Docs Home
HashiCorp Vault v6.6.0 published on Thursday, Mar 13, 2025 by Pulumi
vault.pkiSecret.SecretBackendRootCert
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const test = new vault.pkisecret.SecretBackendRootCert("test", {
backend: pki.path,
type: "internal",
commonName: "Root CA",
ttl: "315360000",
format: "pem",
privateKeyFormat: "der",
keyType: "rsa",
keyBits: 4096,
excludeCnFromSans: true,
ou: "My OU",
organization: "My organization",
}, {
dependsOn: [pki],
});
import pulumi
import pulumi_vault as vault
test = vault.pki_secret.SecretBackendRootCert("test",
backend=pki["path"],
type="internal",
common_name="Root CA",
ttl="315360000",
format="pem",
private_key_format="der",
key_type="rsa",
key_bits=4096,
exclude_cn_from_sans=True,
ou="My OU",
organization="My organization",
opts = pulumi.ResourceOptions(depends_on=[pki]))
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/pkisecret"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := pkisecret.NewSecretBackendRootCert(ctx, "test", &pkisecret.SecretBackendRootCertArgs{
Backend: pulumi.Any(pki.Path),
Type: pulumi.String("internal"),
CommonName: pulumi.String("Root CA"),
Ttl: pulumi.String("315360000"),
Format: pulumi.String("pem"),
PrivateKeyFormat: pulumi.String("der"),
KeyType: pulumi.String("rsa"),
KeyBits: pulumi.Int(4096),
ExcludeCnFromSans: pulumi.Bool(true),
Ou: pulumi.String("My OU"),
Organization: pulumi.String("My organization"),
}, pulumi.DependsOn([]pulumi.Resource{
pki,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var test = new Vault.PkiSecret.SecretBackendRootCert("test", new()
{
Backend = pki.Path,
Type = "internal",
CommonName = "Root CA",
Ttl = "315360000",
Format = "pem",
PrivateKeyFormat = "der",
KeyType = "rsa",
KeyBits = 4096,
ExcludeCnFromSans = true,
Ou = "My OU",
Organization = "My organization",
}, new CustomResourceOptions
{
DependsOn =
{
pki,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.pkiSecret.SecretBackendRootCert;
import com.pulumi.vault.pkiSecret.SecretBackendRootCertArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new SecretBackendRootCert("test", SecretBackendRootCertArgs.builder()
.backend(pki.path())
.type("internal")
.commonName("Root CA")
.ttl("315360000")
.format("pem")
.privateKeyFormat("der")
.keyType("rsa")
.keyBits(4096)
.excludeCnFromSans(true)
.ou("My OU")
.organization("My organization")
.build(), CustomResourceOptions.builder()
.dependsOn(pki)
.build());
}
}
resources:
test:
type: vault:pkiSecret:SecretBackendRootCert
properties:
backend: ${pki.path}
type: internal
commonName: Root CA
ttl: '315360000'
format: pem
privateKeyFormat: der
keyType: rsa
keyBits: 4096
excludeCnFromSans: true
ou: My OU
organization: My organization
options:
dependsOn:
- ${pki}
Create SecretBackendRootCert Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecretBackendRootCert(name: string, args: SecretBackendRootCertArgs, opts?: CustomResourceOptions);@overload
def SecretBackendRootCert(resource_name: str,
args: SecretBackendRootCertArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecretBackendRootCert(resource_name: str,
opts: Optional[ResourceOptions] = None,
type: Optional[str] = None,
backend: Optional[str] = None,
common_name: Optional[str] = None,
managed_key_name: Optional[str] = None,
namespace: Optional[str] = None,
excluded_dns_domains: Optional[Sequence[str]] = None,
excluded_email_addresses: Optional[Sequence[str]] = None,
excluded_ip_ranges: Optional[Sequence[str]] = None,
excluded_uri_domains: Optional[Sequence[str]] = None,
format: Optional[str] = None,
ip_sans: Optional[Sequence[str]] = None,
issuer_name: Optional[str] = None,
key_bits: Optional[int] = None,
not_after: Optional[str] = None,
key_ref: Optional[str] = None,
key_type: Optional[str] = None,
locality: Optional[str] = None,
managed_key_id: Optional[str] = None,
alt_names: Optional[Sequence[str]] = None,
exclude_cn_from_sans: Optional[bool] = None,
max_path_length: Optional[int] = None,
key_name: Optional[str] = None,
organization: Optional[str] = None,
other_sans: Optional[Sequence[str]] = None,
ou: Optional[str] = None,
