Welcome to Pulumi Registry, your window into the cloud. Read the announcement.

SshCertificate

Provides access to request and retrieve SSH certificates from Venafi Trust Protection Platform.

Example Usage

using Pulumi;
using Venafi = Pulumi.Venafi;

class MyStack : Stack
{
    public MyStack()
    {
        var sshCert = new Venafi.SshCertificate("sshCert", new Venafi.SshCertificateArgs
        {
            KeyId = "my-first-ssh-certificate",
            KeyPassphrase = "passw0rd",
            KeySize = 3072,
            Principals = 
            {
                "seamus",
            },
            PublicKeyMethod = "local",
            Template = "Sample SSH CA",
            ValidHours = 24,
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-venafi/sdk/go/venafi"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := venafi.NewSshCertificate(ctx, "sshCert", &venafi.SshCertificateArgs{
			KeyId:         pulumi.String("my-first-ssh-certificate"),
			KeyPassphrase: pulumi.String("passw0rd"),
			KeySize:       pulumi.Int(3072),
			Principals: pulumi.StringArray{
				pulumi.String("seamus"),
			},
			PublicKeyMethod: pulumi.String("local"),
			Template:        pulumi.String("Sample SSH CA"),
			ValidHours:      pulumi.Int(24),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_venafi as venafi

ssh_cert = venafi.SshCertificate("sshCert",
    key_id="my-first-ssh-certificate",
    key_passphrase="passw0rd",
    key_size=3072,
    principals=["seamus"],
    public_key_method="local",
    template="Sample SSH CA",
    valid_hours=24)
import * as pulumi from "@pulumi/pulumi";
import * as venafi from "@pulumi/venafi";

const sshCert = new venafi.SshCertificate("ssh_cert", {
    keyId: "my-first-ssh-certificate",
    keyPassphrase: "passw0rd",
    keySize: 3072,
    principals: ["seamus"],
    publicKeyMethod: "local",
    template: "Sample SSH CA",
    validHours: 24,
});

Create a SshCertificate Resource

new SshCertificate(name: string, args: SshCertificateArgs, opts?: CustomResourceOptions);
@overload
def SshCertificate(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   destination_addresses: Optional[Sequence[str]] = None,
                   extensions: Optional[Sequence[str]] = None,
                   folder: Optional[str] = None,
                   force_command: Optional[str] = None,
                   key_id: Optional[str] = None,
                   key_passphrase: Optional[str] = None,
                   key_size: Optional[int] = None,
                   object_name: Optional[str] = None,
                   principals: Optional[Sequence[str]] = None,
                   public_key: Optional[str] = None,
                   public_key_method: Optional[str] = None,
                   source_addresses: Optional[Sequence[str]] = None,
                   template: Optional[str] = None,
                   valid_hours: Optional[int] = None,
                   windows: Optional[bool] = None)
@overload
def SshCertificate(resource_name: str,
                   args: SshCertificateArgs,
                   opts: Optional[ResourceOptions] = None)
func NewSshCertificate(ctx *Context, name string, args SshCertificateArgs, opts ...ResourceOption) (*SshCertificate, error)
public SshCertificate(string name, SshCertificateArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args SshCertificateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args SshCertificateArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args SshCertificateArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args SshCertificateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

SshCertificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The SshCertificate resource accepts the following input properties:

