Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. Ibm Provider
  3. API Docs
  4. SmPublicCertificate
ibm 1.77.1 published on Monday, Apr 14, 2025 by ibm-cloud
ibm-cloud/terraform-provider-ibm

ibm.SmPublicCertificate

Explore with Pulumi AI

ibm 1.77.1 published on Monday, Apr 14, 2025 by ibm-cloud
ibm-cloud/terraform-provider-ibm

Provides a resource for Secrets Manager public certificate secret. This allows a public certificate secret to be created, updated and deleted.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const smPublicCertificate = new ibm.SmPublicCertificate("smPublicCertificate", {
    instanceId: ibm_resource_instance.sm_instance.guid,
    region: "us-south",
    customMetadata: {
        key: "value",
    },
    description: "Extended description for this secret.",
    labels: ["my-label"],
    ca: "ca",
    dns: "dns",
    commonName: "example.com",
    rotation: {
        autoRotate: true,
        rotateKeys: false,
    },
    secretGroupId: ibm_sm_secret_group.sm_secret_group.secret_group_id,
});
Copy
import pulumi
import pulumi_ibm as ibm

sm_public_certificate = ibm.SmPublicCertificate("smPublicCertificate",
    instance_id=ibm_resource_instance["sm_instance"]["guid"],
    region="us-south",
    custom_metadata={
        "key": "value",
    },
    description="Extended description for this secret.",
    labels=["my-label"],
    ca="ca",
    dns="dns",
    common_name="example.com",
    rotation={
        "auto_rotate": True,
        "rotate_keys": False,
    },
    secret_group_id=ibm_sm_secret_group["sm_secret_group"]["secret_group_id"])
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ibm.NewSmPublicCertificate(ctx, "smPublicCertificate", &ibm.SmPublicCertificateArgs{
			InstanceId: pulumi.Any(ibm_resource_instance.Sm_instance.Guid),
			Region:     pulumi.String("us-south"),
			CustomMetadata: pulumi.StringMap{
				"key": pulumi.String("value"),
			},
			Description: pulumi.String("Extended description for this secret."),
			Labels: pulumi.StringArray{
				pulumi.String("my-label"),
			},
			Ca:         pulumi.String("ca"),
			Dns:        pulumi.String("dns"),
			CommonName: pulumi.String("example.com"),
			Rotation: &ibm.SmPublicCertificateRotationArgs{
				AutoRotate: pulumi.Bool(true),
				RotateKeys: pulumi.Bool(false),
			},
			SecretGroupId: pulumi.Any(ibm_sm_secret_group.Sm_secret_group.Secret_group_id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var smPublicCertificate = new Ibm.SmPublicCertificate("smPublicCertificate", new()
    {
        InstanceId = ibm_resource_instance.Sm_instance.Guid,
        Region = "us-south",
        CustomMetadata = 
        {
            { "key", "value" },
        },
        Description = "Extended description for this secret.",
        Labels = new[]
        {
            "my-label",
        },
        Ca = "ca",
        Dns = "dns",
        CommonName = "example.com",
        Rotation = new Ibm.Inputs.SmPublicCertificateRotationArgs
        {
            AutoRotate = true,
            RotateKeys = false,
        },
        SecretGroupId = ibm_sm_secret_group.Sm_secret_group.Secret_group_id,
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.SmPublicCertificate;
import com.pulumi.ibm.SmPublicCertificateArgs;
import com.pulumi.ibm.inputs.SmPublicCertificateRotationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var smPublicCertificate = new SmPublicCertificate("smPublicCertificate", SmPublicCertificateArgs.builder()
            .instanceId(ibm_resource_instance.sm_instance().guid())
            .region("us-south")
            .customMetadata(Map.of("key", "value"))
            .description("Extended description for this secret.")
            .labels("my-label")
            .ca("ca")
            .dns("dns")
            .commonName("example.com")
            .rotation(SmPublicCertificateRotationArgs.builder()
                .autoRotate(true)
                .rotateKeys(false)
                .build())
            .secretGroupId(ibm_sm_secret_group.sm_secret_group().secret_group_id())
            .build());

    }
}
Copy
resources:
  smPublicCertificate:
    type: ibm:SmPublicCertificate
    properties:
      instanceId: ${ibm_resource_instance.sm_instance.guid}
      region: us-south
      customMetadata:
        key: value
      description: Extended description for this secret.
      labels:
        - my-label
      ca: ca
      dns: dns
      commonName: example.com
      rotation:
        autoRotate: true
        rotateKeys: false
      secretGroupId: ${ibm_sm_secret_group.sm_secret_group.secret_group_id}
Copy

Provider Configuration

The IBM Cloud provider offers a flexible means of providing credentials for authentication. The following methods are supported, in this order, and explained below:

  • Static credentials
  • Environment variables

To find which credentials are required for this resource, see the service table here.

Static credentials

You can provide your static credentials by adding the ibmcloud_api_key, iaas_classic_username, and iaas_classic_api_key arguments in the IBM Cloud provider block.

Usage:

provider "ibm" {
    ibmcloud_api_key = ""
    iaas_classic_username = ""
    iaas_classic_api_key = ""
}

Environment variables

You can provide your credentials by exporting the IC_API_KEY, IAAS_CLASSIC_USERNAME, and IAAS_CLASSIC_API_KEY environment variables, representing your IBM Cloud platform API key, IBM Cloud Classic Infrastructure (SoftLayer) user name, and IBM Cloud infrastructure API key, respectively.

provider "ibm" {}

Usage:

export IC_API_KEY="ibmcloud_api_key"
export IAAS_CLASSIC_USERNAME="iaas_classic_username"
export IAAS_CLASSIC_API_KEY="iaas_classic_api_key"
pulumi preview

Note:

  1. Create or find your ibmcloud_api_key and iaas_classic_api_key here.
  • Select My IBM Cloud API Keys option from view dropdown for ibmcloud_api_key
  • Select Classic Infrastructure API Keys option from view dropdown for iaas_classic_api_key
  1. For iaas_classic_username
  • Go to Users
  • Click on user.
  • Find user name in the VPN password section under User Details tab

For more informaton, see here.

Create SmPublicCertificate Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SmPublicCertificate(name: string, args: SmPublicCertificateArgs, opts?: CustomResourceOptions);
@overload
def SmPublicCertificate(resource_name: str,
                        args: SmPublicCertificateArgs,
                        opts: Optional[ResourceOptions] = None)

@overload
def SmPublicCertificate(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        ca: Optional[str] = None,
                        instance_id: Optional[str] = None,
                        dns: Optional[str] = None,
                        endpoint_type: Optional[str] = None,
                        key_algorithm: Optional[str] = None,
                        custom_metadata: Optional[Mapping[str, str]] = None,
                        description: Optional[str] = None,
                        bundle_certs: Optional[bool] = None,
                        akamai: Optional[SmPublicCertificateAkamaiArgs] = None,
                        alt_names: Optional[Sequence[str]] = None,
                        common_name: Optional[str] = None,
                        labels: Optional[Sequence[str]] = None,
                        name: Optional[str] = None,
                        region: Optional[str] = None,
                        rotation: Optional[SmPublicCertificateRotationArgs] = None,
                        secret_group_id: Optional[str] = None,
                        sm_public_certificate_id: Optional[str] = None,
                        timeouts: Optional[SmPublicCertificateTimeoutsArgs] = None,
                        version_custom_metadata: Optional[Mapping[str, str]] = None)
func NewSmPublicCertificate(ctx *Context, name string, args SmPublicCertificateArgs, opts ...ResourceOption) (*SmPublicCertificate, error)
public SmPublicCertificate(string name, SmPublicCertificateArgs args, CustomResourceOptions? opts = null)
public SmPublicCertificate(String name, SmPublicCertificateArgs args)
public SmPublicCertificate(String name, SmPublicCertificateArgs args, CustomResourceOptions options)