permitted_dns_domains: Optional[Sequence[str]] = None,
permitted_email_addresses: Optional[Sequence[str]] = None,
permitted_ip_ranges: Optional[Sequence[str]] = None,
permitted_uri_domains: Optional[Sequence[str]] = None,
postal_code: Optional[str] = None,
private_key_format: Optional[str] = None,
province: Optional[str] = None,
signature_bits: Optional[int] = None,
street_address: Optional[str] = None,
ttl: Optional[str] = None,
country: Optional[str] = None,
uri_sans: Optional[Sequence[str]] = None)func NewSecretBackendRootCert(ctx *Context, name string, args SecretBackendRootCertArgs, opts ...ResourceOption) (*SecretBackendRootCert, error)public SecretBackendRootCert(string name, SecretBackendRootCertArgs args, CustomResourceOptions? opts = null)
public SecretBackendRootCert(String name, SecretBackendRootCertArgs args)
public SecretBackendRootCert(String name, SecretBackendRootCertArgs args, CustomResourceOptions options)
type: vault:pkiSecret:SecretBackendRootCert
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecretBackendRootCertArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecretBackendRootCertArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecretBackendRootCertArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecretBackendRootCertArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecretBackendRootCertArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var secretBackendRootCertResource = new Vault.PkiSecret.SecretBackendRootCert("secretBackendRootCertResource", new()
{
Type = "string",
Backend = "string",
CommonName = "string",
ManagedKeyName = "string",
Namespace = "string",
ExcludedDnsDomains = new[]
{
"string",
},
ExcludedEmailAddresses = new[]
{
"string",
},
ExcludedIpRanges = new[]
{
"string",
},
ExcludedUriDomains = new[]
{
"string",
},
Format = "string",
IpSans = new[]
{
"string",
},
IssuerName = "string",
KeyBits = 0,
NotAfter = "string",
KeyRef = "string",
KeyType = "string",
Locality = "string",
ManagedKeyId = "string",
AltNames = new[]
{
"string",
},
ExcludeCnFromSans = false,
MaxPathLength = 0,
KeyName = "string",
Organization = "string",
OtherSans = new[]
{
"string",
},
Ou = "string",
PermittedDnsDomains = new[]
{
"string",
},
PermittedEmailAddresses = new[]
{
"string",
},
PermittedIpRanges = new[]
{
"string",
},
PermittedUriDomains = new[]
{
"string",
},
PostalCode = "string",
PrivateKeyFormat = "string",
Province = "string",
SignatureBits = 0,
StreetAddress = "string",
Ttl = "string",
Country = "string",
UriSans = new[]
{
"string",
},
});
example, err := pkiSecret.NewSecretBackendRootCert(ctx, "secretBackendRootCertResource", &pkiSecret.SecretBackendRootCertArgs{
Type: pulumi.String("string"),
Backend: pulumi.String("string"),
CommonName: pulumi.String("string"),
ManagedKeyName: pulumi.String("string"),
Namespace: pulumi.String("string"),
ExcludedDnsDomains: pulumi.StringArray{
pulumi.String("string"),
},
ExcludedEmailAddresses: pulumi.StringArray{
pulumi.String("string"),
},
ExcludedIpRanges: pulumi.StringArray{
pulumi.String("string"),
},
ExcludedUriDomains: pulumi.StringArray{
pulumi.String("string"),
},
Format: pulumi.String("string"),
IpSans: pulumi.StringArray{
pulumi.String("string"),
},
IssuerName: pulumi.String("string"),
KeyBits: pulumi.Int(0),
NotAfter: pulumi.String("string"),
KeyRef: pulumi.String("string"),
KeyType: pulumi.String("string"),
Locality: pulumi.String("string"),
ManagedKeyId: pulumi.String("string"),
AltNames: pulumi.StringArray{
pulumi.String("string"),
},
ExcludeCnFromSans: pulumi.Bool(false),
MaxPathLength: pulumi.Int(0),
KeyName: pulumi.String("string"),
Organization: pulumi.String("string"),
OtherSans: pulumi.StringArray{
pulumi.String("string"),
},
Ou: pulumi.String("string"),
PermittedDnsDomains: pulumi.StringArray{
pulumi.String("string"),
},
PermittedEmailAddresses: pulumi.StringArray{
pulumi.String("string"),
},
PermittedIpRanges: pulumi.StringArray{
pulumi.String("string"),
},
PermittedUriDomains: pulumi.StringArray{
pulumi.String("string"),
},
PostalCode: pulumi.String("string"),
PrivateKeyFormat: pulumi.String("string"),
Province: pulumi.String("string"),