KeyId string
The identifier of the requested SSH certificate.
Template string
The SSH certificate issuing template.
DestinationAddresses List<string>
A list of one or more valid IP or CIDR destination hosts where the certificate will authenticate.
Extensions List<string>
A list of key-value pairs that contain certificate extensions from the CA template for client certificates. Allowed values (case-sensitive): permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty, permit-user-rc
Folder string
The DN of the policy folder where the SSH certificate object will be created.
ForceCommand string
A command to run after successful login.
KeyPassphrase string
Passphrase for encrypting the private key.
KeySize int
Number of bits to use when creating a key pair. (e.g. 3072)
ObjectName string
The friendly name of the SSH certificate object. When not specified the key_id is used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new certificate.
Principals List<string>
A list of user names for whom the requested certificate will be valid.
PublicKey string
The OpenSSH formatted public key that will be used to generate the SSH certificate.
PublicKeyMethod string
Specifies whether the public key will be “local” (default), “file” or “service” generated.
SourceAddresses List<string>
A list of one or more valid IP or CIDR addresses that can use the SSH certificate.
ValidHours int
Desired number of hours for which the certificate will be valid.
Windows bool
Specifies whether the private key will use Windows/DOS style line breaks.
KeyId string
The identifier of the requested SSH certificate.
Template string
The SSH certificate issuing template.
DestinationAddresses []string
A list of one or more valid IP or CIDR destination hosts where the certificate will authenticate.
Extensions []string
A list of key-value pairs that contain certificate extensions from the CA template for client certificates. Allowed values (case-sensitive): permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty, permit-user-rc
Folder string
The DN of the policy folder where the SSH certificate object will be created.
ForceCommand string
A command to run after successful login.
KeyPassphrase string
Passphrase for encrypting the private key.
KeySize int
Number of bits to use when creating a key pair. (e.g. 3072)
ObjectName string
The friendly name of the SSH certificate object. When not specified the key_id is used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new certificate.
Principals []string
A list of user names for whom the requested certificate will be valid.
PublicKey string
The OpenSSH formatted public key that will be used to generate the SSH certificate.
PublicKeyMethod string
Specifies whether the public key will be “local” (default), “file” or “service” generated.
SourceAddresses []string
A list of one or more valid IP or CIDR addresses that can use the SSH certificate.
ValidHours int
Desired number of hours for which the certificate will be valid.
Windows bool
Specifies whether the private key will use Windows/DOS style line breaks.
keyId string
The identifier of the requested SSH certificate.
template string
The SSH certificate issuing template.
destinationAddresses string[]
A list of one or more valid IP or CIDR destination hosts where the certificate will authenticate.
extensions string[]
A list of key-value pairs that contain certificate extensions from the CA template for client certificates. Allowed values (case-sensitive): permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty, permit-user-rc
folder string
The DN of the policy folder where the SSH certificate object will be created.
forceCommand string
A command to run after successful login.
keyPassphrase string
Passphrase for encrypting the private key.
keySize number
Number of bits to use when creating a key pair. (e.g. 3072)
objectName string
The friendly name of the SSH certificate object. When not specified the key_id is used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new certificate.
principals string[]
A list of user names for whom the requested certificate will be valid.
publicKey string
The OpenSSH formatted public key that will be used to generate the SSH certificate.
publicKeyMethod string
Specifies whether the public key will be “local” (default), “file” or “service” generated.
sourceAddresses string[]
A list of one or more valid IP or CIDR addresses that can use the SSH certificate.
validHours number
Desired number of hours for which the certificate will be valid.
windows boolean
Specifies whether the private key will use Windows/DOS style line breaks.
key_id str
The identifier of the requested SSH certificate.
template str
The SSH certificate issuing template.
destination_addresses Sequence[str]
A list of one or more valid IP or CIDR destination hosts where the certificate will authenticate.
extensions Sequence[str]
A list of key-value pairs that contain certificate extensions from the CA template for client certificates. Allowed values (case-sensitive): permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty, permit-user-rc
folder str
The DN of the policy folder where the SSH certificate object will be created.
force_command str
A command to run after successful login.
key_passphrase str
Passphrase for encrypting the private key.
key_size int
Number of bits to use when creating a key pair. (e.g. 3072)
object_name str
The friendly name of the SSH certificate object. When not specified the key_id is used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new certificate.
principals Sequence[str]
A list of user names for whom the requested certificate will be valid.
public_key str
The OpenSSH formatted public key that will be used to generate the SSH certificate.
public_key_method str
Specifies whether the public key will be “local” (default), “file” or “service” generated.
source_addresses Sequence[str]
A list of one or more valid IP or CIDR addresses that can use the SSH certificate.
valid_hours int
Desired number of hours for which the certificate will be valid.
windows bool
Specifies whether the private key will use Windows/DOS style line breaks.

Outputs

All input properties are implicitly available as output properties. Additionally, the SshCertificate resource produces the following output properties:

Certificate string
The issued SSH certificate.
CertificateType string
Indicates whether the SSH certificate is for client or server authentication.
Id string
The provider-assigned unique ID for this managed resource.
PrivateKey string
The private key for the SSH certificate if generated by Venafi.
PublicKeyFingerprint string
The SHA256 fingerprint of the SSH certificate’s public key.
Serial string
The serial number of the SSH certificate.
SigningCa string
The SHA256 fingerprint of the CA that signed the SSH certificate.
ValidFrom string
The date the SSH certificate was issued.
ValidTo string
The date the SSH certificate will expire.
Certificate string
The issued SSH certificate.
CertificateType string
Indicates whether the SSH certificate is for client or server authentication.
Id string
The provider-assigned unique ID for this managed resource.
PrivateKey string
The private key for the SSH certificate if generated by Venafi.
PublicKeyFingerprint string
The SHA256 fingerprint of the SSH certificate’s public key.
Serial string
The serial number of the SSH certificate.
SigningCa string
The SHA256 fingerprint of the CA that signed the SSH certificate.
ValidFrom string
The date the SSH certificate was issued.
ValidTo string
The date the SSH certificate will expire.
certificate string
The issued SSH certificate.
certificateType string
Indicates whether the SSH certificate is for client or server authentication.
id string
The provider-assigned unique ID for this managed resource.
privateKey string
The private key for the SSH certificate if generated by Venafi.
publicKeyFingerprint string
The SHA256 fingerprint of the SSH certificate’s public key.
serial string
The serial number of the SSH certificate.
signingCa string
The SHA256 fingerprint of the CA that signed the SSH certificate.
validFrom string
The date the SSH certificate was issued.
validTo string
The date the SSH certificate will expire.
certificate str
The issued SSH certificate.
certificate_type str
Indicates whether the SSH certificate is for client or server authentication.
id str
The provider-assigned unique ID for this managed resource.
private_key str
The private key for the SSH certificate if generated by Venafi.
public_key_fingerprint str
The SHA256 fingerprint of the SSH certificate’s public key.
serial str
The serial number of the SSH certificate.
signing_ca str
The SHA256 fingerprint of the CA that signed the SSH certificate.
valid_from str
The date the SSH certificate was issued.
valid_to str
The date the SSH certificate will expire.

