Module pkiSecret
This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the
pulumi/pulumi-vaultrepo; however, if that doesn’t turn up anything, please consult the sourceterraform-providers/terraform-provider-vaultrepo.
Resources
- SecretBackend
- SecretBackendCert
- SecretBackendConfigCa
- SecretBackendConfigUrls
- SecretBackendCrlConfig
- SecretBackendIntermediateCertRequest
- SecretBackendIntermediateSetSigned
- SecretBackendRole
- SecretBackendRootCert
- SecretBackendRootSignIntermediate
- SecretBackendSign
Others
- SecretBackendArgs
- SecretBackendCertArgs
- SecretBackendCertState
- SecretBackendConfigCaArgs
- SecretBackendConfigCaState
- SecretBackendConfigUrlsArgs
- SecretBackendConfigUrlsState
- SecretBackendCrlConfigArgs
- SecretBackendCrlConfigState
- SecretBackendIntermediateCertRequestArgs
- SecretBackendIntermediateCertRequestState
- SecretBackendIntermediateSetSignedArgs
- SecretBackendIntermediateSetSignedState
- SecretBackendRoleArgs
- SecretBackendRoleState
- SecretBackendRootCertArgs
- SecretBackendRootCertState
- SecretBackendRootSignIntermediateArgs
- SecretBackendRootSignIntermediateState
- SecretBackendSignArgs
- SecretBackendSignState
- SecretBackendState
Resources
Resource SecretBackend
class SecretBackend extends CustomResourceCreates an PKI Secret Backend for Vault. PKI secret backends can then issue certificates, once a role has been added to the backend.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const pki = new vault.pkiSecret.SecretBackend("pki", {
defaultLeaseTtlSeconds: 3600,
maxLeaseTtlSeconds: 86400,
path: "pki",
});constructor
new SecretBackend(name: string, args: SecretBackendArgs, opts?: pulumi.CustomResourceOptions)Create a SecretBackend resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretBackendState, opts?: pulumi.CustomResourceOptions): SecretBackendGet an existing SecretBackend resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is SecretBackendReturns true if the given object is an instance of SecretBackend. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property defaultLeaseTtlSeconds
public defaultLeaseTtlSeconds: pulumi.Output<number>;The default TTL for credentials issued by this backend.
property description
public description: pulumi.Output<string | undefined>;A human-friendly description for this backend.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property maxLeaseTtlSeconds
public maxLeaseTtlSeconds: pulumi.Output<number>;The maximum TTL that can be requested for credentials issued by this backend.
property path
public path: pulumi.Output<string>;The unique path this backend should be mounted at. Must not begin or end with a /.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource SecretBackendCert
class SecretBackendCert extends CustomResourceconstructor
new SecretBackendCert(name: string, args: SecretBackendCertArgs, opts?: pulumi.CustomResourceOptions)Create a SecretBackendCert resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretBackendCertState, opts?: pulumi.CustomResourceOptions): SecretBackendCertGet an existing SecretBackendCert resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is SecretBackendCertReturns true if the given object is an instance of SecretBackendCert. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property altNames
public altNames: pulumi.Output<string[] | undefined>;List of alternative names
property autoRenew
public autoRenew: pulumi.Output<boolean | undefined>;If set to true, certs will be renewed if the expiration is within minSecondsRemaining. Default false
property backend
public backend: pulumi.Output<string>;The PKI secret backend the resource belongs to.