SignatureBits: pulumi.Int(0),
StreetAddress: pulumi.String("string"),
Ttl: pulumi.String("string"),
Country: pulumi.String("string"),
UriSans: pulumi.StringArray{
pulumi.String("string"),
},
})
var secretBackendRootCertResource = new SecretBackendRootCert("secretBackendRootCertResource", SecretBackendRootCertArgs.builder()
.type("string")
.backend("string")
.commonName("string")
.managedKeyName("string")
.namespace("string")
.excludedDnsDomains("string")
.excludedEmailAddresses("string")
.excludedIpRanges("string")
.excludedUriDomains("string")
.format("string")
.ipSans("string")
.issuerName("string")
.keyBits(0)
.notAfter("string")
.keyRef("string")
.keyType("string")
.locality("string")
.managedKeyId("string")
.altNames("string")
.excludeCnFromSans(false)
.maxPathLength(0)
.keyName("string")
.organization("string")
.otherSans("string")
.ou("string")
.permittedDnsDomains("string")
.permittedEmailAddresses("string")
.permittedIpRanges("string")
.permittedUriDomains("string")
.postalCode("string")
.privateKeyFormat("string")
.province("string")
.signatureBits(0)
.streetAddress("string")
.ttl("string")
.country("string")
.uriSans("string")
.build());
secret_backend_root_cert_resource = vault.pki_secret.SecretBackendRootCert("secretBackendRootCertResource",
type="string",
backend="string",
common_name="string",
managed_key_name="string",
namespace="string",
excluded_dns_domains=["string"],
excluded_email_addresses=["string"],
excluded_ip_ranges=["string"],
excluded_uri_domains=["string"],
format="string",
ip_sans=["string"],
issuer_name="string",
key_bits=0,
not_after="string",
key_ref="string",
key_type="string",
locality="string",
managed_key_id="string",
alt_names=["string"],
exclude_cn_from_sans=False,
max_path_length=0,
key_name="string",
organization="string",
other_sans=["string"],
ou="string",
permitted_dns_domains=["string"],
permitted_email_addresses=["string"],
permitted_ip_ranges=["string"],
permitted_uri_domains=["string"],
postal_code="string",
private_key_format="string",
province="string",
signature_bits=0,
street_address="string",
ttl="string",
country="string",
uri_sans=["string"])
const secretBackendRootCertResource = new vault.pkisecret.SecretBackendRootCert("secretBackendRootCertResource", {
type: "string",
backend: "string",
commonName: "string",
managedKeyName: "string",
namespace: "string",
excludedDnsDomains: ["string"],
excludedEmailAddresses: ["string"],
excludedIpRanges: ["string"],
excludedUriDomains: ["string"],
format: "string",
ipSans: ["string"],
issuerName: "string",
keyBits: 0,
notAfter: "string",
keyRef: "string",
keyType: "string",
locality: "string",
managedKeyId: "string",
altNames: ["string"],
excludeCnFromSans: false,
maxPathLength: 0,
keyName: "string",
organization: "string",
otherSans: ["string"],
ou: "string",
permittedDnsDomains: ["string"],
permittedEmailAddresses: ["string"],
permittedIpRanges: ["string"],
permittedUriDomains: ["string"],
postalCode: "string",
privateKeyFormat: "string",
province: "string",
signatureBits: 0,
streetAddress: "string",
ttl: "string",
country: "string",
uriSans: ["string"],
});
type: vault:pkiSecret:SecretBackendRootCert
properties:
altNames:
- string
backend: string
commonName: string
country: string
excludeCnFromSans: false
excludedDnsDomains:
- string
excludedEmailAddresses:
- string
excludedIpRanges:
- string
excludedUriDomains:
- string
format: string
ipSans:
- string
issuerName: string
keyBits: 0
keyName: string
keyRef: string
keyType: string
locality: string
managedKeyId: string
managedKeyName: string
maxPathLength: 0
namespace: string
notAfter: string
organization: string
otherSans:
- string
ou: string
permittedDnsDomains:
- string
permittedEmailAddresses:
- string
permittedIpRanges:
- string
permittedUriDomains:
- string
postalCode: string
privateKeyFormat: string
province: string
signatureBits: 0
streetAddress: string
ttl: string
type: string
uriSans:
- string
SecretBackendRootCert Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecretBackendRootCert resource accepts the following input properties:
- Backend string
- The PKI secret backend the resource belongs to.