type: ibm:SmPublicCertificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. SmPublicCertificateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. SmPublicCertificateArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. SmPublicCertificateArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. SmPublicCertificateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. SmPublicCertificateArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var smPublicCertificateResource = new Ibm.SmPublicCertificate("smPublicCertificateResource", new()
{
    Ca = "string",
    InstanceId = "string",
    Dns = "string",
    EndpointType = "string",
    KeyAlgorithm = "string",
    CustomMetadata = 
    {
        { "string", "string" },
    },
    Description = "string",
    BundleCerts = false,
    Akamai = new Ibm.Inputs.SmPublicCertificateAkamaiArgs
    {
        Config = new Ibm.Inputs.SmPublicCertificateAkamaiConfigArgs
        {
            AccessToken = "string",
            ClientSecret = "string",
            ClientToken = "string",
            Host = "string",
        },
        Edgerc = new Ibm.Inputs.SmPublicCertificateAkamaiEdgercArgs
        {
            ConfigSection = "string",
            PathToEdgerc = "string",
        },
    },
    AltNames = new[]
    {
        "string",
    },
    CommonName = "string",
    Labels = new[]
    {
        "string",
    },
    Name = "string",
    Region = "string",
    Rotation = new Ibm.Inputs.SmPublicCertificateRotationArgs
    {
        AutoRotate = false,
        RotateKeys = false,
    },
    SecretGroupId = "string",
    SmPublicCertificateId = "string",
    Timeouts = new Ibm.Inputs.SmPublicCertificateTimeoutsArgs
    {
        Create = "string",
    },
    VersionCustomMetadata = 
    {
        { "string", "string" },
    },
});
Copy
example, err := ibm.NewSmPublicCertificate(ctx, "smPublicCertificateResource", &ibm.SmPublicCertificateArgs{
Ca: pulumi.String("string"),
InstanceId: pulumi.String("string"),
Dns: pulumi.String("string"),
EndpointType: pulumi.String("string"),
KeyAlgorithm: pulumi.String("string"),
CustomMetadata: pulumi.StringMap{
"string": pulumi.String("string"),
},
Description: pulumi.String("string"),
BundleCerts: pulumi.Bool(false),
Akamai: &.SmPublicCertificateAkamaiArgs{
Config: &.SmPublicCertificateAkamaiConfigArgs{
AccessToken: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
ClientToken: pulumi.String("string"),
Host: pulumi.String("string"),
},
Edgerc: &.SmPublicCertificateAkamaiEdgercArgs{
ConfigSection: pulumi.String("string"),
PathToEdgerc: pulumi.String("string"),
},
},
AltNames: pulumi.StringArray{
pulumi.String("string"),
},
CommonName: pulumi.String("string"),
Labels: pulumi.StringArray{
pulumi.String("string"),
},
Name: pulumi.String("string"),
Region: pulumi.String("string"),
Rotation: &.SmPublicCertificateRotationArgs{
AutoRotate: pulumi.Bool(false),
RotateKeys: pulumi.Bool(false),
},
SecretGroupId: pulumi.String("string"),
SmPublicCertificateId: pulumi.String("string"),
Timeouts: &.SmPublicCertificateTimeoutsArgs{
Create: pulumi.String("string"),
},
VersionCustomMetadata: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
Copy
var smPublicCertificateResource = new SmPublicCertificate("smPublicCertificateResource", SmPublicCertificateArgs.builder()
    .ca("string")
    .instanceId("string")
    .dns("string")
    .endpointType("string")
    .keyAlgorithm("string")
    .customMetadata(Map.of("string", "string"))
    .description("string")
    .bundleCerts(false)
    .akamai(SmPublicCertificateAkamaiArgs.builder()
        .config(SmPublicCertificateAkamaiConfigArgs.builder()
            .accessToken("string")
            .clientSecret("string")
            .clientToken("string")
            .host("string")
            .build())
        .edgerc(SmPublicCertificateAkamaiEdgercArgs.builder()
            .configSection("string")
            .pathToEdgerc("string")
            .build())
        .build())
    .altNames("string")
    .commonName("string")
    .labels("string")
    .name("string")
    .region("string")
    .rotation(SmPublicCertificateRotationArgs.builder()
        .autoRotate(false)
        .rotateKeys(false)
        .build())
    .secretGroupId("string")
    .smPublicCertificateId("string")
    .timeouts(SmPublicCertificateTimeoutsArgs.builder()
        .create("string")
        .build())
    .versionCustomMetadata(Map.of("string", "string"))
    .build());
Copy
sm_public_certificate_resource = ibm.SmPublicCertificate("smPublicCertificateResource",
    ca="string",
    instance_id="string",
    dns="string",
    endpoint_type="string",
    key_algorithm="string",
    custom_metadata={
        "string": "string",
    },
    description="string",
    bundle_certs=False,
    akamai={
        "config": {
            "access_token": "string",
            "client_secret": "string",
            "client_token": "string",
            "host": "string",
        },
        "edgerc": {
            "config_section": "string",
            "path_to_edgerc": "string",
        },
    },
    alt_names=["string"],
    common_name="string",
    labels=["string"],
    name="string",
    region="string",
    rotation={
        "auto_rotate": False,
        "rotate_keys": False,
    },
    secret_group_id="string",
    sm_public_certificate_id="string",
    timeouts={
        "create": "string",
    },
    version_custom_metadata={
        "string": "string",
    })
Copy
const smPublicCertificateResource = new ibm.SmPublicCertificate("smPublicCertificateResource", {
    ca: "string",
    instanceId: "string",
    dns: "string",
    endpointType: "string",
    keyAlgorithm: "string",
    customMetadata: {
        string: "string",
    },
    description: "string",
    bundleCerts: false,
    akamai: {
        config: {
            accessToken: "string",
            clientSecret: "string",
            clientToken: "string",
            host: "string",
        },
        edgerc: {
            configSection: "string",
            pathToEdgerc: "string",
        },
    },
    altNames: ["string"],
    commonName: "string",
    labels: ["string"],
    name: "string",
    region: "string",
    rotation: {
        autoRotate: false,
        rotateKeys: false,
    },
    secretGroupId: "string",
    smPublicCertificateId: "string",
    timeouts: {
        create: "string",
    },
    versionCustomMetadata: {
        string: "string",
    },
});
Copy
type: ibm:SmPublicCertificate
properties:
    akamai:
        config:
            accessToken: string
            clientSecret: string
            clientToken: string
            host: string
        edgerc:
            configSection: string
            pathToEdgerc: string
    altNames:
        - string
    bundleCerts: false
    ca: string
    commonName: string
    customMetadata:
        string: string
    description: string
    dns: string
    endpointType: string
    instanceId: string
    keyAlgorithm: string
    labels:
        - string
    name: string
    region: string
    rotation:
        autoRotate: false
        rotateKeys: false
    secretGroupId: string
    smPublicCertificateId: string
    timeouts:
        create: string
    versionCustomMetadata:
        string: string
Copy

SmPublicCertificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SmPublicCertificate resource accepts the following input properties:

Ca This property is required. string
The name of the certificate authority configuration.
Dns This property is required. string
The name of the DNS provider configuration.
InstanceId This property is required. string
The GUID of the Secrets Manager instance.
Akamai SmPublicCertificateAkamai
The data required in order to use Akamai as the manual DNS provider. You can choose between two authentication methods: using .edgerc file or directly providing your Akamai's credentials. For more information see here Nested scheme for akamai:
AltNames List<string>
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
BundleCerts bool
Indicates whether the issued certificate is bundled with intermediate certificates.
CommonName string
The Common Name (AKA CN) represents the server name protected by the SSL certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters. The value must match regular expression /^(\\*\\.)?(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])\\.?$/.
CustomMetadata Dictionary<string, string>
The secret metadata that a user can customize.
Description string
An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.

  • Constraints: The maximum length is 1024 characters. The minimum length is 0 characters. The value must match regular expression /(.*?)/.
EndpointType string
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
KeyAlgorithm string
(Forces new resource, String) The identifier for the cryptographic algorithm to be used to generate the public key that is associated with the certificate.The algorithm that you select determines the encryption algorithm (RSA or ECDSA) and key size to be used to generate keys and sign certificates. For longer living certificates, it is recommended to use longer keys to provide more encryption protection. Allowed values: RSA2048, RSA4096, EC256, EC384.

  • Constraints: The default value is RSA2048. The maximum length is 7 characters. The minimum length is 5 characters. The value must match regular expression /^(RSA2048|RSA4096|EC256|EC384)$/.
Labels List<string>
Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 30 items. The minimum length is 0 items.
Name string
The human-readable name of your secret.

  • Constraints: The maximum length is 256 characters. The minimum length is 2 characters. The value must match regular expression ^[A-Za-z0-9_][A-Za-z0-9_]*(?:_*-*\.*[A-Za-z0-9]*)*[A-Za-z0-9]+$.
Region string
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
Rotation SmPublicCertificateRotation
Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for rotation:
SecretGroupId string
A UUID identifier, or default secret group.

  • Constraints: The maximum length is 36 characters. The minimum length is 7 characters. The value must match regular expression /^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/.
SmPublicCertificateId string
Timeouts SmPublicCertificateTimeouts
VersionCustomMetadata Dictionary<string, string>
The secret version metadata that a user can customize.
Ca This property is required. string
The name of the certificate authority configuration.
Dns This property is required. string
The name of the DNS provider configuration.
InstanceId This property is required. string
The GUID of the Secrets Manager instance.
Akamai SmPublicCertificateAkamaiArgs
The data required in order to use Akamai as the manual DNS provider. You can choose between two authentication methods: using .edgerc file or directly providing your Akamai's credentials. For more information see here Nested scheme for akamai:
AltNames []string
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
BundleCerts bool
Indicates whether the issued certificate is bundled with intermediate certificates.
CommonName string
The Common Name (AKA CN) represents the server name protected by the SSL certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters. The value must match regular expression /^(\\*\\.)?(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])\\.?$/.
CustomMetadata map[string]string
The secret metadata that a user can customize.
Description string
An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.

  • Constraints: The maximum length is 1024 characters. The minimum length is 0 characters. The value must match regular expression /(.*?)/.
EndpointType string
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
KeyAlgorithm string
(Forces new resource, String) The identifier for the cryptographic algorithm to be used to generate the public key that is associated with the certificate.The algorithm that you select determines the encryption algorithm (RSA or ECDSA) and key size to be used to generate keys and sign certificates. For longer living certificates, it is recommended to use longer keys to provide more encryption protection. Allowed values: RSA2048, RSA4096, EC256, EC384.

  • Constraints: The default value is RSA2048. The maximum length is 7 characters. The minimum length is 5 characters. The value must match regular expression /^(RSA2048|RSA4096|EC256|EC384)$/.
Labels []string
Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 30 items. The minimum length is 0 items.
Name string
The human-readable name of your secret.

  • Constraints: The maximum length is 256 characters. The minimum length is 2 characters. The value must match regular expression ^[A-Za-z0-9_][A-Za-z0-9_]*(?:_*-*\.*[A-Za-z0-9]*)*[A-Za-z0-9]+$.
Region string
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
Rotation SmPublicCertificateRotationArgs
Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for rotation:
SecretGroupId string
A UUID identifier, or default secret group.

  • Constraints: The maximum length is 36 characters. The minimum length is 7 characters. The value must match regular expression /^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/.
SmPublicCertificateId string
Timeouts SmPublicCertificateTimeoutsArgs
VersionCustomMetadata map[string]string
The secret version metadata that a user can customize.
ca This property is required. String
The name of the certificate authority configuration.
dns This property is required. String
The name of the DNS provider configuration.
instanceId This property is required. String
The GUID of the Secrets Manager instance.
akamai SmPublicCertificateAkamai
The data required in order to use Akamai as the manual DNS provider. You can choose between two authentication methods: using .edgerc file or directly providing your Akamai's credentials. For more information see here Nested scheme for akamai:
altNames List<String>
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
bundleCerts Boolean
Indicates whether the issued certificate is bundled with intermediate certificates.
commonName String
The Common Name (AKA CN) represents the server name protected by the SSL certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters. The value must match regular expression /^(\\*\\.)?(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])\\.?$/.
customMetadata Map<String,String>
The secret metadata that a user can customize.
description String
An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.