property caChain
public caChain: pulumi.Output<string>;The CA chain
property certificate
public certificate: pulumi.Output<string>;The certificate
property commonName
public commonName: pulumi.Output<string>;CN of certificate to create
property excludeCnFromSans
public excludeCnFromSans: pulumi.Output<boolean | undefined>;Flag to exclude CN from SANs
property expiration
public expiration: pulumi.Output<number>;The expiration date of the certificate in unix epoch format
property format
public format: pulumi.Output<string | undefined>;The format of data
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property ipSans
public ipSans: pulumi.Output<string[] | undefined>;List of alternative IPs
property issuingCa
public issuingCa: pulumi.Output<string>;The issuing CA
property minSecondsRemaining
public minSecondsRemaining: pulumi.Output<number | undefined>;Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
property name
public name: pulumi.Output<string>;Name of the role to create the certificate against
property otherSans
public otherSans: pulumi.Output<string[] | undefined>;List of other SANs
property privateKey
public privateKey: pulumi.Output<string>;The private key
property privateKeyFormat
public privateKeyFormat: pulumi.Output<string | undefined>;The private key format
property privateKeyType
public privateKeyType: pulumi.Output<string>;The private key type
property serialNumber
public serialNumber: pulumi.Output<string>;The serial number
property ttl
public ttl: pulumi.Output<string | undefined>;Time to live
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource SecretBackendConfigCa
class SecretBackendConfigCa extends CustomResourceconstructor
new SecretBackendConfigCa(name: string, args: SecretBackendConfigCaArgs, opts?: pulumi.CustomResourceOptions)Create a SecretBackendConfigCa resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretBackendConfigCaState, opts?: pulumi.CustomResourceOptions): SecretBackendConfigCaGet an existing SecretBackendConfigCa resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is SecretBackendConfigCaReturns true if the given object is an instance of SecretBackendConfigCa. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property backend
public backend: pulumi.Output<string>;The PKI secret backend the resource belongs to.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property pemBundle
public pemBundle: pulumi.Output<string>;The key and certificate PEM bundle
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource SecretBackendConfigUrls
class SecretBackendConfigUrls extends CustomResourceAllows setting the issuing certificate endpoints, CRL distribution points, and OCSP server endpoints that will be encoded into issued certificates.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const pki = new vault.pkiSecret.SecretBackend("pki", {
defaultLeaseTtlSeconds: 3600,
maxLeaseTtlSeconds: 86400,
path: "%s",
});
const configUrls = new vault.pkiSecret.SecretBackendConfigUrls("configUrls", {
backend: pki.path,
issuingCertificates: ["http://127.0.0.1:8200/v1/pki/ca"],
});constructor
new SecretBackendConfigUrls(name: string, args: SecretBackendConfigUrlsArgs, opts?: pulumi.CustomResourceOptions)Create a SecretBackendConfigUrls resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretBackendConfigUrlsState, opts?: pulumi.CustomResourceOptions): SecretBackendConfigUrlsGet an existing SecretBackendConfigUrls resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is SecretBackendConfigUrlsReturns true if the given object is an instance of SecretBackendConfigUrls. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property backend
public backend: pulumi.Output<string>;The path the PKI secret backend is mounted at, with no leading or trailing /s.
property crlDistributionPoints
public crlDistributionPoints: pulumi.Output<string[] | undefined>;Specifies the URL values for the CRL Distribution Points field.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property issuingCertificates
public issuingCertificates: pulumi.Output<string[] | undefined>;Specifies the URL values for the Issuing Certificate field.
property ocspServers
public ocspServers: pulumi.Output<string[] | undefined>;Specifies the URL values for the OCSP Servers field.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource SecretBackendCrlConfig
class SecretBackendCrlConfig extends CustomResourceAllows setting the duration for which the generated CRL should be marked valid. If the CRL is disabled, it will return a signed but zero-length CRL for any request. If enabled, it will re-build the CRL.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const pki = new vault.Mount("pki", {
defaultLeaseTtlSeconds: 3600,
maxLeaseTtlSeconds: 86400,
path: "%s",
type: "pki",
});
const crlConfig = new vault.pkiSecret.SecretBackendCrlConfig("crlConfig", {
backend: pki.path,
disable: false,
expiry: "72h",
});constructor
new SecretBackendCrlConfig(name: string, args: SecretBackendCrlConfigArgs, opts?: pulumi.CustomResourceOptions)Create a SecretBackendCrlConfig resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretBackendCrlConfigState, opts?: pulumi.CustomResourceOptions): SecretBackendCrlConfigGet an existing SecretBackendCrlConfig resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is SecretBackendCrlConfigReturns true if the given object is an instance of SecretBackendCrlConfig. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property backend
public backend: pulumi.Output<string>;The path the PKI secret backend is mounted at, with no leading or trailing /s.
property disable
public disable: pulumi.Output<boolean | undefined>;Disables or enables CRL building.