- Common
Name string - CN of intermediate to create
- Type string
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- Alt
Names List<string> - List of alternative names
- Country string
- The country
- Exclude
Cn boolFrom Sans - Flag to exclude CN from SANs
- Excluded
Dns List<string>Domains - List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- Excluded
Email List<string>Addresses - List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- Excluded
Ip List<string>Ranges - List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- Excluded
Uri List<string>Domains - List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- Format string
- The format of data
- Ip
Sans List<string> - List of alternative IPs
- Issuer
Name string - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - Key
Bits int - The number of bits to use
- Key
Name string - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - Key
Ref string - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - Key
Type string - The desired key type
- Locality string
- The locality
- Managed
Key stringId - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - Managed
Key stringName - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - Max
Path intLength - The maximum path length to encode in the generated certificate
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Not
After string - Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
- Organization string
- The organization
- Other
Sans List<string> - List of other SANs
- Ou string
- The organization unit
- Permitted
Dns List<string>Domains - List of domains for which certificates are allowed to be issued
- Permitted
Email List<string>Addresses - List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
- Permitted
Ip List<string>Ranges - List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
- Permitted
Uri List<string>Domains - List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
- Postal
Code string - The postal code
- Private
Key stringFormat - The private key format
- Province string
- The province
- Signature
Bits int - The number of bits to use in the signature algorithm
- Street
Address string - The street address
- Ttl string
- Time to live
- Uri
Sans List<string> - List of alternative URIs
- Backend string
- The PKI secret backend the resource belongs to.
- Common
Name string - CN of intermediate to create
- Type string
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- Alt
Names []string - List of alternative names
- Country string
- The country
- Exclude
Cn boolFrom Sans - Flag to exclude CN from SANs
- Excluded
Dns []stringDomains - List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- Excluded
Email []stringAddresses - List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- Excluded
Ip []stringRanges - List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- Excluded
Uri []stringDomains - List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- Format string
- The format of data
- Ip
Sans []string - List of alternative IPs
- Issuer
Name string - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - Key
Bits int - The number of bits to use
- Key
Name string - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - Key
Ref string - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - Key
Type string - The desired key type
- Locality string
- The locality
- Managed
Key stringId - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - Managed
Key stringName - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - Max
Path intLength - The maximum path length to encode in the generated certificate
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Not
After string - Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
- Organization string
- The organization
- Other
Sans []string - List of other SANs
- Ou string
- The organization unit
- Permitted
Dns []stringDomains - List of domains for which certificates are allowed to be issued
- Permitted
Email []stringAddresses - List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
- Permitted
Ip []stringRanges - List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
- Permitted
Uri []stringDomains - List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
- Postal
Code string - The postal code
- Private
Key stringFormat - The private key format
- Province string
- The province
- Signature
Bits int - The number of bits to use in the signature algorithm
- Street
Address string - The street address
- Ttl string
- Time to live
- Uri
Sans []string - List of alternative URIs
- backend String
- The PKI secret backend the resource belongs to.
- common
Name String - CN of intermediate to create
- type String
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- alt
Names List<String> - List of alternative names
- country String
- The country
- exclude
Cn BooleanFrom Sans - Flag to exclude CN from SANs
- excluded
Dns List<String>Domains - List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded
Email List<String>Addresses - List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded
Ip List<String>Ranges - List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded
Uri List<String>Domains - List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- format String
- The format of data
- ip
Sans List<String> - List of alternative IPs
- issuer
Name String - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - key
Bits Integer - The number of bits to use
- key
Name String - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - key
Ref String - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - key
Type String - The desired key type
- locality String
- The locality
- managed
Key StringId - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - managed
Key StringName - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - max
Path IntegerLength - The maximum path length to encode in the generated certificate
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - not
After String - Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
- organization String
- The organization
- other
Sans List<String> - List of other SANs
- ou String
- The organization unit
- permitted
Dns List<String>Domains - List of domains for which certificates are allowed to be issued
- permitted
Email List<String>Addresses - List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
- permitted
Ip List<String>Ranges - List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
- permitted
Uri List<String>Domains - List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
- postal
Code String - The postal code
- private
Key StringFormat - The private key format
- province String
- The province
- signature
Bits Integer - The number of bits to use in the signature algorithm
- street
Address String - The street address
- ttl String
- Time to live
- uri
Sans List<String> - List of alternative URIs
- backend string
- The PKI secret backend the resource belongs to.
- common
Name string - CN of intermediate to create
- type string
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- alt
Names string[] - List of alternative names
- country string
- The country
- exclude
Cn booleanFrom Sans - Flag to exclude CN from SANs
- excluded
Dns string[]Domains - List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded
Email string[]Addresses - List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded
Ip string[]Ranges - List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded
Uri string[]Domains - List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- format string
- The format of data
- ip
Sans string[] - List of alternative IPs
- issuer
Name string - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - key
Bits number - The number of bits to use
- key
Name string - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - key
Ref string - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - key
Type string - The desired key type
- locality string
- The locality
- managed
Key stringId - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - managed
Key stringName - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - max
Path numberLength - The maximum path length to encode in the generated certificate
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - not
After string - Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
- organization string
- The organization
- other
Sans string[] - List of other SANs
- ou string
- The organization unit
- permitted
Dns string[]Domains - List of domains for which certificates are allowed to be issued
- permitted
Email string[]Addresses - List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
- permitted
Ip string[]Ranges - List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
- permitted
Uri string[]Domains - List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
- postal
Code string - The postal code
- private
Key stringFormat - The private key format
- province string
- The province
- signature
Bits number - The number of bits to use in the signature algorithm
- street
Address string - The street address
- ttl string
- Time to live
- uri
Sans string[] - List of alternative URIs
- backend str
- The PKI secret backend the resource belongs to.
