GetCertificate

Use this data source to access information about an existing Key Vault Certificate.

Example Usage

using Pulumi;
using Azure = Pulumi.Azure;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleKeyVault = Output.Create(Azure.KeyVault.GetKeyVault.InvokeAsync(new Azure.KeyVault.GetKeyVaultArgs
        {
            Name = "examplekv",
            ResourceGroupName = "some-resource-group",
        }));
        var exampleCertificate = exampleKeyVault.Apply(exampleKeyVault => Output.Create(Azure.KeyVault.GetCertificate.InvokeAsync(new Azure.KeyVault.GetCertificateArgs
        {
            Name = "secret-sauce",
            KeyVaultId = exampleKeyVault.Id,
        })));
        this.CertificateThumbprint = exampleCertificate.Apply(exampleCertificate => exampleCertificate.Thumbprint);
    }

    [Output("certificateThumbprint")]
    public Output<string> CertificateThumbprint { get; set; }
}

package main

import (
    "github.com/pulumi/pulumi-azure/sdk/v3/go/azure/keyvault"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        exampleKeyVault, err := keyvault.LookupKeyVault(ctx, &keyvault.LookupKeyVaultArgs{
            Name:              "examplekv",
            ResourceGroupName: "some-resource-group",
        }, nil)
        if err != nil {
            return err
        }
        exampleCertificate, err := keyvault.LookupCertificate(ctx, &keyvault.LookupCertificateArgs{
            Name:       "secret-sauce",
            KeyVaultId: exampleKeyVault.Id,
        }, nil)
        if err != nil {
            return err
        }
        ctx.Export("certificateThumbprint", exampleCertificate.Thumbprint)
        return nil
    })
}

import pulumi
import pulumi_azure as azure

example_key_vault = azure.keyvault.get_key_vault(name="examplekv",
    resource_group_name="some-resource-group")
example_certificate = azure.keyvault.get_certificate(name="secret-sauce",
    key_vault_id=example_key_vault.id)
pulumi.export("certificateThumbprint", example_certificate.thumbprint)

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const exampleKeyVault = azure.keyvault.getKeyVault({
    name: "examplekv",
    resourceGroupName: "some-resource-group",
});
const exampleCertificate = exampleKeyVault.then(exampleKeyVault => azure.keyvault.getCertificate({
    name: "secret-sauce",
    keyVaultId: exampleKeyVault.id,
}));
export const certificateThumbprint = exampleCertificate.then(exampleCertificate => exampleCertificate.thumbprint);

Using GetCertificate

function getCertificate(args: GetCertificateArgs, opts?: InvokeOptions): Promise<GetCertificateResult>

function  get_certificate(key_vault_id=None, name=None, version=None, opts=None)

func LookupCertificate(ctx *Context, args *LookupCertificateArgs, opts ...InvokeOption) (*LookupCertificateResult, error)

public static class GetCertificate {
    public static Task<GetCertificateResult> InvokeAsync(GetCertificateArgs args, InvokeOptions? opts = null)
}

The following arguments are supported:

KeyVaultId string: Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.
Name string: Specifies the name of the Key Vault Secret.
Version string: Specifies the version of the certificate to look up. (Defaults to latest)

KeyVaultId string: Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.
Name string: Specifies the name of the Key Vault Secret.
Version string: Specifies the version of the certificate to look up. (Defaults to latest)

keyVaultId string: Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.
name string: Specifies the name of the Key Vault Secret.
version string: Specifies the version of the certificate to look up. (Defaults to latest)

key_vault_id str: Specifies the ID of the Key Vault instance where the Secret resides, available on the azure.keyvault.KeyVault Data Source / Resource.
name str: Specifies the name of the Key Vault Secret.
version str: Specifies the version of the certificate to look up. (Defaults to latest)

GetCertificate Result

The following output properties are available:

CertificateData string
CertificatePolicies List<GetCertificateCertificatePolicy>: A certificate_policy block as defined below.
Id string: The provider-assigned unique ID for this managed resource.
KeyVaultId string
Name string: The name of the Certificate Issuer.
SecretId string
Tags Dictionary<string, string>: A mapping of tags to assign to the resource.
Thumbprint string
Version string

CertificateData string
CertificatePolicies []GetCertificateCertificatePolicy: A certificate_policy block as defined below.
Id string: The provider-assigned unique ID for this managed resource.
KeyVaultId string
Name string: The name of the Certificate Issuer.
SecretId string
Tags map[string]string: A mapping of tags to assign to the resource.
Thumbprint string
Version string

certificateData string
certificatePolicies GetCertificateCertificatePolicy[]: A certificate_policy block as defined below.
id string: The provider-assigned unique ID for this managed resource.
keyVaultId string
name string: The name of the Certificate Issuer.
secretId string
tags {[key: string]: string}: A mapping of tags to assign to the resource.
thumbprint string
version string

certificate_data str
certificate_policies List[GetCertificateCertificatePolicy]: A certificate_policy block as defined below.
id str: The provider-assigned unique ID for this managed resource.
key_vault_id str
name str: The name of the Certificate Issuer.
secret_id str
tags Dict[str, str]: A mapping of tags to assign to the resource.
thumbprint str
version str