property expiry
public expiry: pulumi.Output<string | undefined>;Specifies the time until expiration.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource SecretBackendIntermediateCertRequest
class SecretBackendIntermediateCertRequest extends CustomResourceconstructor
new SecretBackendIntermediateCertRequest(name: string, args: SecretBackendIntermediateCertRequestArgs, opts?: pulumi.CustomResourceOptions)Create a SecretBackendIntermediateCertRequest resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretBackendIntermediateCertRequestState, opts?: pulumi.CustomResourceOptions): SecretBackendIntermediateCertRequestGet an existing SecretBackendIntermediateCertRequest resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is SecretBackendIntermediateCertRequestReturns true if the given object is an instance of SecretBackendIntermediateCertRequest. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property altNames
public altNames: pulumi.Output<string[] | undefined>;List of alternative names
property backend
public backend: pulumi.Output<string>;The PKI secret backend the resource belongs to.
property commonName
public commonName: pulumi.Output<string>;CN of intermediate to create
property country
public country: pulumi.Output<string | undefined>;The country
property csr
public csr: pulumi.Output<string>;The CSR
property excludeCnFromSans
public excludeCnFromSans: pulumi.Output<boolean | undefined>;Flag to exclude CN from SANs
property format
public format: pulumi.Output<string | undefined>;The format of data
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property ipSans
public ipSans: pulumi.Output<string[] | undefined>;List of alternative IPs
property keyBits
public keyBits: pulumi.Output<number | undefined>;The number of bits to use
property keyType
public keyType: pulumi.Output<string | undefined>;The desired key type
property locality
public locality: pulumi.Output<string | undefined>;The locality
property organization
public organization: pulumi.Output<string | undefined>;The organization
property otherSans
public otherSans: pulumi.Output<string[] | undefined>;List of other SANs
property ou
public ou: pulumi.Output<string | undefined>;The organization unit
property postalCode
public postalCode: pulumi.Output<string | undefined>;The postal code
property privateKey
public privateKey: pulumi.Output<string>;The private key
property privateKeyFormat
public privateKeyFormat: pulumi.Output<string | undefined>;The private key format
property privateKeyType
public privateKeyType: pulumi.Output<string>;The private key type
property province
public province: pulumi.Output<string | undefined>;The province
property streetAddress
public streetAddress: pulumi.Output<string | undefined>;The street address
property type
public type: pulumi.Output<string>;Type of intermediate to create. Must be either \“exported\” or \“internal\”
property uriSans
public uriSans: pulumi.Output<string[] | undefined>;List of alternative URIs
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource SecretBackendIntermediateSetSigned
class SecretBackendIntermediateSetSigned extends CustomResourceconstructor
new SecretBackendIntermediateSetSigned(name: string, args: SecretBackendIntermediateSetSignedArgs, opts?: pulumi.CustomResourceOptions)Create a SecretBackendIntermediateSetSigned resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretBackendIntermediateSetSignedState, opts?: pulumi.CustomResourceOptions): SecretBackendIntermediateSetSignedGet an existing SecretBackendIntermediateSetSigned resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is SecretBackendIntermediateSetSignedReturns true if the given object is an instance of SecretBackendIntermediateSetSigned. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property backend
public backend: pulumi.Output<string>;The PKI secret backend the resource belongs to.
property certificate
public certificate: pulumi.Output<string>;The certificate
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource SecretBackendRole
class SecretBackendRole extends CustomResourceCreates a role on an PKI Secret Backend for Vault.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const pki = new vault.pkiSecret.SecretBackend("pki", {
defaultLeaseTtlSeconds: 3600,
maxLeaseTtlSeconds: 86400,
path: "%s",
});
const role = new vault.pkiSecret.SecretBackendRole("role", {
backend: pki.path,
});constructor
new SecretBackendRole(name: string, args: SecretBackendRoleArgs, opts?: pulumi.CustomResourceOptions)Create a SecretBackendRole resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretBackendRoleState, opts?: pulumi.CustomResourceOptions): SecretBackendRoleGet an existing SecretBackendRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is SecretBackendRoleReturns true if the given object is an instance of SecretBackendRole. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property allowAnyName
public allowAnyName: pulumi.Output<boolean | undefined>;Flag to allow any name
property allowBareDomains
public allowBareDomains: pulumi.Output<boolean | undefined>;Flag to allow certificates matching the actual domain
property allowGlobDomains
public allowGlobDomains: pulumi.Output<boolean | undefined>;Flag to allow names containing glob patterns.