- common_
name str - CN of intermediate to create
- type str
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- alt_
names Sequence[str] - List of alternative names
- country str
- The country
- exclude_
cn_ boolfrom_ sans - Flag to exclude CN from SANs
- excluded_
dns_ Sequence[str]domains - List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded_
email_ Sequence[str]addresses - List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded_
ip_ Sequence[str]ranges - List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded_
uri_ Sequence[str]domains - List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- format str
- The format of data
- ip_
sans Sequence[str] - List of alternative IPs
- issuer_
name str - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - key_
bits int - The number of bits to use
- key_
name str - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - key_
ref str - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - key_
type str - The desired key type
- locality str
- The locality
- managed_
key_ strid - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - managed_
key_ strname - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - max_
path_ intlength - The maximum path length to encode in the generated certificate
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - not_
after str - Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
- organization str
- The organization
- other_
sans Sequence[str] - List of other SANs
- ou str
- The organization unit
- permitted_
dns_ Sequence[str]domains - List of domains for which certificates are allowed to be issued
- permitted_
email_ Sequence[str]addresses - List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
- permitted_
ip_ Sequence[str]ranges - List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
- permitted_
uri_ Sequence[str]domains - List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
- postal_
code str - The postal code
- private_
key_ strformat - The private key format
- province str
- The province
- signature_
bits int - The number of bits to use in the signature algorithm
- street_
address str - The street address
- ttl str
- Time to live
- uri_
sans Sequence[str] - List of alternative URIs
- backend String
- The PKI secret backend the resource belongs to.
- common
Name String - CN of intermediate to create
- type String
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- alt
Names List<String> - List of alternative names
- country String
- The country
- exclude
Cn BooleanFrom Sans - Flag to exclude CN from SANs
- excluded
Dns List<String>Domains - List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded
Email List<String>Addresses - List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded
Ip List<String>Ranges - List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded
Uri List<String>Domains - List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- format String
- The format of data
- ip
Sans List<String> - List of alternative IPs
- issuer
Name String - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - key
Bits Number - The number of bits to use
- key
Name String - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - key
Ref String - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - key
Type String - The desired key type
- locality String
- The locality
- managed
Key StringId - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - managed
Key StringName - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - max
Path NumberLength - The maximum path length to encode in the generated certificate
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - not
After String - Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
- organization String
- The organization
- other
Sans List<String> - List of other SANs
- ou String
- The organization unit
- permitted
Dns List<String>Domains - List of domains for which certificates are allowed to be issued
- permitted
Email List<String>Addresses - List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
- permitted
Ip List<String>Ranges - List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
- permitted
Uri List<String>Domains - List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
- postal
Code String - The postal code
- private
Key StringFormat - The private key format
- province String
- The province
- signature
Bits Number - The number of bits to use in the signature algorithm
- street
Address String - The street address
- ttl String
- Time to live
- uri
Sans List<String> - List of alternative URIs
Outputs
All input properties are implicitly available as output properties. Additionally, the SecretBackendRootCert resource produces the following output properties:
- Certificate string
- The certificate.
- Id string
- The provider-assigned unique ID for this managed resource.
- Issuer
Id string - The ID of the generated issuer.
- Issuing
Ca string - The issuing CA certificate.
- Key
Id string - The ID of the generated key.
- Serial
Number string - The certificate's serial number, hex formatted.
- Certificate string
- The certificate.
- Id string
- The provider-assigned unique ID for this managed resource.
- Issuer
Id string - The ID of the generated issuer.
- Issuing
Ca string - The issuing CA certificate.
- Key
Id string - The ID of the generated key.
- Serial
Number string - The certificate's serial number, hex formatted.
- certificate String
- The certificate.
- id String
- The provider-assigned unique ID for this managed resource.
- issuer
Id String - The ID of the generated issuer.
- issuing
Ca String - The issuing CA certificate.
- key
Id String - The ID of the generated key.
- serial
Number String - The certificate's serial number, hex formatted.
- certificate string
- The certificate.
- id string
- The provider-assigned unique ID for this managed resource.
- issuer
Id string - The ID of the generated issuer.
- issuing
Ca string - The issuing CA certificate.