Look up an Existing SshCertificate Resource

Get an existing SshCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SshCertificateState, opts?: CustomResourceOptions): SshCertificate
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        certificate: Optional[str] = None,
        certificate_type: Optional[str] = None,
        destination_addresses: Optional[Sequence[str]] = None,
        extensions: Optional[Sequence[str]] = None,
        folder: Optional[str] = None,
        force_command: Optional[str] = None,
        key_id: Optional[str] = None,
        key_passphrase: Optional[str] = None,
        key_size: Optional[int] = None,
        object_name: Optional[str] = None,
        principals: Optional[Sequence[str]] = None,
        private_key: Optional[str] = None,
        public_key: Optional[str] = None,
        public_key_fingerprint: Optional[str] = None,
        public_key_method: Optional[str] = None,
        serial: Optional[str] = None,
        signing_ca: Optional[str] = None,
        source_addresses: Optional[Sequence[str]] = None,
        template: Optional[str] = None,
        valid_from: Optional[str] = None,
        valid_hours: Optional[int] = None,
        valid_to: Optional[str] = None,
        windows: Optional[bool] = None) -> SshCertificate
func GetSshCertificate(ctx *Context, name string, id IDInput, state *SshCertificateState, opts ...ResourceOption) (*SshCertificate, error)
public static SshCertificate Get(string name, Input<string> id, SshCertificateState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Certificate string
The issued SSH certificate.
CertificateType string
Indicates whether the SSH certificate is for client or server authentication.
DestinationAddresses List<string>
A list of one or more valid IP or CIDR destination hosts where the certificate will authenticate.
Extensions List<string>
A list of key-value pairs that contain certificate extensions from the CA template for client certificates. Allowed values (case-sensitive): permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty, permit-user-rc
Folder string
The DN of the policy folder where the SSH certificate object will be created.
ForceCommand string
A command to run after successful login.
KeyId string
The identifier of the requested SSH certificate.
KeyPassphrase string
Passphrase for encrypting the private key.
KeySize int
Number of bits to use when creating a key pair. (e.g. 3072)
ObjectName string
The friendly name of the SSH certificate object. When not specified the key_id is used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new certificate.
Principals List<string>
A list of user names for whom the requested certificate will be valid.
PrivateKey string
The private key for the SSH certificate if generated by Venafi.
PublicKey string
The OpenSSH formatted public key that will be used to generate the SSH certificate.
PublicKeyFingerprint string
The SHA256 fingerprint of the SSH certificate’s public key.
PublicKeyMethod string
Specifies whether the public key will be “local” (default), “file” or “service” generated.
Serial string
The serial number of the SSH certificate.
SigningCa string
The SHA256 fingerprint of the CA that signed the SSH certificate.
SourceAddresses List<string>
A list of one or more valid IP or CIDR addresses that can use the SSH certificate.
Template string
The SSH certificate issuing template.
ValidFrom string
The date the SSH certificate was issued.
ValidHours int
Desired number of hours for which the certificate will be valid.
ValidTo string
The date the SSH certificate will expire.
Windows bool
Specifies whether the private key will use Windows/DOS style line breaks.
Certificate string
The issued SSH certificate.
CertificateType string
Indicates whether the SSH certificate is for client or server authentication.
DestinationAddresses []string
A list of one or more valid IP or CIDR destination hosts where the certificate will authenticate.
Extensions []string
A list of key-value pairs that contain certificate extensions from the CA template for client certificates. Allowed values (case-sensitive): permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty, permit-user-rc
Folder string
The DN of the policy folder where the SSH certificate object will be created.
ForceCommand string
A command to run after successful login.
KeyId string
The identifier of the requested SSH certificate.
KeyPassphrase string
Passphrase for encrypting the private key.
KeySize int
Number of bits to use when creating a key pair. (e.g. 3072)
ObjectName string
The friendly name of the SSH certificate object. When not specified the key_id is used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new certificate.
Principals []string
A list of user names for whom the requested certificate will be valid.
PrivateKey string
The private key for the SSH certificate if generated by Venafi.
PublicKey string
The OpenSSH formatted public key that will be used to generate the SSH certificate.
PublicKeyFingerprint string
The SHA256 fingerprint of the SSH certificate’s public key.