property allowIpSans
public allowIpSans: pulumi.Output<boolean | undefined>;Flag to allow IP SANs
property allowLocalhost
public allowLocalhost: pulumi.Output<boolean | undefined>;Flag to allow certificates for localhost
property allowSubdomains
public allowSubdomains: pulumi.Output<boolean | undefined>;Flag to allow certificates matching subdomains
property allowedDomains
public allowedDomains: pulumi.Output<string[] | undefined>;List of allowed domains for certificates
property allowedOtherSans
public allowedOtherSans: pulumi.Output<string[] | undefined>;Defines allowed custom SANs
property allowedUriSans
public allowedUriSans: pulumi.Output<string[] | undefined>;Defines allowed URI SANs
property backend
public backend: pulumi.Output<string>;The path the PKI secret backend is mounted at, with no leading or trailing /s.
property basicConstraintsValidForNonCa
public basicConstraintsValidForNonCa: pulumi.Output<boolean | undefined>;Flag to mark basic constraints valid when issuing non-CA certificates
property clientFlag
public clientFlag: pulumi.Output<boolean | undefined>;Flag to specify certificates for client use
property codeSigningFlag
public codeSigningFlag: pulumi.Output<boolean | undefined>;Flag to specify certificates for code signing use
property countries
public countries: pulumi.Output<string[] | undefined>;The country of generated certificates
property emailProtectionFlag
public emailProtectionFlag: pulumi.Output<boolean | undefined>;Flag to specify certificates for email protection use
property enforceHostnames
public enforceHostnames: pulumi.Output<boolean | undefined>;Flag to allow only valid host names
property extKeyUsages
public extKeyUsages: pulumi.Output<string[] | undefined>;Specify the allowed extended key usage constraint on issued certificates
property generateLease
public generateLease: pulumi.Output<boolean | undefined>;Flag to generate leases with certificates
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property keyBits
public keyBits: pulumi.Output<number | undefined>;The number of bits of generated keys
property keyType
public keyType: pulumi.Output<string | undefined>;The type of generated keys
property keyUsages
public keyUsages: pulumi.Output<string[] | undefined>;Specify the allowed key usage constraint on issued certificates
property localities
public localities: pulumi.Output<string[] | undefined>;The locality of generated certificates
property maxTtl
public maxTtl: pulumi.Output<string | undefined>;The maximum TTL
property name
public name: pulumi.Output<string>;The name to identify this role within the backend. Must be unique within the backend.
property noStore
public noStore: pulumi.Output<boolean | undefined>;Flag to not store certificates in the storage backend
property notBeforeDuration
public notBeforeDuration: pulumi.Output<string>;Specifies the duration by which to backdate the NotBefore property.
property organizationUnit
public organizationUnit: pulumi.Output<string[] | undefined>;The organization unit of generated certificates
property organizations
public organizations: pulumi.Output<string[] | undefined>;The organization of generated certificates
property policyIdentifiers
public policyIdentifiers: pulumi.Output<string[] | undefined>;Specify the list of allowed policies IODs
property postalCodes
public postalCodes: pulumi.Output<string[] | undefined>;The postal code of generated certificates
property provinces
public provinces: pulumi.Output<string[] | undefined>;The province of generated certificates
property requireCn
public requireCn: pulumi.Output<boolean | undefined>;Flag to force CN usage
property serverFlag
public serverFlag: pulumi.Output<boolean | undefined>;Flag to specify certificates for server use
property streetAddresses
public streetAddresses: pulumi.Output<string[] | undefined>;The street address of generated certificates
property ttl
public ttl: pulumi.Output<string | undefined>;The TTL
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property useCsrCommonName
public useCsrCommonName: pulumi.Output<boolean | undefined>;Flag to use the CN in the CSR
property useCsrSans
public useCsrSans: pulumi.Output<boolean | undefined>;Flag to use the SANs in the CSR
Resource SecretBackendRootCert
class SecretBackendRootCert extends CustomResourceconstructor
new SecretBackendRootCert(name: string, args: SecretBackendRootCertArgs, opts?: pulumi.CustomResourceOptions)Create a SecretBackendRootCert resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretBackendRootCertState, opts?: pulumi.CustomResourceOptions): SecretBackendRootCertGet an existing SecretBackendRootCert resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is SecretBackendRootCertReturns true if the given object is an instance of SecretBackendRootCert. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property altNames
public altNames: pulumi.Output<string[] | undefined>;List of alternative names
property backend
public backend: pulumi.Output<string>;The PKI secret backend the resource belongs to.