- key
Id string - The ID of the generated key.
- serial
Number string - The certificate's serial number, hex formatted.
- certificate str
- The certificate.
- id str
- The provider-assigned unique ID for this managed resource.
- issuer_
id str - The ID of the generated issuer.
- issuing_
ca str - The issuing CA certificate.
- key_
id str - The ID of the generated key.
- serial_
number str - The certificate's serial number, hex formatted.
- certificate String
- The certificate.
- id String
- The provider-assigned unique ID for this managed resource.
- issuer
Id String - The ID of the generated issuer.
- issuing
Ca String - The issuing CA certificate.
- key
Id String - The ID of the generated key.
- serial
Number String - The certificate's serial number, hex formatted.
Look up Existing SecretBackendRootCert Resource
Get an existing SecretBackendRootCert resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecretBackendRootCertState, opts?: CustomResourceOptions): SecretBackendRootCert@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
alt_names: Optional[Sequence[str]] = None,
backend: Optional[str] = None,
certificate: Optional[str] = None,
common_name: Optional[str] = None,
country: Optional[str] = None,
exclude_cn_from_sans: Optional[bool] = None,
excluded_dns_domains: Optional[Sequence[str]] = None,
excluded_email_addresses: Optional[Sequence[str]] = None,
excluded_ip_ranges: Optional[Sequence[str]] = None,
excluded_uri_domains: Optional[Sequence[str]] = None,
format: Optional[str] = None,
ip_sans: Optional[Sequence[str]] = None,
issuer_id: Optional[str] = None,
issuer_name: Optional[str] = None,
issuing_ca: Optional[str] = None,
key_bits: Optional[int] = None,
key_id: Optional[str] = None,
key_name: Optional[str] = None,
key_ref: Optional[str] = None,
key_type: Optional[str] = None,
locality: Optional[str] = None,
managed_key_id: Optional[str] = None,
managed_key_name: Optional[str] = None,
max_path_length: Optional[int] = None,
namespace: Optional[str] = None,
not_after: Optional[str] = None,
organization: Optional[str] = None,
other_sans: Optional[Sequence[str]] = None,
ou: Optional[str] = None,
permitted_dns_domains: Optional[Sequence[str]] = None,
permitted_email_addresses: Optional[Sequence[str]] = None,
permitted_ip_ranges: Optional[Sequence[str]] = None,
permitted_uri_domains: Optional[Sequence[str]] = None,
postal_code: Optional[str] = None,
private_key_format: Optional[str] = None,
province: Optional[str] = None,
serial_number: Optional[str] = None,
signature_bits: Optional[int] = None,
street_address: Optional[str] = None,
ttl: Optional[str] = None,
type: Optional[str] = None,
uri_sans: Optional[Sequence[str]] = None) -> SecretBackendRootCertfunc GetSecretBackendRootCert(ctx *Context, name string, id IDInput, state *SecretBackendRootCertState, opts ...ResourceOption) (*SecretBackendRootCert, error)public static SecretBackendRootCert Get(string name, Input<string> id, SecretBackendRootCertState? state, CustomResourceOptions? opts = null)public static SecretBackendRootCert get(String name, Output<String> id, SecretBackendRootCertState state, CustomResourceOptions options)resources: _: type: vault:pkiSecret:SecretBackendRootCert get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Alt
Names List<string> - List of alternative names
- Backend string
- The PKI secret backend the resource belongs to.
- Certificate string
- The certificate.
- Common
Name string - CN of intermediate to create
- Country string
- The country
- Exclude
Cn boolFrom Sans - Flag to exclude CN from SANs
- Excluded
Dns List<string>Domains - List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- Excluded
Email List<string>Addresses - List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- Excluded
Ip List<string>Ranges - List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- Excluded
Uri List<string>Domains - List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- Format string
- The format of data
- Ip
Sans List<string> - List of alternative IPs
- Issuer
Id string - The ID of the generated issuer.
- Issuer
Name string - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - Issuing
Ca string - The issuing CA certificate.
- Key
Bits int - The number of bits to use
- Key
Id string - The ID of the generated key.
- Key
Name string - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - Key
Ref string - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - Key
Type string - The desired key type
- Locality string
- The locality
- Managed
Key stringId - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - Managed
Key stringName - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - Max
Path intLength - The maximum path length to encode in the generated certificate
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Not
After string - Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
- Organization string
- The organization
- Other
Sans List<string> - List of other SANs
- Ou string
- The organization unit
- Permitted
Dns List<string>Domains - List of domains for which certificates are allowed to be issued
- Permitted
Email List<string>Addresses - List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
- Permitted
Ip List<string>Ranges - List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
- Permitted
Uri List<string>Domains - List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
- Postal
Code string - The postal code
- Private
Key stringFormat - The private key format
- Province string
- The province
- Serial
Number string - The certificate's serial number, hex formatted.