  • Constraints: The maximum length is 1024 characters. The minimum length is 0 characters. The value must match regular expression /(.*?)/.
endpointType String
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
keyAlgorithm String
(Forces new resource, String) The identifier for the cryptographic algorithm to be used to generate the public key that is associated with the certificate.The algorithm that you select determines the encryption algorithm (RSA or ECDSA) and key size to be used to generate keys and sign certificates. For longer living certificates, it is recommended to use longer keys to provide more encryption protection. Allowed values: RSA2048, RSA4096, EC256, EC384.

  • Constraints: The default value is RSA2048. The maximum length is 7 characters. The minimum length is 5 characters. The value must match regular expression /^(RSA2048|RSA4096|EC256|EC384)$/.
labels List<String>
Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 30 items. The minimum length is 0 items.
name String
The human-readable name of your secret.

  • Constraints: The maximum length is 256 characters. The minimum length is 2 characters. The value must match regular expression ^[A-Za-z0-9_][A-Za-z0-9_]*(?:_*-*\.*[A-Za-z0-9]*)*[A-Za-z0-9]+$.
region String
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
rotation SmPublicCertificateRotation
Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for rotation:
secretGroupId String
A UUID identifier, or default secret group.

  • Constraints: The maximum length is 36 characters. The minimum length is 7 characters. The value must match regular expression /^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/.
smPublicCertificateId String
timeouts SmPublicCertificateTimeouts
versionCustomMetadata Map<String,String>
The secret version metadata that a user can customize.
ca This property is required. string
The name of the certificate authority configuration.
dns This property is required. string
The name of the DNS provider configuration.
instanceId This property is required. string
The GUID of the Secrets Manager instance.
akamai SmPublicCertificateAkamai
The data required in order to use Akamai as the manual DNS provider. You can choose between two authentication methods: using .edgerc file or directly providing your Akamai's credentials. For more information see here Nested scheme for akamai:
altNames string[]
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
bundleCerts boolean
Indicates whether the issued certificate is bundled with intermediate certificates.
commonName string
The Common Name (AKA CN) represents the server name protected by the SSL certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters. The value must match regular expression /^(\\*\\.)?(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])\\.?$/.
customMetadata {[key: string]: string}
The secret metadata that a user can customize.
description string
An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.

  • Constraints: The maximum length is 1024 characters. The minimum length is 0 characters. The value must match regular expression /(.*?)/.
endpointType string
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
keyAlgorithm string
(Forces new resource, String) The identifier for the cryptographic algorithm to be used to generate the public key that is associated with the certificate.The algorithm that you select determines the encryption algorithm (RSA or ECDSA) and key size to be used to generate keys and sign certificates. For longer living certificates, it is recommended to use longer keys to provide more encryption protection. Allowed values: RSA2048, RSA4096, EC256, EC384.

  • Constraints: The default value is RSA2048. The maximum length is 7 characters. The minimum length is 5 characters. The value must match regular expression /^(RSA2048|RSA4096|EC256|EC384)$/.
labels string[]
Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 30 items. The minimum length is 0 items.
name string
The human-readable name of your secret.

  • Constraints: The maximum length is 256 characters. The minimum length is 2 characters. The value must match regular expression ^[A-Za-z0-9_][A-Za-z0-9_]*(?:_*-*\.*[A-Za-z0-9]*)*[A-Za-z0-9]+$.
region string
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
rotation SmPublicCertificateRotation
Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for rotation:
secretGroupId string
A UUID identifier, or default secret group.

  • Constraints: The maximum length is 36 characters. The minimum length is 7 characters. The value must match regular expression /^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/.
smPublicCertificateId string
timeouts SmPublicCertificateTimeouts
versionCustomMetadata {[key: string]: string}
The secret version metadata that a user can customize.
ca This property is required. str
The name of the certificate authority configuration.
dns This property is required. str
The name of the DNS provider configuration.
instance_id This property is required. str
The GUID of the Secrets Manager instance.
akamai SmPublicCertificateAkamaiArgs
The data required in order to use Akamai as the manual DNS provider. You can choose between two authentication methods: using .edgerc file or directly providing your Akamai's credentials. For more information see here Nested scheme for akamai:
alt_names Sequence[str]
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
bundle_certs bool
Indicates whether the issued certificate is bundled with intermediate certificates.
common_name str
The Common Name (AKA CN) represents the server name protected by the SSL certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters. The value must match regular expression /^(\\*\\.)?(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])\\.?$/.
custom_metadata Mapping[str, str]
The secret metadata that a user can customize.
description str
An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.

  • Constraints: The maximum length is 1024 characters. The minimum length is 0 characters. The value must match regular expression /(.*?)/.
endpoint_type str
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
key_algorithm str
(Forces new resource, String) The identifier for the cryptographic algorithm to be used to generate the public key that is associated with the certificate.The algorithm that you select determines the encryption algorithm (RSA or ECDSA) and key size to be used to generate keys and sign certificates. For longer living certificates, it is recommended to use longer keys to provide more encryption protection. Allowed values: RSA2048, RSA4096, EC256, EC384.

  • Constraints: The default value is RSA2048. The maximum length is 7 characters. The minimum length is 5 characters. The value must match regular expression /^(RSA2048|RSA4096|EC256|EC384)$/.
labels Sequence[str]
Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 30 items. The minimum length is 0 items.
name str
The human-readable name of your secret.

  • Constraints: The maximum length is 256 characters. The minimum length is 2 characters. The value must match regular expression ^[A-Za-z0-9_][A-Za-z0-9_]*(?:_*-*\.*[A-Za-z0-9]*)*[A-Za-z0-9]+$.
region str
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
rotation SmPublicCertificateRotationArgs
Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for rotation:
secret_group_id str
A UUID identifier, or default secret group.

  • Constraints: The maximum length is 36 characters. The minimum length is 7 characters. The value must match regular expression /^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/.
sm_public_certificate_id str
timeouts SmPublicCertificateTimeoutsArgs
version_custom_metadata Mapping[str, str]
The secret version metadata that a user can customize.
ca This property is required. String
The name of the certificate authority configuration.
dns This property is required. String
The name of the DNS provider configuration.
instanceId This property is required. String
The GUID of the Secrets Manager instance.
akamai Property Map
The data required in order to use Akamai as the manual DNS provider. You can choose between two authentication methods: using .edgerc file or directly providing your Akamai's credentials. For more information see here Nested scheme for akamai:
altNames List<String>
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
bundleCerts Boolean
Indicates whether the issued certificate is bundled with intermediate certificates.
commonName String
The Common Name (AKA CN) represents the server name protected by the SSL certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters. The value must match regular expression /^(\\*\\.)?(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])\\.?$/.
customMetadata Map<String>
The secret metadata that a user can customize.
description String
An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.

  • Constraints: The maximum length is 1024 characters. The minimum length is 0 characters. The value must match regular expression /(.*?)/.
endpointType String
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
keyAlgorithm String
(Forces new resource, String) The identifier for the cryptographic algorithm to be used to generate the public key that is associated with the certificate.The algorithm that you select determines the encryption algorithm (RSA or ECDSA) and key size to be used to generate keys and sign certificates. For longer living certificates, it is recommended to use longer keys to provide more encryption protection. Allowed values: RSA2048, RSA4096, EC256, EC384.

  • Constraints: The default value is RSA2048. The maximum length is 7 characters. The minimum length is 5 characters. The value must match regular expression /^(RSA2048|RSA4096|EC256|EC384)$/.
labels List<String>
Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 30 items. The minimum length is 0 items.
name String
The human-readable name of your secret.

  • Constraints: The maximum length is 256 characters. The minimum length is 2 characters. The value must match regular expression ^[A-Za-z0-9_][A-Za-z0-9_]*(?:_*-*\.*[A-Za-z0-9]*)*[A-Za-z0-9]+$.
region String
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
rotation Property Map
Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for rotation:
secretGroupId String
A UUID identifier, or default secret group.

  • Constraints: The maximum length is 36 characters. The minimum length is 7 characters. The value must match regular expression /^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/.
smPublicCertificateId String
timeouts Property Map
versionCustomMetadata Map<String>
The secret version metadata that a user can customize.

Outputs

All input properties are implicitly available as output properties. Additionally, the SmPublicCertificate resource produces the following output properties:

Certificate string
(Forces new resource, String) The PEM-encoded contents of your certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
CreatedAt string
(String) The date when a resource was created. The date format follows RFC 3339.
CreatedBy string
(String) The unique identifier that is associated with the entity that created the secret.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters.
Crn string
(String) A CRN that uniquely identifies an IBM Cloud resource.

  • Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression /^crn:v0-9*+,;=@\/]|%[0-9A-Z]{2})*){8}$/.
Downloaded bool
(Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.
ExpirationDate string
The date a secret is expired. The date format follows RFC 3339.
Id string
The provider-assigned unique ID for this managed resource.
Intermediate string
(Forces new resource, String) (Optional) The PEM-encoded intermediate certificate to associate with the root certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
IssuanceInfos List<SmPublicCertificateIssuanceInfo>
(List) Issuance information that is associated with your certificate. Nested scheme for issuance_info:
Issuer string
(Forces new resource, String) The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
LocksTotal double
(Integer) The number of locks of the secret.

  • Constraints: The maximum value is 1000. The minimum value is 0.
PrivateKey string
(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
SecretId string
The unique identifier of the PublicCertificate.
SecretType string
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
SerialNumber string
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 2 characters. The value must match regular expression /[^a-fA-F0-9]/.
SigningAlgorithm string
(String) The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign a certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters.
State double
(Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.

  • Constraints: Allowable values are: 0, 1, 2, 3, 5.
StateDescription string
(String) A text representation of the secret state.

  • Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.
UpdatedAt string
(String) The date when a resource was recently modified. The date format follows RFC 3339.
Validities List<SmPublicCertificateValidity>
(List) The date and time that the certificate validity period begins and ends. Nested scheme for validity:
VersionsTotal double
(Integer) The number of versions of the secret.