property certificate
public certificate: pulumi.Output<string>;The certificate
property commonName
public commonName: pulumi.Output<string>;CN of intermediate to create
property country
public country: pulumi.Output<string | undefined>;The country
property excludeCnFromSans
public excludeCnFromSans: pulumi.Output<boolean | undefined>;Flag to exclude CN from SANs
property format
public format: pulumi.Output<string | undefined>;The format of data
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property ipSans
public ipSans: pulumi.Output<string[] | undefined>;List of alternative IPs
property issuingCa
public issuingCa: pulumi.Output<string>;The issuing CA
property keyBits
public keyBits: pulumi.Output<number | undefined>;The number of bits to use
property keyType
public keyType: pulumi.Output<string | undefined>;The desired key type
property locality
public locality: pulumi.Output<string | undefined>;The locality
property maxPathLength
public maxPathLength: pulumi.Output<number | undefined>;The maximum path length to encode in the generated certificate
property organization
public organization: pulumi.Output<string | undefined>;The organization
property otherSans
public otherSans: pulumi.Output<string[] | undefined>;List of other SANs
property ou
public ou: pulumi.Output<string | undefined>;The organization unit
property permittedDnsDomains
public permittedDnsDomains: pulumi.Output<string[] | undefined>;List of domains for which certificates are allowed to be issued
property postalCode
public postalCode: pulumi.Output<string | undefined>;The postal code
property privateKeyFormat
public privateKeyFormat: pulumi.Output<string | undefined>;The private key format
property province
public province: pulumi.Output<string | undefined>;The province
property serial
public serial: pulumi.Output<string>;The serial
property streetAddress
public streetAddress: pulumi.Output<string | undefined>;The street address
property ttl
public ttl: pulumi.Output<string | undefined>;Time to live
property type
public type: pulumi.Output<string>;Type of intermediate to create. Must be either \“exported\” or \“internal\”
property uriSans
public uriSans: pulumi.Output<string[] | undefined>;List of alternative URIs
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource SecretBackendRootSignIntermediate
class SecretBackendRootSignIntermediate extends CustomResourceCreates an PKI certificate.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const root = new vault.pkiSecret.SecretBackendRootSignIntermediate("root", {
backend: vault_pki_secret_backend.root.path,
csr: vault_pki_secret_backend_intermediate_cert_request.intermediate.csr,
commonName: "Intermediate CA",
excludeCnFromSans: true,
ou: "My OU",
organization: "My organization",
});constructor
new SecretBackendRootSignIntermediate(name: string, args: SecretBackendRootSignIntermediateArgs, opts?: pulumi.CustomResourceOptions)Create a SecretBackendRootSignIntermediate resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretBackendRootSignIntermediateState, opts?: pulumi.CustomResourceOptions): SecretBackendRootSignIntermediateGet an existing SecretBackendRootSignIntermediate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is SecretBackendRootSignIntermediateReturns true if the given object is an instance of SecretBackendRootSignIntermediate. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property altNames
public altNames: pulumi.Output<string[] | undefined>;List of alternative names
property backend
public backend: pulumi.Output<string>;The PKI secret backend the resource belongs to.