- Signature
Bits int - The number of bits to use in the signature algorithm
- Street
Address string - The street address
- Ttl string
- Time to live
- Type string
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- Uri
Sans List<string> - List of alternative URIs
- Alt
Names []string - List of alternative names
- Backend string
- The PKI secret backend the resource belongs to.
- Certificate string
- The certificate.
- Common
Name string - CN of intermediate to create
- Country string
- The country
- Exclude
Cn boolFrom Sans - Flag to exclude CN from SANs
- Excluded
Dns []stringDomains - List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- Excluded
Email []stringAddresses - List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- Excluded
Ip []stringRanges - List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- Excluded
Uri []stringDomains - List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- Format string
- The format of data
- Ip
Sans []string - List of alternative IPs
- Issuer
Id string - The ID of the generated issuer.
- Issuer
Name string - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - Issuing
Ca string - The issuing CA certificate.
- Key
Bits int - The number of bits to use
- Key
Id string - The ID of the generated key.
- Key
Name string - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - Key
Ref string - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - Key
Type string - The desired key type
- Locality string
- The locality
- Managed
Key stringId - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - Managed
Key stringName - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - Max
Path intLength - The maximum path length to encode in the generated certificate
- Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - Not
After string - Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
- Organization string
- The organization
- Other
Sans []string - List of other SANs
- Ou string
- The organization unit
- Permitted
Dns []stringDomains - List of domains for which certificates are allowed to be issued
- Permitted
Email []stringAddresses - List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
- Permitted
Ip []stringRanges - List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
- Permitted
Uri []stringDomains - List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
- Postal
Code string - The postal code
- Private
Key stringFormat - The private key format
- Province string
- The province
- Serial
Number string - The certificate's serial number, hex formatted.
- Signature
Bits int - The number of bits to use in the signature algorithm
- Street
Address string - The street address
- Ttl string
- Time to live
- Type string
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- Uri
Sans []string - List of alternative URIs
- alt
Names List<String> - List of alternative names
- backend String
- The PKI secret backend the resource belongs to.
- certificate String
- The certificate.
- common
Name String - CN of intermediate to create
- country String
- The country
- exclude
Cn BooleanFrom Sans - Flag to exclude CN from SANs
- excluded
Dns List<String>Domains - List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded
Email List<String>Addresses - List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded
Ip List<String>Ranges - List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded
Uri List<String>Domains - List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- format String
- The format of data
- ip
Sans List<String> - List of alternative IPs
- issuer
Id String - The ID of the generated issuer.
- issuer
Name String - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - issuing
Ca String - The issuing CA certificate.
- key
Bits Integer - The number of bits to use
- key
Id String - The ID of the generated key.
- key
Name String - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - key
Ref String - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - key
Type String - The desired key type
- locality String
- The locality
- managed
Key StringId - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - managed
Key StringName - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - max
Path IntegerLength - The maximum path length to encode in the generated certificate
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - not
After String - Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
- organization String
- The organization
- other
Sans List<String> - List of other SANs
- ou String
- The organization unit
- permitted
Dns List<String>Domains - List of domains for which certificates are allowed to be issued
- permitted
Email List<String>Addresses - List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
- permitted
Ip List<String>Ranges - List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
- permitted
Uri List<String>Domains - List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
- postal
Code String - The postal code
- private
Key StringFormat - The private key format
- province String
- The province
- serial
Number String - The certificate's serial number, hex formatted.
- signature
Bits Integer - The number of bits to use in the signature algorithm
- street
Address String - The street address
- ttl String
- Time to live
- type String
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- uri
Sans List<String> - List of alternative URIs
- alt
Names string[] - List of alternative names
- backend string
- The PKI secret backend the resource belongs to.
- certificate string
- The certificate.
- common
Name string - CN of intermediate to create
- country string
- The country
- exclude
Cn booleanFrom Sans - Flag to exclude CN from SANs
- excluded
Dns string[]Domains - List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded
Email string[]Addresses - List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded
Ip string[]Ranges - List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded
Uri string[]Domains - List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- format string
- The format of data
- ip
Sans string[] - List of alternative IPs
- issuer
Id string - The ID of the generated issuer.
- issuer
Name string - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - issuing
Ca string - The issuing CA certificate.
- key
Bits number - The number of bits to use
- key
Id string - The ID of the generated key.