  • Constraints: The maximum value is 50. The minimum value is 0.
Certificate string
(Forces new resource, String) The PEM-encoded contents of your certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
CreatedAt string
(String) The date when a resource was created. The date format follows RFC 3339.
CreatedBy string
(String) The unique identifier that is associated with the entity that created the secret.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters.
Crn string
(String) A CRN that uniquely identifies an IBM Cloud resource.

  • Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression /^crn:v0-9*+,;=@\/]|%[0-9A-Z]{2})*){8}$/.
Downloaded bool
(Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.
ExpirationDate string
The date a secret is expired. The date format follows RFC 3339.
Id string
The provider-assigned unique ID for this managed resource.
Intermediate string
(Forces new resource, String) (Optional) The PEM-encoded intermediate certificate to associate with the root certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
IssuanceInfos []SmPublicCertificateIssuanceInfo
(List) Issuance information that is associated with your certificate. Nested scheme for issuance_info:
Issuer string
(Forces new resource, String) The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
LocksTotal float64
(Integer) The number of locks of the secret.

  • Constraints: The maximum value is 1000. The minimum value is 0.
PrivateKey string
(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
SecretId string
The unique identifier of the PublicCertificate.
SecretType string
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
SerialNumber string
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 2 characters. The value must match regular expression /[^a-fA-F0-9]/.
SigningAlgorithm string
(String) The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign a certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters.
State float64
(Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.

  • Constraints: Allowable values are: 0, 1, 2, 3, 5.
StateDescription string
(String) A text representation of the secret state.

  • Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.
UpdatedAt string
(String) The date when a resource was recently modified. The date format follows RFC 3339.
Validities []SmPublicCertificateValidity
(List) The date and time that the certificate validity period begins and ends. Nested scheme for validity:
VersionsTotal float64
(Integer) The number of versions of the secret.

  • Constraints: The maximum value is 50. The minimum value is 0.
certificate String
(Forces new resource, String) The PEM-encoded contents of your certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
createdAt String
(String) The date when a resource was created. The date format follows RFC 3339.
createdBy String
(String) The unique identifier that is associated with the entity that created the secret.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters.
crn String
(String) A CRN that uniquely identifies an IBM Cloud resource.

  • Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression /^crn:v0-9*+,;=@\/]|%[0-9A-Z]{2})*){8}$/.
downloaded Boolean
(Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.
expirationDate String
The date a secret is expired. The date format follows RFC 3339.
id String
The provider-assigned unique ID for this managed resource.
intermediate String
(Forces new resource, String) (Optional) The PEM-encoded intermediate certificate to associate with the root certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
issuanceInfos List<SmPublicCertificateIssuanceInfo>
(List) Issuance information that is associated with your certificate. Nested scheme for issuance_info:
issuer String
(Forces new resource, String) The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
locksTotal Double
(Integer) The number of locks of the secret.

  • Constraints: The maximum value is 1000. The minimum value is 0.
privateKey String
(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
secretId String
The unique identifier of the PublicCertificate.
secretType String
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
serialNumber String
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 2 characters. The value must match regular expression /[^a-fA-F0-9]/.
signingAlgorithm String
(String) The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign a certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters.
state Double
(Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.

  • Constraints: Allowable values are: 0, 1, 2, 3, 5.
stateDescription String
(String) A text representation of the secret state.

  • Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.
updatedAt String
(String) The date when a resource was recently modified. The date format follows RFC 3339.
validities List<SmPublicCertificateValidity>
(List) The date and time that the certificate validity period begins and ends. Nested scheme for validity:
versionsTotal Double
(Integer) The number of versions of the secret.

  • Constraints: The maximum value is 50. The minimum value is 0.
certificate string
(Forces new resource, String) The PEM-encoded contents of your certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
createdAt string
(String) The date when a resource was created. The date format follows RFC 3339.
createdBy string
(String) The unique identifier that is associated with the entity that created the secret.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters.
crn string
(String) A CRN that uniquely identifies an IBM Cloud resource.

  • Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression /^crn:v0-9*+,;=@\/]|%[0-9A-Z]{2})*){8}$/.
downloaded boolean
(Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.
expirationDate string
The date a secret is expired. The date format follows RFC 3339.
id string
The provider-assigned unique ID for this managed resource.
intermediate string
(Forces new resource, String) (Optional) The PEM-encoded intermediate certificate to associate with the root certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
issuanceInfos SmPublicCertificateIssuanceInfo[]
(List) Issuance information that is associated with your certificate. Nested scheme for issuance_info:
issuer string
(Forces new resource, String) The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
locksTotal number
(Integer) The number of locks of the secret.

  • Constraints: The maximum value is 1000. The minimum value is 0.
privateKey string
(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
secretId string
The unique identifier of the PublicCertificate.
secretType string
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
serialNumber string
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 2 characters. The value must match regular expression /[^a-fA-F0-9]/.
signingAlgorithm string
(String) The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign a certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters.
state number
(Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.

  • Constraints: Allowable values are: 0, 1, 2, 3, 5.
stateDescription string
(String) A text representation of the secret state.

  • Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.
updatedAt string
(String) The date when a resource was recently modified. The date format follows RFC 3339.
validities SmPublicCertificateValidity[]
(List) The date and time that the certificate validity period begins and ends. Nested scheme for validity:
versionsTotal number
(Integer) The number of versions of the secret.

  • Constraints: The maximum value is 50. The minimum value is 0.
certificate str
(Forces new resource, String) The PEM-encoded contents of your certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
created_at str
(String) The date when a resource was created. The date format follows RFC 3339.
created_by str
(String) The unique identifier that is associated with the entity that created the secret.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters.
crn str
(String) A CRN that uniquely identifies an IBM Cloud resource.

  • Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression /^crn:v0-9*+,;=@\/]|%[0-9A-Z]{2})*){8}$/.
downloaded bool
(Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.
expiration_date str
The date a secret is expired. The date format follows RFC 3339.
id str
The provider-assigned unique ID for this managed resource.
intermediate str
(Forces new resource, String) (Optional) The PEM-encoded intermediate certificate to associate with the root certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
issuance_infos Sequence[SmPublicCertificateIssuanceInfo]
(List) Issuance information that is associated with your certificate. Nested scheme for issuance_info:
issuer str
(Forces new resource, String) The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
locks_total float
(Integer) The number of locks of the secret.

  • Constraints: The maximum value is 1000. The minimum value is 0.
private_key str
(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
secret_id str
The unique identifier of the PublicCertificate.
secret_type str
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
serial_number str
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 2 characters. The value must match regular expression /[^a-fA-F0-9]/.
signing_algorithm str
(String) The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign a certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters.
state float
(Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.

  • Constraints: Allowable values are: 0, 1, 2, 3, 5.
state_description str
(String) A text representation of the secret state.

  • Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.
updated_at str
(String) The date when a resource was recently modified. The date format follows RFC 3339.
validities Sequence[SmPublicCertificateValidity]
(List) The date and time that the certificate validity period begins and ends. Nested scheme for validity:
versions_total float
(Integer) The number of versions of the secret.

  • Constraints: The maximum value is 50. The minimum value is 0.
certificate String
(Forces new resource, String) The PEM-encoded contents of your certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
createdAt String
(String) The date when a resource was created. The date format follows RFC 3339.
createdBy String
(String) The unique identifier that is associated with the entity that created the secret.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters.
crn String
(String) A CRN that uniquely identifies an IBM Cloud resource.

  • Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression /^crn:v0-9*+,;=@\/]|%[0-9A-Z]{2})*){8}$/.
downloaded Boolean
(Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.
expirationDate String
The date a secret is expired. The date format follows RFC 3339.
id String
The provider-assigned unique ID for this managed resource.
intermediate String
(Forces new resource, String) (Optional) The PEM-encoded intermediate certificate to associate with the root certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
issuanceInfos List<Property Map>
(List) Issuance information that is associated with your certificate. Nested scheme for issuance_info:
issuer String
(Forces new resource, String) The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
locksTotal Number
(Integer) The number of locks of the secret.

  • Constraints: The maximum value is 1000. The minimum value is 0.
privateKey String
(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
secretId String
The unique identifier of the PublicCertificate.
secretType String
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
serialNumber String
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 2 characters. The value must match regular expression /[^a-fA-F0-9]/.
signingAlgorithm String
(String) The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign a certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters.
state Number
(Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.

  • Constraints: Allowable values are: 0, 1, 2, 3, 5.
stateDescription String
(String) A text representation of the secret state.

  • Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.
updatedAt String
(String) The date when a resource was recently modified. The date format follows RFC 3339.
validities List<Property Map>
(List) The date and time that the certificate validity period begins and ends. Nested scheme for validity:
versionsTotal Number
(Integer) The number of versions of the secret.

  • Constraints: The maximum value is 50. The minimum value is 0.

