority certificates in PEM format concatenated together.
- id str
- The provider-assigned unique ID for this managed resource.
- certificate String
- The X509 certificate in PEM format.
- certificate
Id String - ID of the issued certificate
- chain String
- The trust chain of X509 certificate authority certificates in PEM format concatenated together.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Certificate Resource
Get an existing Certificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CertificateState, opts?: CustomResourceOptions): Certificate@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
algorithm: Optional[str] = None,
certificate: Optional[str] = None,
certificate_dn: Optional[str] = None,
certificate_id: Optional[str] = None,
chain: Optional[str] = None,
common_name: Optional[str] = None,
country: Optional[str] = None,
csr_origin: Optional[str] = None,
csr_pem: Optional[str] = None,
custom_fields: Optional[Mapping[str, str]] = None,
ecdsa_curve: Optional[str] = None,
expiration_window: Optional[int] = None,
issuer_hint: Optional[str] = None,
key_password: Optional[str] = None,
locality: Optional[str] = None,
nickname: Optional[str] = None,
organization: Optional[str] = None,
organizational_units: Optional[Sequence[str]] = None,
pkcs12: Optional[str] = None,
private_key_pem: Optional[str] = None,
renew_required: Optional[bool] = None,
rsa_bits: Optional[int] = None,
san_dns: Optional[Sequence[str]] = None,
san_emails: Optional[Sequence[str]] = None,
san_ips: Optional[Sequence[str]] = None,
san_uris: Optional[Sequence[str]] = None,
state: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
valid_days: Optional[int] = None) -> Certificatefunc GetCertificate(ctx *Context, name string, id IDInput, state *CertificateState, opts ...ResourceOption) (*Certificate, error)public static Certificate Get(string name, Input<string> id, CertificateState? state, CustomResourceOptions? opts = null)public static Certificate get(String name, Output<String> id, CertificateState state, CustomResourceOptions options)resources: _: type: venafi:Certificate get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Algorithm string
- Key encryption algorithm, either RSA or ECDSA. Defaults to
RSA. - Certificate
Details string - The X509 certificate in PEM format.
- Certificate
Dn string - Certificate
Id string - ID of the issued certificate
- Chain string
- The trust chain of X509 certificate authority certificates in PEM format concatenated together.
- Common
Name string - The common name of the certificate.
- Country string
- Country of the certificate (C)
- Csr
Origin string - Whether key-pair generation will be
localorservicegenerated. Default islocal. - Csr
Pem string - Custom
Fields Dictionary<string, string> - Collection of Custom Field name-value pairs to assign to the certificate.
- Ecdsa
Curve string - ECDSA curve to use when generating a key
- Expiration
Window int - Number of hours before certificate expiry to request a new certificate.
Defaults to
168. - Issuer
Hint string - Used with
valid_daysto indicate the target issuer when using Trust Protection Platform. Relevant values are:DigiCert,Entrust, andMicrosoft. - Key
Password string - The password used to encrypt the private key.
- Locality string
- Locality/City of the certificate (L)
- Nickname string
- Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
- Organization string
- Organization of the certificate (O)
- Organizational
Units List<string> - List of Organizational Units of the certificate (OU)
- Pkcs12 string
- A base64-encoded PKCS#12 keystore secured by the
key_password. Useful when working with resources like azure key_vault_certificate. - Private
Key stringPem - The private key in PEM format.
- Renew
Required bool - Indicates the certificate should be reissued. This means the resource will destroyed and recreated
- Rsa
Bits int - Number of bits to use when generating an RSA key. Applies when algorithm is
RSA. Defaults to2048. - San
Dns List<string> - List of DNS names to use as alternative subjects of the certificate.
- San
Emails List<string> - List of email addresses to use as alternative subjects of the certificate.
- San
Ips List<string> - List of IP addresses to use as alternative subjects of the certificate.
- San
Uris List<string> - List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
- State string
- State of the certificate (S)
- List<string>
- List of Certificate Tags defined in Venafi Control Plane.
- Valid
Days int - Desired number of days for which the new certificate will be valid.
- Algorithm string
- Key encryption algorithm, either RSA or ECDSA. Defaults to
RSA. - Certificate string
- The X509 certificate in PEM format.
- Certificate
Dn string - Certificate
Id string - ID of the issued certificate
- Chain string
- The trust chain of X509 certificate authority certificates in PEM format concatenated together.
- Common
Name string - The common name of the certificate.
- Country string
- Country of the certificate (C)
- Csr
Origin string - Whether key-pair generation will be
localorservicegenerated. Default islocal. - Csr
Pem string - Custom
Fields map[string]string - Collection of Custom Field name-value pairs to assign to the certificate.
- Ecdsa
Curve string - ECDSA curve to use when generating a key
- Expiration
Window int - Number of hours before certificate expiry to request a new certificate.