Supporting Types

GetCertificateCertificatePolicy

IssuerParameters List<GetCertificateCertificatePolicyIssuerParameterArgs>: A issuer_parameters block as defined below.
KeyProperties List<GetCertificateCertificatePolicyKeyPropertyArgs>: A key_properties block as defined below.
SecretProperties List<GetCertificateCertificatePolicySecretPropertyArgs>: A secret_properties block as defined below.
X509CertificateProperties List<GetCertificateCertificatePolicyX509CertificatePropertyArgs>: An x509_certificate_properties block as defined below.
LifetimeActions List<GetCertificateCertificatePolicyLifetimeActionArgs>: A lifetime_action block as defined below.

IssuerParameters []GetCertificateCertificatePolicyIssuerParameter: A issuer_parameters block as defined below.
KeyProperties []GetCertificateCertificatePolicyKeyProperty: A key_properties block as defined below.
SecretProperties []GetCertificateCertificatePolicySecretProperty: A secret_properties block as defined below.
X509CertificateProperties []GetCertificateCertificatePolicyX509CertificateProperty: An x509_certificate_properties block as defined below.
LifetimeActions []GetCertificateCertificatePolicyLifetimeAction: A lifetime_action block as defined below.

issuerParameters GetCertificateCertificatePolicyIssuerParameter[]: A issuer_parameters block as defined below.
keyProperties GetCertificateCertificatePolicyKeyProperty[]: A key_properties block as defined below.
secretProperties GetCertificateCertificatePolicySecretProperty[]: A secret_properties block as defined below.
x509CertificateProperties GetCertificateCertificatePolicyX509CertificateProperty[]: An x509_certificate_properties block as defined below.
lifetimeActions GetCertificateCertificatePolicyLifetimeAction[]: A lifetime_action block as defined below.

issuerParameters List[GetCertificateCertificatePolicyIssuerParameter]: A issuer_parameters block as defined below.
key_properties List[GetCertificateCertificatePolicyKeyProperty]: A key_properties block as defined below.
secretProperties List[GetCertificateCertificatePolicySecretProperty]: A secret_properties block as defined below.
x509CertificateProperties List[GetCertificateCertificatePolicyX509CertificateProperty]: An x509_certificate_properties block as defined below.
lifetimeActions List[GetCertificateCertificatePolicyLifetimeAction]: A lifetime_action block as defined below.

GetCertificateCertificatePolicyIssuerParameter

Name string: Specifies the name of the Key Vault Secret.

Name string: Specifies the name of the Key Vault Secret.

name string: Specifies the name of the Key Vault Secret.

name str: Specifies the name of the Key Vault Secret.

GetCertificateCertificatePolicyKeyProperty

Exportable bool: Is this Certificate Exportable?
KeySize int: The size of the Key used in the Certificate.
KeyType string: Specifies the Type of Key, for example RSA.
ReuseKey bool: Is the key reusable?

Exportable bool: Is this Certificate Exportable?
KeySize int: The size of the Key used in the Certificate.
KeyType string: Specifies the Type of Key, for example RSA.
ReuseKey bool: Is the key reusable?

exportable boolean: Is this Certificate Exportable?
keySize number: The size of the Key used in the Certificate.
keyType string: Specifies the Type of Key, for example RSA.
reuseKey boolean: Is the key reusable?

exportable bool: Is this Certificate Exportable?
key_size float: The size of the Key used in the Certificate.
key_type str: Specifies the Type of Key, for example RSA.
reuseKey bool: Is the key reusable?

GetCertificateCertificatePolicyLifetimeAction

Actions List<GetCertificateCertificatePolicyLifetimeActionActionArgs>: A action block as defined below.
Triggers List<GetCertificateCertificatePolicyLifetimeActionTriggerArgs>: A trigger block as defined below.

Actions []GetCertificateCertificatePolicyLifetimeActionAction: A action block as defined below.
Triggers []GetCertificateCertificatePolicyLifetimeActionTrigger: A trigger block as defined below.

actions GetCertificateCertificatePolicyLifetimeActionAction[]: A action block as defined below.
triggers GetCertificateCertificatePolicyLifetimeActionTrigger[]: A trigger block as defined below.

actions List[GetCertificateCertificatePolicyLifetimeActionAction]: A action block as defined below.
triggers List[GetCertificateCertificatePolicyLifetimeActionTrigger]: A trigger block as defined below.

GetCertificateCertificatePolicyLifetimeActionAction

ActionType string: The Type of action to be performed when the lifetime trigger is triggerec.