property caChain
public caChain: pulumi.Output<string>;The CA chain
property certificate
public certificate: pulumi.Output<string>;The certificate
property commonName
public commonName: pulumi.Output<string>;CN of intermediate to create
property country
public country: pulumi.Output<string | undefined>;The country
property csr
public csr: pulumi.Output<string>;The CSR
property excludeCnFromSans
public excludeCnFromSans: pulumi.Output<boolean | undefined>;Flag to exclude CN from SANs
property format
public format: pulumi.Output<string | undefined>;The format of data
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property ipSans
public ipSans: pulumi.Output<string[] | undefined>;List of alternative IPs
property issuingCa
public issuingCa: pulumi.Output<string>;The issuing CA
property locality
public locality: pulumi.Output<string | undefined>;The locality
property maxPathLength
public maxPathLength: pulumi.Output<number | undefined>;The maximum path length to encode in the generated certificate
property organization
public organization: pulumi.Output<string | undefined>;The organization
property otherSans
public otherSans: pulumi.Output<string[] | undefined>;List of other SANs
property ou
public ou: pulumi.Output<string | undefined>;The organization unit
property permittedDnsDomains
public permittedDnsDomains: pulumi.Output<string[] | undefined>;List of domains for which certificates are allowed to be issued
property postalCode
public postalCode: pulumi.Output<string | undefined>;The postal code
property province
public province: pulumi.Output<string | undefined>;The province
property serial
public serial: pulumi.Output<string>;The serial
property streetAddress
public streetAddress: pulumi.Output<string | undefined>;The street address
property ttl
public ttl: pulumi.Output<string | undefined>;Time to live
property uriSans
public uriSans: pulumi.Output<string[] | undefined>;List of alternative URIs
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property useCsrValues
public useCsrValues: pulumi.Output<boolean | undefined>;Preserve CSR values
Resource SecretBackendSign
class SecretBackendSign extends CustomResourceconstructor
new SecretBackendSign(name: string, args: SecretBackendSignArgs, opts?: pulumi.CustomResourceOptions)Create a SecretBackendSign resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretBackendSignState, opts?: pulumi.CustomResourceOptions): SecretBackendSignGet an existing SecretBackendSign resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is SecretBackendSignReturns true if the given object is an instance of SecretBackendSign. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property altNames
public altNames: pulumi.Output<string[] | undefined>;List of alternative names
property autoRenew
public autoRenew: pulumi.Output<boolean | undefined>;If set to true, certs will be renewed if the expiration is within minSecondsRemaining. Default false
property backend
public backend: pulumi.Output<string>;The PKI secret backend the resource belongs to.
property caChains
public caChains: pulumi.Output<string[]>;The CA chain
property certificate
public certificate: pulumi.Output<string>;The certificate
property commonName
public commonName: pulumi.Output<string>;CN of certificate to create
property csr
public csr: pulumi.Output<string>;The CSR
property excludeCnFromSans
public excludeCnFromSans: pulumi.Output<boolean | undefined>;Flag to exclude CN from SANs
property expiration
public expiration: pulumi.Output<number>;The expiration date of the certificate in unix epoch format
property format
public format: pulumi.Output<string | undefined>;The format of data
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property ipSans
public ipSans: pulumi.Output<string[] | undefined>;List of alternative IPs
property issuingCa
public issuingCa: pulumi.Output<string>;The issuing CA
property minSecondsRemaining
public minSecondsRemaining: pulumi.Output<number | undefined>;Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
property name
public name: pulumi.Output<string>;Name of the role to create the certificate against
property otherSans
public otherSans: pulumi.Output<string[] | undefined>;List of other SANs
property serial
public serial: pulumi.Output<string>;The serial
property ttl
public ttl: pulumi.Output<string | undefined>;Time to live
property uriSans
public uriSans: pulumi.Output<string[] | undefined>;List of alterative URIs
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Others
interface SecretBackendArgs
interface SecretBackendArgsThe set of arguments for constructing a SecretBackend resource.
property defaultLeaseTtlSeconds
defaultLeaseTtlSeconds?: pulumi.Input<number>;The default TTL for credentials issued by this backend.
property description
description?: pulumi.Input<string>;A human-friendly description for this backend.
property maxLeaseTtlSeconds
maxLeaseTtlSeconds?: pulumi.Input<number>;The maximum TTL that can be requested for credentials issued by this backend.
property path
path: pulumi.Input<string>;The unique path this backend should be mounted at. Must not begin or end with a /.
interface SecretBackendCertArgs
interface SecretBackendCertArgsThe set of arguments for constructing a SecretBackendCert resource.
property altNames
altNames?: pulumi.Input<pulumi.Input<string>[]>;List of alternative names
property autoRenew
autoRenew?: pulumi.Input<boolean>;If set to true, certs will be renewed if the expiration is within minSecondsRemaining. Default false
property backend
backend: pulumi.Input<string>;The PKI secret backend the resource belongs to.