Look up Existing SmPublicCertificate Resource

Get an existing SmPublicCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SmPublicCertificateState, opts?: CustomResourceOptions): SmPublicCertificate
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        akamai: Optional[SmPublicCertificateAkamaiArgs] = None,
        alt_names: Optional[Sequence[str]] = None,
        bundle_certs: Optional[bool] = None,
        ca: Optional[str] = None,
        certificate: Optional[str] = None,
        common_name: Optional[str] = None,
        created_at: Optional[str] = None,
        created_by: Optional[str] = None,
        crn: Optional[str] = None,
        custom_metadata: Optional[Mapping[str, str]] = None,
        description: Optional[str] = None,
        dns: Optional[str] = None,
        downloaded: Optional[bool] = None,
        endpoint_type: Optional[str] = None,
        expiration_date: Optional[str] = None,
        instance_id: Optional[str] = None,
        intermediate: Optional[str] = None,
        issuance_infos: Optional[Sequence[SmPublicCertificateIssuanceInfoArgs]] = None,
        issuer: Optional[str] = None,
        key_algorithm: Optional[str] = None,
        labels: Optional[Sequence[str]] = None,
        locks_total: Optional[float] = None,
        name: Optional[str] = None,
        private_key: Optional[str] = None,
        region: Optional[str] = None,
        rotation: Optional[SmPublicCertificateRotationArgs] = None,
        secret_group_id: Optional[str] = None,
        secret_id: Optional[str] = None,
        secret_type: Optional[str] = None,
        serial_number: Optional[str] = None,
        signing_algorithm: Optional[str] = None,
        sm_public_certificate_id: Optional[str] = None,
        state: Optional[float] = None,
        state_description: Optional[str] = None,
        timeouts: Optional[SmPublicCertificateTimeoutsArgs] = None,
        updated_at: Optional[str] = None,
        validities: Optional[Sequence[SmPublicCertificateValidityArgs]] = None,
        version_custom_metadata: Optional[Mapping[str, str]] = None,
        versions_total: Optional[float] = None) -> SmPublicCertificate
func GetSmPublicCertificate(ctx *Context, name string, id IDInput, state *SmPublicCertificateState, opts ...ResourceOption) (*SmPublicCertificate, error)
public static SmPublicCertificate Get(string name, Input<string> id, SmPublicCertificateState? state, CustomResourceOptions? opts = null)
public static SmPublicCertificate get(String name, Output<String> id, SmPublicCertificateState state, CustomResourceOptions options)
resources:  _:    type: ibm:SmPublicCertificate    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Akamai SmPublicCertificateAkamai
The data required in order to use Akamai as the manual DNS provider. You can choose between two authentication methods: using .edgerc file or directly providing your Akamai's credentials. For more information see here Nested scheme for akamai:
AltNames List<string>
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
BundleCerts bool
Indicates whether the issued certificate is bundled with intermediate certificates.
Ca string
The name of the certificate authority configuration.
Certificate string
(Forces new resource, String) The PEM-encoded contents of your certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
CommonName string
The Common Name (AKA CN) represents the server name protected by the SSL certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters. The value must match regular expression /^(\\*\\.)?(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])\\.?$/.
CreatedAt string
(String) The date when a resource was created. The date format follows RFC 3339.
CreatedBy string
(String) The unique identifier that is associated with the entity that created the secret.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters.
Crn string
(String) A CRN that uniquely identifies an IBM Cloud resource.

  • Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression /^crn:v0-9*+,;=@\/]|%[0-9A-Z]{2})*){8}$/.
CustomMetadata Dictionary<string, string>
The secret metadata that a user can customize.
Description string
An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.

  • Constraints: The maximum length is 1024 characters. The minimum length is 0 characters. The value must match regular expression /(.*?)/.
Dns string
The name of the DNS provider configuration.
Downloaded bool
(Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.
EndpointType string
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
ExpirationDate string
The date a secret is expired. The date format follows RFC 3339.
InstanceId string
The GUID of the Secrets Manager instance.
Intermediate string
(Forces new resource, String) (Optional) The PEM-encoded intermediate certificate to associate with the root certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
IssuanceInfos List<SmPublicCertificateIssuanceInfo>
(List) Issuance information that is associated with your certificate. Nested scheme for issuance_info:
Issuer string
(Forces new resource, String) The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
KeyAlgorithm string
(Forces new resource, String) The identifier for the cryptographic algorithm to be used to generate the public key that is associated with the certificate.The algorithm that you select determines the encryption algorithm (RSA or ECDSA) and key size to be used to generate keys and sign certificates. For longer living certificates, it is recommended to use longer keys to provide more encryption protection. Allowed values: RSA2048, RSA4096, EC256, EC384.

  • Constraints: The default value is RSA2048. The maximum length is 7 characters. The minimum length is 5 characters. The value must match regular expression /^(RSA2048|RSA4096|EC256|EC384)$/.
Labels List<string>
Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 30 items. The minimum length is 0 items.
LocksTotal double
(Integer) The number of locks of the secret.

  • Constraints: The maximum value is 1000. The minimum value is 0.
Name string
The human-readable name of your secret.

  • Constraints: The maximum length is 256 characters. The minimum length is 2 characters. The value must match regular expression ^[A-Za-z0-9_][A-Za-z0-9_]*(?:_*-*\.*[A-Za-z0-9]*)*[A-Za-z0-9]+$.
PrivateKey string
(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
Region string
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
Rotation SmPublicCertificateRotation
Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for rotation:
SecretGroupId string
A UUID identifier, or default secret group.

  • Constraints: The maximum length is 36 characters. The minimum length is 7 characters. The value must match regular expression /^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/.
SecretId string
The unique identifier of the PublicCertificate.
SecretType string
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
SerialNumber string
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 2 characters. The value must match regular expression /[^a-fA-F0-9]/.
SigningAlgorithm string
(String) The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign a certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters.
SmPublicCertificateId string
State double
(Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.

  • Constraints: Allowable values are: 0, 1, 2, 3, 5.
StateDescription string
(String) A text representation of the secret state.

  • Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.
Timeouts SmPublicCertificateTimeouts
UpdatedAt string
(String) The date when a resource was recently modified. The date format follows RFC 3339.
Validities List<SmPublicCertificateValidity>
(List) The date and time that the certificate validity period begins and ends. Nested scheme for validity:
VersionCustomMetadata Dictionary<string, string>
The secret version metadata that a user can customize.
VersionsTotal double
(Integer) The number of versions of the secret.

  • Constraints: The maximum value is 50. The minimum value is 0.
Akamai SmPublicCertificateAkamaiArgs
The data required in order to use Akamai as the manual DNS provider. You can choose between two authentication methods: using .edgerc file or directly providing your Akamai's credentials. For more information see here Nested scheme for akamai:
AltNames []string
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
BundleCerts bool
Indicates whether the issued certificate is bundled with intermediate certificates.
Ca string
The name of the certificate authority configuration.
Certificate string
(Forces new resource, String) The PEM-encoded contents of your certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
CommonName string
The Common Name (AKA CN) represents the server name protected by the SSL certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters. The value must match regular expression /^(\\*\\.)?(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])\\.?$/.
CreatedAt string
(String) The date when a resource was created. The date format follows RFC 3339.
CreatedBy string
(String) The unique identifier that is associated with the entity that created the secret.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters.
Crn string
(String) A CRN that uniquely identifies an IBM Cloud resource.

  • Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression /^crn:v0-9*+,;=@\/]|%[0-9A-Z]{2})*){8}$/.
CustomMetadata map[string]string
The secret metadata that a user can customize.
Description string
An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.

  • Constraints: The maximum length is 1024 characters. The minimum length is 0 characters. The value must match regular expression /(.*?)/.
Dns string
The name of the DNS provider configuration.
Downloaded bool
(Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.
EndpointType string
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
ExpirationDate string
The date a secret is expired. The date format follows RFC 3339.
InstanceId string
The GUID of the Secrets Manager instance.
Intermediate string
(Forces new resource, String) (Optional) The PEM-encoded intermediate certificate to associate with the root certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
IssuanceInfos []SmPublicCertificateIssuanceInfoArgs
(List) Issuance information that is associated with your certificate. Nested scheme for issuance_info:
Issuer string
(Forces new resource, String) The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
KeyAlgorithm string
(Forces new resource, String) The identifier for the cryptographic algorithm to be used to generate the public key that is associated with the certificate.The algorithm that you select determines the encryption algorithm (RSA or ECDSA) and key size to be used to generate keys and sign certificates. For longer living certificates, it is recommended to use longer keys to provide more encryption protection. Allowed values: RSA2048, RSA4096, EC256, EC384.

  • Constraints: The default value is RSA2048. The maximum length is 7 characters. The minimum length is 5 characters. The value must match regular expression /^(RSA2048|RSA4096|EC256|EC384)$/.
Labels []string
Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 30 items. The minimum length is 0 items.
LocksTotal float64
(Integer) The number of locks of the secret.

  • Constraints: The maximum value is 1000. The minimum value is 0.
Name string
The human-readable name of your secret.

  • Constraints: The maximum length is 256 characters. The minimum length is 2 characters. The value must match regular expression ^[A-Za-z0-9_][A-Za-z0-9_]*(?:_*-*\.*[A-Za-z0-9]*)*[A-Za-z0-9]+$.
PrivateKey string
(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
Region string
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
Rotation SmPublicCertificateRotationArgs
Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for rotation:
SecretGroupId string
A UUID identifier, or default secret group.

  • Constraints: The maximum length is 36 characters. The minimum length is 7 characters. The value must match regular expression /^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/.
SecretId string
The unique identifier of the PublicCertificate.
SecretType string
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
SerialNumber string
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 2 characters. The value must match regular expression /[^a-fA-F0-9]/.
SigningAlgorithm string
(String) The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign a certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters.
SmPublicCertificateId string
State float64
(Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.

  • Constraints: Allowable values are: 0, 1, 2, 3, 5.
StateDescription string
(String) A text representation of the secret state.

  • Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.
Timeouts SmPublicCertificateTimeoutsArgs
UpdatedAt string
(String) The date when a resource was recently modified. The date format follows RFC 3339.
Validities []SmPublicCertificateValidityArgs
(List) The date and time that the certificate validity period begins and ends. Nested scheme for validity:
VersionCustomMetadata map[string]string
The secret version metadata that a user can customize.
VersionsTotal float64
(Integer) The number of versions of the secret.

  • Constraints: The maximum value is 50. The minimum value is 0.
akamai SmPublicCertificateAkamai
The data required in order to use Akamai as the manual DNS provider. You can choose between two authentication methods: using .edgerc file or directly providing your Akamai's credentials. For more information see here Nested scheme for akamai:
altNames List<String>
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
bundleCerts Boolean
Indicates whether the issued certificate is bundled with intermediate certificates.
ca String
The name of the certificate authority configuration.
certificate String
(Forces new resource, String) The PEM-encoded contents of your certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
commonName String
The Common Name (AKA CN) represents the server name protected by the SSL certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters. The value must match regular expression /^(\\*\\.)?(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])\\.?$/.
createdAt String
(String) The date when a resource was created. The date format follows RFC 3339.
createdBy String
(String) The unique identifier that is associated with the entity that created the secret.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters.
crn String
(String) A CRN that uniquely identifies an IBM Cloud resource.

  • Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression /^crn:v0-9*+,;=@\/]|%[0-9A-Z]{2})*){8}$/.
customMetadata Map<String,String>
The secret metadata that a user can customize.
description String
An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.

  • Constraints: The maximum length is 1024 characters. The minimum length is 0 characters. The value must match regular expression /(.*?)/.
dns String
The name of the DNS provider configuration.
downloaded Boolean
(Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.
endpointType String
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
expirationDate String
The date a secret is expired. The date format follows RFC 3339.
instanceId String
The GUID of the Secrets Manager instance.
intermediate String
(Forces new resource, String) (Optional) The PEM-encoded intermediate certificate to associate with the root certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
issuanceInfos List<SmPublicCertificateIssuanceInfo>
(List) Issuance information that is associated with your certificate. Nested scheme for issuance_info:
issuer String
(Forces new resource, String) The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
keyAlgorithm String
(Forces new resource, String) The identifier for the cryptographic algorithm to be used to generate the public key that is associated with the certificate.The algorithm that you select determines the encryption algorithm (RSA or ECDSA) and key size to be used to generate keys and sign certificates. For longer living certificates, it is recommended to use longer keys to provide more encryption protection. Allowed values: RSA2048, RSA4096, EC256, EC384.

  • Constraints: The default value is RSA2048. The maximum length is 7 characters. The minimum length is 5 characters. The value must match regular expression /^(RSA2048|RSA4096|EC256|EC384)$/.
labels List<String>
Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 30 items. The minimum length is 0 items.
locksTotal Double
(Integer) The number of locks of the secret.

  • Constraints: The maximum value is 1000. The minimum value is 0.
name String
The human-readable name of your secret.

  • Constraints: The maximum length is 256 characters. The minimum length is 2 characters. The value must match regular expression ^[A-Za-z0-9_][A-Za-z0-9_]*(?:_*-*\.*[A-Za-z0-9]*)*[A-Za-z0-9]+$.
privateKey String
(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
region String
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
rotation SmPublicCertificateRotation
Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for rotation:
secretGroupId String
A UUID identifier, or default secret group.

  • Constraints: The maximum length is 36 characters. The minimum length is 7 characters. The value must match regular expression /^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/.
secretId String
The unique identifier of the PublicCertificate.
secretType String
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
serialNumber String
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 2 characters. The value must match regular expression /[^a-fA-F0-9]/.
signingAlgorithm String
(String) The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign a certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters.
smPublicCertificateId String
state Double
(Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.

  • Constraints: Allowable values are: 0, 1, 2, 3, 5.
stateDescription String
(String) A text representation of the secret state.

  • Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.
timeouts SmPublicCertificateTimeouts
updatedAt String
(String) The date when a resource was recently modified. The date format follows RFC 3339.
validities List<SmPublicCertificateValidity>
(List) The date and time that the certificate validity period begins and ends. Nested scheme for validity:
versionCustomMetadata Map<String,String>
The secret version metadata that a user can customize.
versionsTotal Double
(Integer) The number of versions of the secret.

  • Constraints: The maximum value is 50. The minimum value is 0.
akamai SmPublicCertificateAkamai
The data required in order to use Akamai as the manual DNS provider. You can choose between two authentication methods: using .edgerc file or directly providing your Akamai's credentials. For more information see here Nested scheme for akamai:
altNames string[]
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
bundleCerts boolean
Indicates whether the issued certificate is bundled with intermediate certificates.
ca string
The name of the certificate authority configuration.
certificate string
(Forces new resource, String) The PEM-encoded contents of your certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
commonName string
The Common Name (AKA CN) represents the server name protected by the SSL certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters. The value must match regular expression /^(\\*\\.)?(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])\\.?$/.
createdAt string
(String) The date when a resource was created. The date format follows RFC 3339.
createdBy string
(String) The unique identifier that is associated with the entity that created the secret.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters.
crn string
(String) A CRN that uniquely identifies an IBM Cloud resource.

  • Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression /^crn:v0-9*+,;=@\/]|%[0-9A-Z]{2})*){8}$/.
customMetadata {[key: string]: string}
The secret metadata that a user can customize.
description string
An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.

  • Constraints: The maximum length is 1024 characters. The minimum length is 0 characters. The value must match regular expression /(.*?)/.
dns string
The name of the DNS provider configuration.
downloaded boolean
(Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.
endpointType string
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
expirationDate string
The date a secret is expired. The date format follows RFC 3339.
instanceId string
The GUID of the Secrets Manager instance.
intermediate string
(Forces new resource, String) (Optional) The PEM-encoded intermediate certificate to associate with the root certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
issuanceInfos SmPublicCertificateIssuanceInfo[]
(List) Issuance information that is associated with your certificate. Nested scheme for issuance_info:
issuer string
(Forces new resource, String) The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
keyAlgorithm string
(Forces new resource, String) The identifier for the cryptographic algorithm to be used to generate the public key that is associated with the certificate.The algorithm that you select determines the encryption algorithm (RSA or ECDSA) and key size to be used to generate keys and sign certificates. For longer living certificates, it is recommended to use longer keys to provide more encryption protection. Allowed values: RSA2048, RSA4096, EC256, EC384.

  • Constraints: The default value is RSA2048. The maximum length is 7 characters. The minimum length is 5 characters. The value must match regular expression /^(RSA2048|RSA4096|EC256|EC384)$/.
labels string[]
Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 30 items. The minimum length is 0 items.
locksTotal number
(Integer) The number of locks of the secret.

  • Constraints: The maximum value is 1000. The minimum value is 0.
name string
The human-readable name of your secret.

  • Constraints: The maximum length is 256 characters. The minimum length is 2 characters. The value must match regular expression ^[A-Za-z0-9_][A-Za-z0-9_]*(?:_*-*\.*[A-Za-z0-9]*)*[A-Za-z0-9]+$.
privateKey string
(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
region string
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
rotation SmPublicCertificateRotation
Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for rotation:
secretGroupId string
A UUID identifier, or default secret group.

  • Constraints: The maximum length is 36 characters. The minimum length is 7 characters. The value must match regular expression /^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/.
secretId string
The unique identifier of the PublicCertificate.
secretType string
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
serialNumber string
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 2 characters. The value must match regular expression /[^a-fA-F0-9]/.
signingAlgorithm string
(String) The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign a certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters.
smPublicCertificateId string
state number
(Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.

  • Constraints: Allowable values are: 0, 1, 2, 3, 5.
stateDescription string
(String) A text representation of the secret state.

  • Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.
timeouts SmPublicCertificateTimeouts
updatedAt string
(String) The date when a resource was recently modified. The date format follows RFC 3339.
validities SmPublicCertificateValidity[]
(List) The date and time that the certificate validity period begins and ends. Nested scheme for validity:
versionCustomMetadata {[key: string]: string}
The secret version metadata that a user can customize.
versionsTotal number
(Integer) The number of versions of the secret.

  • Constraints: The maximum value is 50. The minimum value is 0.
akamai SmPublicCertificateAkamaiArgs
The data required in order to use Akamai as the manual DNS provider. You can choose between two authentication methods: using .edgerc file or directly providing your Akamai's credentials. For more information see here Nested scheme for akamai:
alt_names Sequence[str]
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
bundle_certs bool
Indicates whether the issued certificate is bundled with intermediate certificates.
ca str
The name of the certificate authority configuration.
certificate str
(Forces new resource, String) The PEM-encoded contents of your certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
common_name str
The Common Name (AKA CN) represents the server name protected by the SSL certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters. The value must match regular expression /^(\\*\\.)?(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])\\.?$/.
created_at str
(String) The date when a resource was created. The date format follows RFC 3339.
created_by str
(String) The unique identifier that is associated with the entity that created the secret.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters.
crn str
(String) A CRN that uniquely identifies an IBM Cloud resource.

  • Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression /^crn:v0-9*+,;=@\/]|%[0-9A-Z]{2})*){8}$/.
custom_metadata Mapping[str, str]
The secret metadata that a user can customize.
description str
An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.

  • Constraints: The maximum length is 1024 characters. The minimum length is 0 characters. The value must match regular expression /(.*?)/.
dns str
The name of the DNS provider configuration.
downloaded bool
(Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.
endpoint_type str
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
expiration_date str
The date a secret is expired. The date format follows RFC 3339.
instance_id str
The GUID of the Secrets Manager instance.
intermediate str
(Forces new resource, String) (Optional) The PEM-encoded intermediate certificate to associate with the root certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
issuance_infos Sequence[SmPublicCertificateIssuanceInfoArgs]
(List) Issuance information that is associated with your certificate. Nested scheme for issuance_info:
issuer str
(Forces new resource, String) The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
key_algorithm str
(Forces new resource, String) The identifier for the cryptographic algorithm to be used to generate the public key that is associated with the certificate.The algorithm that you select determines the encryption algorithm (RSA or ECDSA) and key size to be used to generate keys and sign certificates. For longer living certificates, it is recommended to use longer keys to provide more encryption protection. Allowed values: RSA2048, RSA4096, EC256, EC384.

  • Constraints: The default value is RSA2048. The maximum length is 7 characters. The minimum length is 5 characters. The value must match regular expression /^(RSA2048|RSA4096|EC256|EC384)$/.
labels Sequence[str]
Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 30 items. The minimum length is 0 items.
locks_total float
(Integer) The number of locks of the secret.

  • Constraints: The maximum value is 1000. The minimum value is 0.
name str
The human-readable name of your secret.

  • Constraints: The maximum length is 256 characters. The minimum length is 2 characters. The value must match regular expression ^[A-Za-z0-9_][A-Za-z0-9_]*(?:_*-*\.*[A-Za-z0-9]*)*[A-Za-z0-9]+$.
private_key str
(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
region str
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
rotation SmPublicCertificateRotationArgs
Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for rotation:
secret_group_id str
A UUID identifier, or default secret group.

