Welcome to Pulumi Registry, your window into the cloud. Read the announcement.

Certificate

Provides access to TLS key and certificate data enrolled using Venafi. This can be used to define a certificate.

The venafi.Certificate resource handles certificate renewals as long as a pulumi up is run within the expiration_window period. Keep in mind that the expiration_window in the provider configuration needs to align with the renewal window of the issuing CA to achieve the desired result.

Example Usage

using Pulumi;
using Venafi = Pulumi.Venafi;

class MyStack : Stack
{
    public MyStack()
    {
        var webserver = new Venafi.Certificate("webserver", new Venafi.CertificateArgs
        {
            Algorithm = "RSA",
            CommonName = "web.venafi.example",
            CustomFields = 
            {
                { "Cost Center", "AB1234" },
                { "Environment", "UAT|Staging" },
            },
            KeyPassword = @var.Pk_pass,
            RsaBits = 2048,
            SanDns = 
            {
                "web01.venafi.example",
                "web02.venafi.example",
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-venafi/sdk/go/venafi"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := venafi.NewCertificate(ctx, "webserver", &venafi.CertificateArgs{
			Algorithm:  pulumi.String("RSA"),
			CommonName: pulumi.String("web.venafi.example"),
			CustomFields: pulumi.StringMap{
				"Cost Center": pulumi.String("AB1234"),
				"Environment": pulumi.String("UAT|Staging"),
			},
			KeyPassword: pulumi.Any(_var.Pk_pass),
			RsaBits:     pulumi.Int(2048),
			SanDns: pulumi.StringArray{
				pulumi.String("web01.venafi.example"),
				pulumi.String("web02.venafi.example"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_venafi as venafi

webserver = venafi.Certificate("webserver",
    algorithm="RSA",
    common_name="web.venafi.example",
    custom_fields={
        "Cost Center": "AB1234",
        "Environment": "UAT|Staging",
    },
    key_password=var["pk_pass"],
    rsa_bits=2048,
    san_dns=[
        "web01.venafi.example",
        "web02.venafi.example",
    ])
import * as pulumi from "@pulumi/pulumi";
import * as venafi from "@pulumi/venafi";

const webserver = new venafi.Certificate("webserver", {
    algorithm: "RSA",
    commonName: "web.venafi.example",
    customFields: {
        "Cost Center": "AB1234",
        Environment: "UAT|Staging",
    },
    keyPassword: var_pk_pass,
    rsaBits: 2048,
    sanDns: [
        "web01.venafi.example",
        "web02.venafi.example",
    ],
});

Create a Certificate Resource

new Certificate(name: string, args: CertificateArgs, opts?: CustomResourceOptions);
@overload
def Certificate(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                algorithm: Optional[str] = None,
                certificate_dn: Optional[str] = None,
                common_name: Optional[str] = None,
                csr_pem: Optional[str] = None,
                custom_fields: Optional[Mapping[str, str]] = None,
                ecdsa_curve: Optional[str] = None,
                expiration_window: Optional[int] = None,
                issuer_hint: Optional[str] = None,
                key_password: Optional[str] = None,
                pkcs12: Optional[str] = None,
                private_key_pem: Optional[str] = None,
                rsa_bits: Optional[int] = None,
                san_dns: Optional[Sequence[str]] = None,
                san_emails: Optional[Sequence[str]] = None,
                san_ips: Optional[Sequence[str]] = None,
                valid_days: Optional[int] = None)
@overload
def Certificate(resource_name: str,
                args: CertificateArgs,
                opts: Optional[ResourceOptions] = None)
func NewCertificate(ctx *Context, name string, args CertificateArgs, opts ...ResourceOption) (*Certificate, error)
public Certificate(string name, CertificateArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args CertificateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args CertificateArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args CertificateArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args CertificateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

Certificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Certificate resource accepts the following input properties:

CommonName string
The common name of the certificate.
Algorithm string
Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
CertificateDn string
CsrPem string
CustomFields Dictionary<string, string>
Collection of Custom Field name-value pairs to assign to the certificate.
EcdsaCurve string
ECDSA curve to use when generating a key
ExpirationWindow int
Number of hours before certificate expiry to request a new certificate.
IssuerHint string
Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: “DigiCert”, “Entrust”, and “Microsoft”.
KeyPassword string
The password used to encrypt the private key.
Pkcs12 string
A base64-encoded PKCS#12 keystore secured by the key_password.
PrivateKeyPem string
The private key in PEM format.
RsaBits int
Number of bits to use when generating an RSA key. Applies when algorithm=RSA. Defaults to 2048.
SanDns List<string>
List of DNS names to use as alternative subjects of the certificate.
SanEmails List<string>
List of email addresses to use as alternative subjects of the certificate.
SanIps List<string>
List of IP addresses to use as alternative subjects of the certificate.
ValidDays int
Desired number of days for which the new certificate will be valid.
CommonName string
The common name of the certificate.
Algorithm string
Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
CertificateDn string
CsrPem string
CustomFields map[string]string
Collection of Custom Field name-value pairs to assign to the certificate.
EcdsaCurve string
ECDSA curve to use when generating a key
ExpirationWindow int
Number of hours before certificate expiry to request a new certificate.
IssuerHint string
Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: “DigiCert”, “Entrust”, and “Microsoft”.
KeyPassword string
The password used to encrypt the private key.
Pkcs12 string
A base64-encoded PKCS#12 keystore secured by the key_password.
PrivateKeyPem string
The private key in PEM format.
RsaBits int
Number of bits to use when generating an RSA key. Applies when algorithm=RSA. Defaults to 2048.
SanDns []string
List of DNS names to use as alternative subjects of the certificate.
SanEmails []string
List of email addresses to use as alternative subjects of the certificate.
SanIps []string
List of IP addresses to use as alternative subjects of the certificate.
ValidDays int
Desired number of days for which the new certificate will be valid.
commonName string
The common name of the certificate.
algorithm string
Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
certificateDn string
csrPem string
customFields {[key: string]: string}
Collection of Custom Field name-value pairs to assign to the certificate.
ecdsaCurve string
ECDSA curve to use when generating a key
expirationWindow number
Number of hours before certificate expiry to request a new certificate.
issuerHint string
Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: “DigiCert”, “Entrust”, and “Microsoft”.
keyPassword string
The password used to encrypt the private key.
pkcs12 string
A base64-encoded PKCS#12 keystore secured by the key_password.
privateKeyPem string
The private key in PEM format.
rsaBits number
Number of bits to use when generating an RSA key. Applies when algorithm=RSA. Defaults to 2048.
sanDns string[]
List of DNS names to use as alternative subjects of the certificate.
sanEmails string[]
List of email addresses to use as alternative subjects of the certificate.
sanIps string[]
List of IP addresses to use as alternative subjects of the certificate.
validDays number
Desired number of days for which the new certificate will be valid.
common_name str
The common name of the certificate.
algorithm str
Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
certificate_dn str
csr_pem str
custom_fields Mapping[str, str]
Collection of Custom Field name-value pairs to assign to the certificate.
ecdsa_curve str
ECDSA curve to use when generating a key
expiration_window int
Number of hours before certificate expiry to request a new certificate.
issuer_hint str
Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: “DigiCert”, “Entrust”, and “Microsoft”.
key_password str
The password used to encrypt the private key.
pkcs12 str
A base64-encoded PKCS#12 keystore secured by the key_password.
private_key_pem str
The private key in PEM format.
rsa_bits int
Number of bits to use when generating an RSA key. Applies when algorithm=RSA. Defaults to 2048.
san_dns Sequence[str]
List of DNS names to use as alternative subjects of the certificate.
san_emails Sequence[str]
List of email addresses to use as alternative subjects of the certificate.
san_ips Sequence[str]
List of IP addresses to use as alternative subjects of the certificate.
valid_days int
Desired number of days for which the new certificate will be valid.

Outputs

All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:

CertificateDetails string
The X509 certificate in PEM format.
Chain string
The trust chain of X509 certificate authority certificates in PEM format concatenated together.
Id string
The provider-assigned unique ID for this managed resource.
Certificate string
The X509 certificate in PEM format.
Chain string
The trust chain of X509 certificate authority certificates in PEM format concatenated together.
Id string
The provider-assigned unique ID for this managed resource.
certificate string
The X509 certificate in PEM format.
chain string
The trust chain of X509 certificate authority certificates in PEM format concatenated together.
id string
The provider-assigned unique ID for this managed resource.
certificate str
The X509 certificate in PEM format.
chain str
The trust chain of X509 certificate authority certificates in PEM format concatenated together.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing Certificate Resource