Defaults to
168. - Issuer
Hint string - Used with
valid_daysto indicate the target issuer when using Trust Protection Platform. Relevant values are:DigiCert,Entrust, andMicrosoft. - Key
Password string - The password used to encrypt the private key.
- Locality string
- Locality/City of the certificate (L)
- Nickname string
- Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
- Organization string
- Organization of the certificate (O)
- Organizational
Units []string - List of Organizational Units of the certificate (OU)
- Pkcs12 string
- A base64-encoded PKCS#12 keystore secured by the
key_password. Useful when working with resources like azure key_vault_certificate. - Private
Key stringPem - The private key in PEM format.
- Renew
Required bool - Indicates the certificate should be reissued. This means the resource will destroyed and recreated
- Rsa
Bits int - Number of bits to use when generating an RSA key. Applies when algorithm is
RSA. Defaults to2048. - San
Dns []string - List of DNS names to use as alternative subjects of the certificate.
- San
Emails []string - List of email addresses to use as alternative subjects of the certificate.
- San
Ips []string - List of IP addresses to use as alternative subjects of the certificate.
- San
Uris []string - List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
- State string
- State of the certificate (S)
- []string
- List of Certificate Tags defined in Venafi Control Plane.
- Valid
Days int - Desired number of days for which the new certificate will be valid.
- algorithm String
- Key encryption algorithm, either RSA or ECDSA. Defaults to
RSA. - certificate String
- The X509 certificate in PEM format.
- certificate
Dn String - certificate
Id String - ID of the issued certificate
- chain String
- The trust chain of X509 certificate authority certificates in PEM format concatenated together.
- common
Name String - The common name of the certificate.
- country String
- Country of the certificate (C)
- csr
Origin String - Whether key-pair generation will be
localorservicegenerated. Default islocal. - csr
Pem String - custom
Fields Map<String,String> - Collection of Custom Field name-value pairs to assign to the certificate.
- ecdsa
Curve String - ECDSA curve to use when generating a key
- expiration
Window Integer - Number of hours before certificate expiry to request a new certificate.
Defaults to
168. - issuer
Hint String - Used with
valid_daysto indicate the target issuer when using Trust Protection Platform. Relevant values are:DigiCert,Entrust, andMicrosoft. - key
Password String - The password used to encrypt the private key.
- locality String
- Locality/City of the certificate (L)
- nickname String
- Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
- organization String
- Organization of the certificate (O)
- organizational
Units List<String> - List of Organizational Units of the certificate (OU)
- pkcs12 String
- A base64-encoded PKCS#12 keystore secured by the
key_password. Useful when working with resources like azure key_vault_certificate. - private
Key StringPem - The private key in PEM format.
- renew
Required Boolean - Indicates the certificate should be reissued. This means the resource will destroyed and recreated
- rsa
Bits Integer - Number of bits to use when generating an RSA key. Applies when algorithm is
RSA. Defaults to2048. - san
Dns List<String> - List of DNS names to use as alternative subjects of the certificate.
- san
Emails List<String> - List of email addresses to use as alternative subjects of the certificate.
- san
Ips List<String> - List of IP addresses to use as alternative subjects of the certificate.
- san
Uris List<String> - List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
- state String
- State of the certificate (S)
- List<String>
- List of Certificate Tags defined in Venafi Control Plane.
- valid
Days Integer - Desired number of days for which the new certificate will be valid.
- algorithm string
- Key encryption algorithm, either RSA or ECDSA. Defaults to
RSA. - certificate string
- The X509 certificate in PEM format.
- certificate
Dn string - certificate
Id string - ID of the issued certificate
- chain string
- The trust chain of X509 certificate authority certificates in PEM format concatenated together.
- common
Name string - The common name of the certificate.
- country string
- Country of the certificate (C)
- csr
Origin string - Whether key-pair generation will be
localorservicegenerated. Default islocal. - csr
Pem string - custom
Fields {[key: string]: string} - Collection of Custom Field name-value pairs to assign to the certificate.
- ecdsa
Curve string - ECDSA curve to use when generating a key
- expiration
Window number - Number of hours before certificate expiry to request a new certificate.
Defaults to
168. - issuer
Hint string - Used with
valid_daysto indicate the target issuer when using Trust Protection Platform. Relevant values are:DigiCert,Entrust, andMicrosoft. - key
Password string - The password used to encrypt the private key.
- locality string
- Locality/City of the certificate (L)
- nickname string
- Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
- organization string
- Organization of the certificate (O)
- organizational
Units string[] - List of Organizational Units of the certificate (OU)
- pkcs12 string
- A base64-encoded PKCS#12 keystore secured by the
key_password. Useful when working with resources like azure key_vault_certificate. - private
Key stringPem - The private key in PEM format.
- renew
Required boolean - Indicates the certificate should be reissued. This means the resource will destroyed and recreated
- rsa
Bits number - Number of bits to use when generating an RSA key. Applies when algorithm is
RSA. Defaults to2048. - san
Dns string[] - List of DNS names to use as alternative subjects of the certificate.