PublicKeyMethod string
Specifies whether the public key will be “local” (default), “file” or “service” generated.
Serial string
The serial number of the SSH certificate.
SigningCa string
The SHA256 fingerprint of the CA that signed the SSH certificate.
SourceAddresses []string
A list of one or more valid IP or CIDR addresses that can use the SSH certificate.
Template string
The SSH certificate issuing template.
ValidFrom string
The date the SSH certificate was issued.
ValidHours int
Desired number of hours for which the certificate will be valid.
ValidTo string
The date the SSH certificate will expire.
Windows bool
Specifies whether the private key will use Windows/DOS style line breaks.
certificate string
The issued SSH certificate.
certificateType string
Indicates whether the SSH certificate is for client or server authentication.
destinationAddresses string[]
A list of one or more valid IP or CIDR destination hosts where the certificate will authenticate.
extensions string[]
A list of key-value pairs that contain certificate extensions from the CA template for client certificates. Allowed values (case-sensitive): permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty, permit-user-rc
folder string
The DN of the policy folder where the SSH certificate object will be created.
forceCommand string
A command to run after successful login.
keyId string
The identifier of the requested SSH certificate.
keyPassphrase string
Passphrase for encrypting the private key.
keySize number
Number of bits to use when creating a key pair. (e.g. 3072)
objectName string
The friendly name of the SSH certificate object. When not specified the key_id is used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new certificate.
principals string[]
A list of user names for whom the requested certificate will be valid.
privateKey string
The private key for the SSH certificate if generated by Venafi.
publicKey string
The OpenSSH formatted public key that will be used to generate the SSH certificate.
publicKeyFingerprint string
The SHA256 fingerprint of the SSH certificate’s public key.
publicKeyMethod string
Specifies whether the public key will be “local” (default), “file” or “service” generated.
serial string
The serial number of the SSH certificate.
signingCa string
The SHA256 fingerprint of the CA that signed the SSH certificate.
sourceAddresses string[]
A list of one or more valid IP or CIDR addresses that can use the SSH certificate.
template string
The SSH certificate issuing template.
validFrom string
The date the SSH certificate was issued.
validHours number
Desired number of hours for which the certificate will be valid.
validTo string
The date the SSH certificate will expire.
windows boolean
Specifies whether the private key will use Windows/DOS style line breaks.
certificate str
The issued SSH certificate.
certificate_type str
Indicates whether the SSH certificate is for client or server authentication.
destination_addresses Sequence[str]
A list of one or more valid IP or CIDR destination hosts where the certificate will authenticate.
extensions Sequence[str]
A list of key-value pairs that contain certificate extensions from the CA template for client certificates. Allowed values (case-sensitive): permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty, permit-user-rc
folder str
The DN of the policy folder where the SSH certificate object will be created.
force_command str
A command to run after successful login.
key_id str
The identifier of the requested SSH certificate.
key_passphrase str
Passphrase for encrypting the private key.
key_size int
Number of bits to use when creating a key pair. (e.g. 3072)
object_name str
The friendly name of the SSH certificate object. When not specified the key_id is used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new certificate.
principals Sequence[str]
A list of user names for whom the requested certificate will be valid.
private_key str
The private key for the SSH certificate if generated by Venafi.
public_key str
The OpenSSH formatted public key that will be used to generate the SSH certificate.
public_key_fingerprint str
The SHA256 fingerprint of the SSH certificate’s public key.
public_key_method str
Specifies whether the public key will be “local” (default), “file” or “service” generated.
serial str
The serial number of the SSH certificate.
signing_ca str
The SHA256 fingerprint of the CA that signed the SSH certificate.
source_addresses Sequence[str]
A list of one or more valid IP or CIDR addresses that can use the SSH certificate.
template str
The SSH certificate issuing template.
valid_from str
The date the SSH certificate was issued.
valid_hours int
Desired number of hours for which the certificate will be valid.
valid_to str
The date the SSH certificate will expire.
windows bool
Specifies whether the private key will use Windows/DOS style line breaks.

Package Details

Repository
https://github.com/pulumi/pulumi-venafi
License
Apache-2.0
Notes
This Pulumi package is based on the venafi Terraform Provider.