  • Constraints: The maximum length is 36 characters. The minimum length is 7 characters. The value must match regular expression /^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/.
secret_id str
The unique identifier of the PublicCertificate.
secret_type str
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
serial_number str
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 2 characters. The value must match regular expression /[^a-fA-F0-9]/.
signing_algorithm str
(String) The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign a certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters.
sm_public_certificate_id str
state float
(Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.

  • Constraints: Allowable values are: 0, 1, 2, 3, 5.
state_description str
(String) A text representation of the secret state.

  • Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.
timeouts SmPublicCertificateTimeoutsArgs
updated_at str
(String) The date when a resource was recently modified. The date format follows RFC 3339.
validities Sequence[SmPublicCertificateValidityArgs]
(List) The date and time that the certificate validity period begins and ends. Nested scheme for validity:
version_custom_metadata Mapping[str, str]
The secret version metadata that a user can customize.
versions_total float
(Integer) The number of versions of the secret.

  • Constraints: The maximum value is 50. The minimum value is 0.
akamai Property Map
The data required in order to use Akamai as the manual DNS provider. You can choose between two authentication methods: using .edgerc file or directly providing your Akamai's credentials. For more information see here Nested scheme for akamai:
altNames List<String>
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
bundleCerts Boolean
Indicates whether the issued certificate is bundled with intermediate certificates.
ca String
The name of the certificate authority configuration.
certificate String
(Forces new resource, String) The PEM-encoded contents of your certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
commonName String
The Common Name (AKA CN) represents the server name protected by the SSL certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters. The value must match regular expression /^(\\*\\.)?(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])\\.?$/.
createdAt String
(String) The date when a resource was created. The date format follows RFC 3339.
createdBy String
(String) The unique identifier that is associated with the entity that created the secret.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters.
crn String
(String) A CRN that uniquely identifies an IBM Cloud resource.

  • Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression /^crn:v0-9*+,;=@\/]|%[0-9A-Z]{2})*){8}$/.
customMetadata Map<String>
The secret metadata that a user can customize.
description String
An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.

  • Constraints: The maximum length is 1024 characters. The minimum length is 0 characters. The value must match regular expression /(.*?)/.
dns String
The name of the DNS provider configuration.
downloaded Boolean
(Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.
endpointType String
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
expirationDate String
The date a secret is expired. The date format follows RFC 3339.
instanceId String
The GUID of the Secrets Manager instance.
intermediate String
(Forces new resource, String) (Optional) The PEM-encoded intermediate certificate to associate with the root certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
issuanceInfos List<Property Map>
(List) Issuance information that is associated with your certificate. Nested scheme for issuance_info:
issuer String
(Forces new resource, String) The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
keyAlgorithm String
(Forces new resource, String) The identifier for the cryptographic algorithm to be used to generate the public key that is associated with the certificate.The algorithm that you select determines the encryption algorithm (RSA or ECDSA) and key size to be used to generate keys and sign certificates. For longer living certificates, it is recommended to use longer keys to provide more encryption protection. Allowed values: RSA2048, RSA4096, EC256, EC384.

  • Constraints: The default value is RSA2048. The maximum length is 7 characters. The minimum length is 5 characters. The value must match regular expression /^(RSA2048|RSA4096|EC256|EC384)$/.
labels List<String>
Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 30 items. The minimum length is 0 items.
locksTotal Number
(Integer) The number of locks of the secret.

  • Constraints: The maximum value is 1000. The minimum value is 0.
name String
The human-readable name of your secret.

  • Constraints: The maximum length is 256 characters. The minimum length is 2 characters. The value must match regular expression ^[A-Za-z0-9_][A-Za-z0-9_]*(?:_*-*\.*[A-Za-z0-9]*)*[A-Za-z0-9]+$.
privateKey String
(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
region String
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
rotation Property Map
Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for rotation:
secretGroupId String
A UUID identifier, or default secret group.

  • Constraints: The maximum length is 36 characters. The minimum length is 7 characters. The value must match regular expression /^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/.
secretId String
The unique identifier of the PublicCertificate.
secretType String
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
serialNumber String
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 2 characters. The value must match regular expression /[^a-fA-F0-9]/.
signingAlgorithm String
(String) The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign a certificate.

  • Constraints: The maximum length is 64 characters. The minimum length is 4 characters.
smPublicCertificateId String
state Number
(Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.

  • Constraints: Allowable values are: 0, 1, 2, 3, 5.
stateDescription String
(String) A text representation of the secret state.

  • Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.
timeouts Property Map
updatedAt String
(String) The date when a resource was recently modified. The date format follows RFC 3339.
validities List<Property Map>
(List) The date and time that the certificate validity period begins and ends. Nested scheme for validity:
versionCustomMetadata Map<String>
The secret version metadata that a user can customize.
versionsTotal Number
(Integer) The number of versions of the secret.

  • Constraints: The maximum value is 50. The minimum value is 0.

Supporting Types

SmPublicCertificateAkamai
, SmPublicCertificateAkamaiArgs

Config SmPublicCertificateAkamaiConfig
Directly using your Akamai's authentication credentials. Nested scheme for config:
Edgerc SmPublicCertificateAkamaiEdgerc
Using .edgerc file as the authentication method. Nested scheme for edgerc:
Config SmPublicCertificateAkamaiConfig
Directly using your Akamai's authentication credentials. Nested scheme for config:
Edgerc SmPublicCertificateAkamaiEdgerc
Using .edgerc file as the authentication method. Nested scheme for edgerc:
config SmPublicCertificateAkamaiConfig
Directly using your Akamai's authentication credentials. Nested scheme for config:
edgerc SmPublicCertificateAkamaiEdgerc
Using .edgerc file as the authentication method. Nested scheme for edgerc:
config SmPublicCertificateAkamaiConfig
Directly using your Akamai's authentication credentials. Nested scheme for config:
edgerc SmPublicCertificateAkamaiEdgerc
Using .edgerc file as the authentication method. Nested scheme for edgerc:
config SmPublicCertificateAkamaiConfig
Directly using your Akamai's authentication credentials. Nested scheme for config:
edgerc SmPublicCertificateAkamaiEdgerc
Using .edgerc file as the authentication method. Nested scheme for edgerc:
config Property Map
Directly using your Akamai's authentication credentials. Nested scheme for config:
edgerc Property Map
Using .edgerc file as the authentication method. Nested scheme for edgerc:

SmPublicCertificateAkamaiConfig
, SmPublicCertificateAkamaiConfigArgs

AccessToken string
Akamai's authentication credentials.
ClientSecret string
Akamai's authentication credentials.
ClientToken string
Akamai's authentication credentials.
Host string
Akamai's authentication credentials.
AccessToken string
Akamai's authentication credentials.
ClientSecret string
Akamai's authentication credentials.
ClientToken string
Akamai's authentication credentials.
Host string
Akamai's authentication credentials.
accessToken String
Akamai's authentication credentials.
clientSecret String
Akamai's authentication credentials.
clientToken String
Akamai's authentication credentials.
host String
Akamai's authentication credentials.
accessToken string
Akamai's authentication credentials.
clientSecret string
Akamai's authentication credentials.
clientToken string
Akamai's authentication credentials.
host string
Akamai's authentication credentials.
access_token str
Akamai's authentication credentials.
client_secret str
Akamai's authentication credentials.
client_token str
Akamai's authentication credentials.
host str
Akamai's authentication credentials.
accessToken String
Akamai's authentication credentials.
clientSecret String
Akamai's authentication credentials.
clientToken String
Akamai's authentication credentials.
host String
Akamai's authentication credentials.

SmPublicCertificateAkamaiEdgerc
, SmPublicCertificateAkamaiEdgercArgs

ConfigSection string
The section of the edgerc file to use. Default is default.
PathToEdgerc string
Path to Akamai's configuration file.
ConfigSection string
The section of the edgerc file to use. Default is default.
PathToEdgerc string
Path to Akamai's configuration file.
configSection String
The section of the edgerc file to use. Default is default.
pathToEdgerc String
Path to Akamai's configuration file.
configSection string
The section of the edgerc file to use. Default is default.
pathToEdgerc string
Path to Akamai's configuration file.
config_section str
The section of the edgerc file to use. Default is default.
path_to_edgerc str
Path to Akamai's configuration file.
configSection String
The section of the edgerc file to use. Default is default.
pathToEdgerc String
Path to Akamai's configuration file.

SmPublicCertificateIssuanceInfo
, SmPublicCertificateIssuanceInfoArgs

AutoRotated This property is required. bool
(Boolean) Indicates whether the issued certificate is configured with an automatic rotation policy.
Challenges This property is required. List<SmPublicCertificateIssuanceInfoChallenge>
(List) The set of challenges. It is returned only when ordering public certificates by using manual DNS configuration.

  • Constraints: The maximum length is 100 items. The minimum length is 1 item. Nested scheme for challenges:
DnsChallengeValidationTime This property is required. string
(String) The date that a user requests to validate DNS challenges for certificates that are ordered with a manual DNS provider. The date format follows RFC 3339.
ErrorCode This property is required. string
(String) A code that identifies an issuance error.This field, along with error_message, is returned when Secrets Manager successfully processes your request, but the certificate authority is unable to issue a certificate.
ErrorMessage This property is required. string
(String) A human-readable message that provides details about the issuance error.
OrderedOn This property is required. string
(String) The date when the certificate is ordered. The date format follows RFC 3339.
State This property is required. double
(Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.

  • Constraints: Allowable values are: 0, 1, 2, 3, 5.
StateDescription This property is required. string
(String) A text representation of the secret state.

  • Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.
AutoRotated This property is required. bool
(Boolean) Indicates whether the issued certificate is configured with an automatic rotation policy.
Challenges This property is required. []SmPublicCertificateIssuanceInfoChallenge
(List) The set of challenges. It is returned only when ordering public certificates by using manual DNS configuration.