Get an existing Certificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CertificateState, opts?: CustomResourceOptions): Certificate
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        algorithm: Optional[str] = None,
        certificate: Optional[str] = None,
        certificate_dn: Optional[str] = None,
        chain: Optional[str] = None,
        common_name: Optional[str] = None,
        csr_pem: Optional[str] = None,
        custom_fields: Optional[Mapping[str, str]] = None,
        ecdsa_curve: Optional[str] = None,
        expiration_window: Optional[int] = None,
        issuer_hint: Optional[str] = None,
        key_password: Optional[str] = None,
        pkcs12: Optional[str] = None,
        private_key_pem: Optional[str] = None,
        rsa_bits: Optional[int] = None,
        san_dns: Optional[Sequence[str]] = None,
        san_emails: Optional[Sequence[str]] = None,
        san_ips: Optional[Sequence[str]] = None,
        valid_days: Optional[int] = None) -> Certificate
func GetCertificate(ctx *Context, name string, id IDInput, state *CertificateState, opts ...ResourceOption) (*Certificate, error)
public static Certificate Get(string name, Input<string> id, CertificateState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Algorithm string
Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
CertificateDetails string
The X509 certificate in PEM format.
CertificateDn string
Chain string
The trust chain of X509 certificate authority certificates in PEM format concatenated together.
CommonName string
The common name of the certificate.
CsrPem string
CustomFields Dictionary<string, string>
Collection of Custom Field name-value pairs to assign to the certificate.
EcdsaCurve string
ECDSA curve to use when generating a key
ExpirationWindow int
Number of hours before certificate expiry to request a new certificate.
IssuerHint string
Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: “DigiCert”, “Entrust”, and “Microsoft”.
KeyPassword string
The password used to encrypt the private key.
Pkcs12 string
A base64-encoded PKCS#12 keystore secured by the key_password.
PrivateKeyPem string
The private key in PEM format.
RsaBits int
Number of bits to use when generating an RSA key. Applies when algorithm=RSA. Defaults to 2048.
SanDns List<string>
List of DNS names to use as alternative subjects of the certificate.
SanEmails List<string>
List of email addresses to use as alternative subjects of the certificate.
SanIps List<string>
List of IP addresses to use as alternative subjects of the certificate.
ValidDays int
Desired number of days for which the new certificate will be valid.
Algorithm string
Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
Certificate string
The X509 certificate in PEM format.
CertificateDn string
Chain string
The trust chain of X509 certificate authority certificates in PEM format concatenated together.
CommonName string
The common name of the certificate.
CsrPem string
CustomFields map[string]string
Collection of Custom Field name-value pairs to assign to the certificate.
EcdsaCurve string
ECDSA curve to use when generating a key
ExpirationWindow int
Number of hours before certificate expiry to request a new certificate.
IssuerHint string
Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: “DigiCert”, “Entrust”, and “Microsoft”.
KeyPassword string
The password used to encrypt the private key.
Pkcs12 string
A base64-encoded PKCS#12 keystore secured by the key_password.
PrivateKeyPem string
The private key in PEM format.
RsaBits int
Number of bits to use when generating an RSA key. Applies when algorithm=RSA. Defaults to 2048.
SanDns []string
List of DNS names to use as alternative subjects of the certificate.
SanEmails []string
List of email addresses to use as alternative subjects of the certificate.
SanIps []string
List of IP addresses to use as alternative subjects of the certificate.
ValidDays int
Desired number of days for which the new certificate will be valid.
algorithm string
Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
certificate string
The X509 certificate in PEM format.
certificateDn string
chain string
The trust chain of X509 certificate authority certificates in PEM format concatenated together.
commonName string
The common name of the certificate.
csrPem string
customFields {[key: string]: string}
Collection of Custom Field name-value pairs to assign to the certificate.
ecdsaCurve string
ECDSA curve to use when generating a key
expirationWindow number
Number of hours before certificate expiry to request a new certificate.
issuerHint string
Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: “DigiCert”, “Entrust”, and “Microsoft”.
keyPassword string
The password used to encrypt the private key.
pkcs12 string
A base64-encoded PKCS#12 keystore secured by the key_password.
privateKeyPem string
The private key in PEM format.
rsaBits number
Number of bits to use when generating an RSA key. Applies when algorithm=RSA. Defaults to 2048.
sanDns string[]
List of DNS names to use as alternative subjects of the certificate.
sanEmails string[]
List of email addresses to use as alternative subjects of the certificate.
sanIps string[]
List of IP addresses to use as alternative subjects of the certificate.
validDays number
Desired number of days for which the new certificate will be valid.
algorithm str
Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
certificate str
The X509 certificate in PEM format.
certificate_dn str
chain str
The trust chain of X509 certificate authority certificates in PEM format concatenated together.
common_name str
The common name of the certificate.
csr_pem str
custom_fields Mapping[str, str]
Collection of Custom Field name-value pairs to assign to the certificate.
ecdsa_curve str
ECDSA curve to use when generating a key
expiration_window int
Number of hours before certificate expiry to request a new certificate.
issuer_hint str
Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: “DigiCert”, “Entrust”, and “Microsoft”.
key_password str
The password used to encrypt the private key.
pkcs12 str
A base64-encoded PKCS#12 keystore secured by the key_password.
private_key_pem str
The private key in PEM format.
rsa_bits int
Number of bits to use when generating an RSA key. Applies when algorithm=RSA. Defaults to 2048.
san_dns Sequence[str]
List of DNS names to use as alternative subjects of the certificate.
san_emails Sequence[str]
List of email addresses to use as alternative subjects of the certificate.
san_ips Sequence[str]
List of IP addresses to use as alternative subjects of the certificate.
valid_days int
Desired number of days for which the new certificate will be valid.

Package Details

Repository
https://github.com/pulumi/pulumi-venafi
License
Apache-2.0
Notes
This Pulumi package is based on the venafi Terraform Provider.