- san
Emails string[] - List of email addresses to use as alternative subjects of the certificate.
- san
Ips string[] - List of IP addresses to use as alternative subjects of the certificate.
- san
Uris string[] - List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
- state string
- State of the certificate (S)
- string[]
- List of Certificate Tags defined in Venafi Control Plane.
- valid
Days number - Desired number of days for which the new certificate will be valid.
- algorithm str
- Key encryption algorithm, either RSA or ECDSA. Defaults to
RSA. - certificate str
- The X509 certificate in PEM format.
- certificate_
dn str - certificate_
id str - ID of the issued certificate
- chain str
- The trust chain of X509 certificate authority certificates in PEM format concatenated together.
- common_
name str - The common name of the certificate.
- country str
- Country of the certificate (C)
- csr_
origin str - Whether key-pair generation will be
localorservicegenerated. Default islocal. - csr_
pem str - custom_
fields Mapping[str, str] - Collection of Custom Field name-value pairs to assign to the certificate.
- ecdsa_
curve str - ECDSA curve to use when generating a key
- expiration_
window int - Number of hours before certificate expiry to request a new certificate.
Defaults to
168. - issuer_
hint str - Used with
valid_daysto indicate the target issuer when using Trust Protection Platform. Relevant values are:DigiCert,Entrust, andMicrosoft. - key_
password str - The password used to encrypt the private key.
- locality str
- Locality/City of the certificate (L)
- nickname str
- Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
- organization str
- Organization of the certificate (O)
- organizational_
units Sequence[str] - List of Organizational Units of the certificate (OU)
- pkcs12 str
- A base64-encoded PKCS#12 keystore secured by the
key_password. Useful when working with resources like azure key_vault_certificate. - private_
key_ strpem - The private key in PEM format.
- renew_
required bool - Indicates the certificate should be reissued. This means the resource will destroyed and recreated
- rsa_
bits int - Number of bits to use when generating an RSA key. Applies when algorithm is
RSA. Defaults to2048. - san_
dns Sequence[str] - List of DNS names to use as alternative subjects of the certificate.
- san_
emails Sequence[str] - List of email addresses to use as alternative subjects of the certificate.
- san_
ips Sequence[str] - List of IP addresses to use as alternative subjects of the certificate.
- san_
uris Sequence[str] - List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
- state str
- State of the certificate (S)
- Sequence[str]
- List of Certificate Tags defined in Venafi Control Plane.
- valid_
days int - Desired number of days for which the new certificate will be valid.
- algorithm String
- Key encryption algorithm, either RSA or ECDSA. Defaults to
RSA. - certificate String
- The X509 certificate in PEM format.
- certificate
Dn String - certificate
Id String - ID of the issued certificate
- chain String
- The trust chain of X509 certificate authority certificates in PEM format concatenated together.
- common
Name String - The common name of the certificate.
- country String
- Country of the certificate (C)
- csr
Origin String - Whether key-pair generation will be
localorservicegenerated. Default islocal. - csr
Pem String - custom
Fields Map<String> - Collection of Custom Field name-value pairs to assign to the certificate.
- ecdsa
Curve String - ECDSA curve to use when generating a key
- expiration
Window Number - Number of hours before certificate expiry to request a new certificate.
Defaults to
168. - issuer
Hint String - Used with
valid_daysto indicate the target issuer when using Trust Protection Platform. Relevant values are:DigiCert,Entrust, andMicrosoft. - key
Password String - The password used to encrypt the private key.
- locality String
- Locality/City of the certificate (L)
- nickname String
- Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
- organization String
- Organization of the certificate (O)
- organizational
Units List<String> - List of Organizational Units of the certificate (OU)
- pkcs12 String
- A base64-encoded PKCS#12 keystore secured by the
key_password. Useful when working with resources like azure key_vault_certificate. - private
Key StringPem - The private key in PEM format.
- renew
Required Boolean - Indicates the certificate should be reissued. This means the resource will destroyed and recreated
- rsa
Bits Number - Number of bits to use when generating an RSA key. Applies when algorithm is
RSA. Defaults to2048. - san
Dns List<String> - List of DNS names to use as alternative subjects of the certificate.
- san
Emails List<String> - List of email addresses to use as alternative subjects of the certificate.
- san
Ips List<String> - List of IP addresses to use as alternative subjects of the certificate.
- san
Uris List<String> - List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
- state String
- State of the certificate (S)
- List<String>
- List of Certificate Tags defined in Venafi Control Plane.
- valid
Days Number - Desired number of days for which the new certificate will be valid.
Package Details
- Repository
- Venafi pulumi/pulumi-venafi
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
venafiTerraform Provider.
Viewing docs for Venafi v1.12.3
published on Thursday, Feb 26, 2026 by Pulumi
published on Thursday, Feb 26, 2026 by Pulumi