- key
Name string - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - key
Ref string - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - key
Type string - The desired key type
- locality string
- The locality
- managed
Key stringId - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - managed
Key stringName - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - max
Path numberLength - The maximum path length to encode in the generated certificate
- namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - not
After string - Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
- organization string
- The organization
- other
Sans string[] - List of other SANs
- ou string
- The organization unit
- permitted
Dns string[]Domains - List of domains for which certificates are allowed to be issued
- permitted
Email string[]Addresses - List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
- permitted
Ip string[]Ranges - List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
- permitted
Uri string[]Domains - List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
- postal
Code string - The postal code
- private
Key stringFormat - The private key format
- province string
- The province
- serial
Number string - The certificate's serial number, hex formatted.
- signature
Bits number - The number of bits to use in the signature algorithm
- street
Address string - The street address
- ttl string
- Time to live
- type string
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- uri
Sans string[] - List of alternative URIs
- alt_
names Sequence[str] - List of alternative names
- backend str
- The PKI secret backend the resource belongs to.
- certificate str
- The certificate.
- common_
name str - CN of intermediate to create
- country str
- The country
- exclude_
cn_ boolfrom_ sans - Flag to exclude CN from SANs
- excluded_
dns_ Sequence[str]domains - List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded_
email_ Sequence[str]addresses - List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded_
ip_ Sequence[str]ranges - List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded_
uri_ Sequence[str]domains - List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- format str
- The format of data
- ip_
sans Sequence[str] - List of alternative IPs
- issuer_
id str - The ID of the generated issuer.
- issuer_
name str - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - issuing_
ca str - The issuing CA certificate.
- key_
bits int - The number of bits to use
- key_
id str - The ID of the generated key.
- key_
name str - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - key_
ref str - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - key_
type str - The desired key type
- locality str
- The locality
- managed_
key_ strid - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - managed_
key_ strname - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - max_
path_ intlength - The maximum path length to encode in the generated certificate
- namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - not_
after str - Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
- organization str
- The organization
- other_
sans Sequence[str] - List of other SANs
- ou str
- The organization unit
- permitted_
dns_ Sequence[str]domains - List of domains for which certificates are allowed to be issued
- permitted_
email_ Sequence[str]addresses - List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
- permitted_
ip_ Sequence[str]ranges - List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
- permitted_
uri_ Sequence[str]domains - List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
- postal_
code str - The postal code
- private_
key_ strformat - The private key format
- province str
- The province
- serial_
number str - The certificate's serial number, hex formatted.
- signature_
bits int - The number of bits to use in the signature algorithm
- street_
address str - The street address
- ttl str
- Time to live
- type str
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- uri_
sans Sequence[str] - List of alternative URIs
- alt
Names List<String> - List of alternative names
- backend String
- The PKI secret backend the resource belongs to.
- certificate String
- The certificate.
- common
Name String - CN of intermediate to create
- country String
- The country
- exclude
Cn BooleanFrom Sans - Flag to exclude CN from SANs
- excluded
Dns List<String>Domains - List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded
Email List<String>Addresses - List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded
Ip List<String>Ranges - List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- excluded
Uri List<String>Domains - List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
- format String
- The format of data
- ip
Sans List<String> - List of alternative IPs
- issuer
Id String - The ID of the generated issuer.
- issuer
Name String - Provides a name to the specified issuer. The name must be unique
across all issuers and not be the reserved value
default - issuing
Ca String - The issuing CA certificate.
- key
Bits Number - The number of bits to use
- key
Id String - The ID of the generated key.
- key
Name String - When a new key is created with this request, optionally specifies
the name for this. The global ref
defaultmay not be used as a name. - key
Ref String - Specifies the key (either default, by name, or by identifier) to use
for generating this request. Only suitable for
type=existingrequests. - key
Type String - The desired key type
- locality String
- The locality
- managed
Key StringId - The ID of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_name - managed
Key StringName - The name of the previously configured managed key. This field is
required if
typeiskmsand it conflicts withmanaged_key_id - max
Path NumberLength - The maximum path length to encode in the generated certificate
- namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespaceis always relative to the provider's configured namespace. Available only for Vault Enterprise. - not
After String - Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
- organization String
- The organization
- other
Sans List<String> - List of other SANs
- ou String
- The organization unit
- permitted
Dns List<String>Domains - List of domains for which certificates are allowed to be issued
- permitted
Email List<String>Addresses - List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
- permitted
Ip List<String>Ranges - List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
- permitted
Uri List<String>Domains - List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
- postal
Code String - The postal code
- private
Key StringFormat - The private key format
- province String
- The province
- serial
Number String - The certificate's serial number, hex formatted.
- signature
Bits Number - The number of bits to use in the signature algorithm
- street
Address String - The street address
- ttl String
- Time to live
- type String
- Type of intermediate to create. Must be either "exported", "internal" or "kms"
- uri
Sans List<String> - List of alternative URIs
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vaultTerraform Provider.