ActionType string: The Type of action to be performed when the lifetime trigger is triggerec.

actionType string: The Type of action to be performed when the lifetime trigger is triggerec.

actionType str: The Type of action to be performed when the lifetime trigger is triggerec.

GetCertificateCertificatePolicyLifetimeActionTrigger

DaysBeforeExpiry int: The number of days before the Certificate expires that the action associated with this Trigger should run.
LifetimePercentage int: The percentage at which during the Certificates Lifetime the action associated with this Trigger should run.

DaysBeforeExpiry int: The number of days before the Certificate expires that the action associated with this Trigger should run.
LifetimePercentage int: The percentage at which during the Certificates Lifetime the action associated with this Trigger should run.

daysBeforeExpiry number: The number of days before the Certificate expires that the action associated with this Trigger should run.
lifetimePercentage number: The percentage at which during the Certificates Lifetime the action associated with this Trigger should run.

daysBeforeExpiry float: The number of days before the Certificate expires that the action associated with this Trigger should run.
lifetimePercentage float: The percentage at which during the Certificates Lifetime the action associated with this Trigger should run.

GetCertificateCertificatePolicySecretProperty

ContentType string: The Content-Type of the Certificate, for example application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.

ContentType string: The Content-Type of the Certificate, for example application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.

contentType string: The Content-Type of the Certificate, for example application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.

content_type str: The Content-Type of the Certificate, for example application/x-pkcs12 for a PFX or application/x-pem-file for a PEM.

GetCertificateCertificatePolicyX509CertificateProperty

ExtendedKeyUsages List<string>: A list of Extended/Enhanced Key Usages.
KeyUsages List<string>: A list of uses associated with this Key.
Subject string: The Certificate’s Subject.
SubjectAlternativeNames List<GetCertificateCertificatePolicyX509CertificatePropertySubjectAlternativeNameArgs>: A subject_alternative_names block as defined below.
ValidityInMonths int: The Certificates Validity Period in Months.

ExtendedKeyUsages []string: A list of Extended/Enhanced Key Usages.
KeyUsages []string: A list of uses associated with this Key.
Subject string: The Certificate’s Subject.
SubjectAlternativeNames []GetCertificateCertificatePolicyX509CertificatePropertySubjectAlternativeName: A subject_alternative_names block as defined below.
ValidityInMonths int: The Certificates Validity Period in Months.

extendedKeyUsages string[]: A list of Extended/Enhanced Key Usages.
keyUsages string[]: A list of uses associated with this Key.
subject string: The Certificate’s Subject.
subjectAlternativeNames GetCertificateCertificatePolicyX509CertificatePropertySubjectAlternativeName[]: A subject_alternative_names block as defined below.
validityInMonths number: The Certificates Validity Period in Months.

extendedKeyUsages List[str]: A list of Extended/Enhanced Key Usages.
keyUsages List[str]: A list of uses associated with this Key.
subject str: The Certificate’s Subject.
subjectAlternativeNames List[GetCertificateCertificatePolicyX509CertificatePropertySubjectAlternativeName]: A subject_alternative_names block as defined below.
validityInMonths float: The Certificates Validity Period in Months.

GetCertificateCertificatePolicyX509CertificatePropertySubjectAlternativeName

DnsNames List<string>: A list of alternative DNS names (FQDNs) identified by the Certificate.
Emails List<string>: A list of email addresses identified by this Certificate.
Upns List<string>: A list of User Principal Names identified by the Certificate.

DnsNames []string: A list of alternative DNS names (FQDNs) identified by the Certificate.
Emails []string: A list of email addresses identified by this Certificate.
Upns []string: A list of User Principal Names identified by the Certificate.

dnsNames string[]: A list of alternative DNS names (FQDNs) identified by the Certificate.
emails string[]: A list of email addresses identified by this Certificate.
upns string[]: A list of User Principal Names identified by the Certificate.

dnsNames List[str]: A list of alternative DNS names (FQDNs) identified by the Certificate.
emails List[str]: A list of email addresses identified by this Certificate.
upns List[str]: A list of User Principal Names identified by the Certificate.

Package Details

Repository: https://github.com/pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

GetCertificate

Example Usage

Using GetCertificate

GetCertificate Result

Supporting Types

GetCertificateCertificatePolicy

GetCertificateCertificatePolicyIssuerParameter

GetCertificateCertificatePolicyKeyProperty

GetCertificateCertificatePolicyLifetimeAction

GetCertificateCertificatePolicyLifetimeActionAction

GetCertificateCertificatePolicyLifetimeActionTrigger

GetCertificateCertificatePolicySecretProperty

GetCertificateCertificatePolicyX509CertificateProperty

GetCertificateCertificatePolicyX509CertificatePropertySubjectAlternativeName

Package Details

On This Page