  • Constraints: The maximum length is 100 items. The minimum length is 1 item. Nested scheme for challenges:
DnsChallengeValidationTime This property is required. string
(String) The date that a user requests to validate DNS challenges for certificates that are ordered with a manual DNS provider. The date format follows RFC 3339.
ErrorCode This property is required. string
(String) A code that identifies an issuance error.This field, along with error_message, is returned when Secrets Manager successfully processes your request, but the certificate authority is unable to issue a certificate.
ErrorMessage This property is required. string
(String) A human-readable message that provides details about the issuance error.
OrderedOn This property is required. string
(String) The date when the certificate is ordered. The date format follows RFC 3339.
State This property is required. float64
(Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.

  • Constraints: Allowable values are: 0, 1, 2, 3, 5.
StateDescription This property is required. string
(String) A text representation of the secret state.

  • Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.
autoRotated This property is required. Boolean
(Boolean) Indicates whether the issued certificate is configured with an automatic rotation policy.
challenges This property is required. List<SmPublicCertificateIssuanceInfoChallenge>
(List) The set of challenges. It is returned only when ordering public certificates by using manual DNS configuration.

  • Constraints: The maximum length is 100 items. The minimum length is 1 item. Nested scheme for challenges:
dnsChallengeValidationTime This property is required. String
(String) The date that a user requests to validate DNS challenges for certificates that are ordered with a manual DNS provider. The date format follows RFC 3339.
errorCode This property is required. String
(String) A code that identifies an issuance error.This field, along with error_message, is returned when Secrets Manager successfully processes your request, but the certificate authority is unable to issue a certificate.
errorMessage This property is required. String
(String) A human-readable message that provides details about the issuance error.
orderedOn This property is required. String
(String) The date when the certificate is ordered. The date format follows RFC 3339.
state This property is required. Double
(Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.

  • Constraints: Allowable values are: 0, 1, 2, 3, 5.
stateDescription This property is required. String
(String) A text representation of the secret state.

  • Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.
autoRotated This property is required. boolean
(Boolean) Indicates whether the issued certificate is configured with an automatic rotation policy.
challenges This property is required. SmPublicCertificateIssuanceInfoChallenge[]
(List) The set of challenges. It is returned only when ordering public certificates by using manual DNS configuration.

  • Constraints: The maximum length is 100 items. The minimum length is 1 item. Nested scheme for challenges:
dnsChallengeValidationTime This property is required. string
(String) The date that a user requests to validate DNS challenges for certificates that are ordered with a manual DNS provider. The date format follows RFC 3339.
errorCode This property is required. string
(String) A code that identifies an issuance error.This field, along with error_message, is returned when Secrets Manager successfully processes your request, but the certificate authority is unable to issue a certificate.
errorMessage This property is required. string
(String) A human-readable message that provides details about the issuance error.
orderedOn This property is required. string
(String) The date when the certificate is ordered. The date format follows RFC 3339.
state This property is required. number
(Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.

  • Constraints: Allowable values are: 0, 1, 2, 3, 5.
stateDescription This property is required. string
(String) A text representation of the secret state.

  • Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.
auto_rotated This property is required. bool
(Boolean) Indicates whether the issued certificate is configured with an automatic rotation policy.
challenges This property is required. Sequence[SmPublicCertificateIssuanceInfoChallenge]
(List) The set of challenges. It is returned only when ordering public certificates by using manual DNS configuration.

  • Constraints: The maximum length is 100 items. The minimum length is 1 item. Nested scheme for challenges:
dns_challenge_validation_time This property is required. str
(String) The date that a user requests to validate DNS challenges for certificates that are ordered with a manual DNS provider. The date format follows RFC 3339.
error_code This property is required. str
(String) A code that identifies an issuance error.This field, along with error_message, is returned when Secrets Manager successfully processes your request, but the certificate authority is unable to issue a certificate.
error_message This property is required. str
(String) A human-readable message that provides details about the issuance error.
ordered_on This property is required. str
(String) The date when the certificate is ordered. The date format follows RFC 3339.
state This property is required. float
(Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.

  • Constraints: Allowable values are: 0, 1, 2, 3, 5.
state_description This property is required. str
(String) A text representation of the secret state.

  • Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.
autoRotated This property is required. Boolean
(Boolean) Indicates whether the issued certificate is configured with an automatic rotation policy.
challenges This property is required. List<Property Map>
(List) The set of challenges. It is returned only when ordering public certificates by using manual DNS configuration.

  • Constraints: The maximum length is 100 items. The minimum length is 1 item. Nested scheme for challenges:
dnsChallengeValidationTime This property is required. String
(String) The date that a user requests to validate DNS challenges for certificates that are ordered with a manual DNS provider. The date format follows RFC 3339.
errorCode This property is required. String
(String) A code that identifies an issuance error.This field, along with error_message, is returned when Secrets Manager successfully processes your request, but the certificate authority is unable to issue a certificate.
errorMessage This property is required. String
(String) A human-readable message that provides details about the issuance error.
orderedOn This property is required. String
(String) The date when the certificate is ordered. The date format follows RFC 3339.
state This property is required. Number
(Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values.

  • Constraints: Allowable values are: 0, 1, 2, 3, 5.
stateDescription This property is required. String
(String) A text representation of the secret state.

  • Constraints: Allowable values are: pre_activation, active, suspended, deactivated, destroyed.

SmPublicCertificateIssuanceInfoChallenge
, SmPublicCertificateIssuanceInfoChallengeArgs

Domain This property is required. string
(String) The challenge domain.
Expiration This property is required. string
(String) The challenge expiration date. The date format follows RFC 3339.
Status This property is required. string
(String) The challenge status.
TxtRecordName This property is required. string
(String) The TXT record name.
TxtRecordValue This property is required. string
(String) The TXT record value.
Domain This property is required. string
(String) The challenge domain.
Expiration This property is required. string
(String) The challenge expiration date. The date format follows RFC 3339.
Status This property is required. string
(String) The challenge status.
TxtRecordName This property is required. string
(String) The TXT record name.
TxtRecordValue This property is required. string
(String) The TXT record value.
domain This property is required. String
(String) The challenge domain.
expiration This property is required. String
(String) The challenge expiration date. The date format follows RFC 3339.
status This property is required. String
(String) The challenge status.
txtRecordName This property is required. String
(String) The TXT record name.
txtRecordValue This property is required. String
(String) The TXT record value.
domain This property is required. string
(String) The challenge domain.
expiration This property is required. string
(String) The challenge expiration date. The date format follows RFC 3339.
status This property is required. string
(String) The challenge status.
txtRecordName This property is required. string
(String) The TXT record name.
txtRecordValue This property is required. string
(String) The TXT record value.
domain This property is required. str
(String) The challenge domain.
expiration This property is required. str
(String) The challenge expiration date. The date format follows RFC 3339.
status This property is required. str
(String) The challenge status.
txt_record_name This property is required. str
(String) The TXT record name.
txt_record_value This property is required. str
(String) The TXT record value.
domain This property is required. String
(String) The challenge domain.
expiration This property is required. String
(String) The challenge expiration date. The date format follows RFC 3339.
status This property is required. String
(String) The challenge status.
txtRecordName This property is required. String
(String) The TXT record name.
txtRecordValue This property is required. String
(String) The TXT record value.

SmPublicCertificateRotation
, SmPublicCertificateRotationArgs

AutoRotate bool
Determines whether Secrets Manager rotates your secret automatically.Default is false.
RotateKeys bool
Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is false. If it is set to true, the service generates and stores a new private key for your rotated certificate.
AutoRotate bool
Determines whether Secrets Manager rotates your secret automatically.Default is false.
RotateKeys bool
Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is false. If it is set to true, the service generates and stores a new private key for your rotated certificate.
autoRotate Boolean
Determines whether Secrets Manager rotates your secret automatically.Default is false.
rotateKeys Boolean
Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is false. If it is set to true, the service generates and stores a new private key for your rotated certificate.
autoRotate boolean
Determines whether Secrets Manager rotates your secret automatically.Default is false.
rotateKeys boolean
Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is false. If it is set to true, the service generates and stores a new private key for your rotated certificate.
auto_rotate bool
Determines whether Secrets Manager rotates your secret automatically.Default is false.
rotate_keys bool
Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is false. If it is set to true, the service generates and stores a new private key for your rotated certificate.
autoRotate Boolean
Determines whether Secrets Manager rotates your secret automatically.Default is false.
rotateKeys Boolean
Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is false. If it is set to true, the service generates and stores a new private key for your rotated certificate.

SmPublicCertificateTimeouts
, SmPublicCertificateTimeoutsArgs

Create string
Create string
create String
create string
create str
create String

SmPublicCertificateValidity
, SmPublicCertificateValidityArgs

NotAfter This property is required. string
(String) The date-time format follows RFC 3339.
NotBefore This property is required. string
(String) The date-time format follows RFC 3339.
NotAfter This property is required. string
(String) The date-time format follows RFC 3339.
NotBefore This property is required. string
(String) The date-time format follows RFC 3339.
notAfter This property is required. String
(String) The date-time format follows RFC 3339.
notBefore This property is required. String
(String) The date-time format follows RFC 3339.
notAfter This property is required. string
(String) The date-time format follows RFC 3339.
notBefore This property is required. string
(String) The date-time format follows RFC 3339.
not_after This property is required. str
(String) The date-time format follows RFC 3339.
not_before This property is required. str
(String) The date-time format follows RFC 3339.
notAfter This property is required. String
(String) The date-time format follows RFC 3339.
notBefore This property is required. String
(String) The date-time format follows RFC 3339.

Import

You can import the ibm_sm_public_certificate resource by using region, instance_id, and secret_id.

For more information, see the documentation

Syntax

bash

$ pulumi import ibm:index/smPublicCertificate:SmPublicCertificate sm_public_certificate <region>/<instance_id>/<secret_id>
Copy

Example

bash

$ pulumi import ibm:index/smPublicCertificate:SmPublicCertificate sm_public_certificate us-east/6ebc4224-e983-496a-8a54-f40a0bfa9175/b49ad24d-81d4-5ebc-b9b9-b0937d1c84d5
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
ibm ibm-cloud/terraform-provider-ibm
License
Notes
This Pulumi package is based on the ibm Terraform Provider.
ibm 1.77.1 published on Monday, Apr 14, 2025 by ibm-cloud
ibm-cloud/terraform-provider-ibm