property commonName
commonName: pulumi.Input<string>;CN of certificate to create
property excludeCnFromSans
excludeCnFromSans?: pulumi.Input<boolean>;Flag to exclude CN from SANs
property format
format?: pulumi.Input<string>;The format of data
property ipSans
ipSans?: pulumi.Input<pulumi.Input<string>[]>;List of alternative IPs
property minSecondsRemaining
minSecondsRemaining?: pulumi.Input<number>;Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
property name
name?: pulumi.Input<string>;Name of the role to create the certificate against
property otherSans
otherSans?: pulumi.Input<pulumi.Input<string>[]>;List of other SANs
property privateKeyFormat
privateKeyFormat?: pulumi.Input<string>;The private key format
property ttl
ttl?: pulumi.Input<string>;Time to live
interface SecretBackendCertState
interface SecretBackendCertStateInput properties used for looking up and filtering SecretBackendCert resources.
property altNames
altNames?: pulumi.Input<pulumi.Input<string>[]>;List of alternative names
property autoRenew
autoRenew?: pulumi.Input<boolean>;If set to true, certs will be renewed if the expiration is within minSecondsRemaining. Default false
property backend
backend?: pulumi.Input<string>;The PKI secret backend the resource belongs to.
property caChain
caChain?: pulumi.Input<string>;The CA chain
property certificate
certificate?: pulumi.Input<string>;The certificate
property commonName
commonName?: pulumi.Input<string>;CN of certificate to create
property excludeCnFromSans
excludeCnFromSans?: pulumi.Input<boolean>;Flag to exclude CN from SANs
property expiration
expiration?: pulumi.Input<number>;The expiration date of the certificate in unix epoch format
property format
format?: pulumi.Input<string>;The format of data
property ipSans
ipSans?: pulumi.Input<pulumi.Input<string>[]>;List of alternative IPs
property issuingCa
issuingCa?: pulumi.Input<string>;The issuing CA
property minSecondsRemaining
minSecondsRemaining?: pulumi.Input<number>;Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
property name
name?: pulumi.Input<string>;Name of the role to create the certificate against
property otherSans
otherSans?: pulumi.Input<pulumi.Input<string>[]>;List of other SANs
property privateKey
privateKey?: pulumi.Input<string>;The private key
property privateKeyFormat
privateKeyFormat?: pulumi.Input<string>;The private key format
property privateKeyType
privateKeyType?: pulumi.Input<string>;The private key type
property serialNumber
serialNumber?: pulumi.Input<string>;The serial number
property ttl
ttl?: pulumi.Input<string>;Time to live
interface SecretBackendConfigCaArgs
interface SecretBackendConfigCaArgsThe set of arguments for constructing a SecretBackendConfigCa resource.
property backend
backend: pulumi.Input<string>;The PKI secret backend the resource belongs to.
property pemBundle
pemBundle: pulumi.Input<string>;The key and certificate PEM bundle
interface SecretBackendConfigCaState
interface SecretBackendConfigCaStateInput properties used for looking up and filtering SecretBackendConfigCa resources.
property backend
backend?: pulumi.Input<string>;The PKI secret backend the resource belongs to.
property pemBundle
pemBundle?: pulumi.Input<string>;The key and certificate PEM bundle
interface SecretBackendConfigUrlsArgs
interface SecretBackendConfigUrlsArgsThe set of arguments for constructing a SecretBackendConfigUrls resource.
property backend
backend: pulumi.Input<string>;The path the PKI secret backend is mounted at, with no leading or trailing /s.
property crlDistributionPoints
crlDistributionPoints?: pulumi.Input<pulumi.Input<string>[]>;Specifies the URL values for the CRL Distribution Points field.
property issuingCertificates
issuingCertificates?: pulumi.Input<pulumi.Input<string>[]>;Specifies the URL values for the Issuing Certificate field.
property ocspServers
ocspServers?: pulumi.Input<pulumi.Input<string>[]>;Specifies the URL values for the OCSP Servers field.
interface SecretBackendConfigUrlsState
interface SecretBackendConfigUrlsStateInput properties used for looking up and filtering SecretBackendConfigUrls resources.
property backend
backend?: pulumi.Input<string>;The path the PKI secret backend is mounted at, with no leading or trailing /s.
property crlDistributionPoints
crlDistributionPoints?: pulumi.Input<pulumi.Input<string>[]>;Specifies the URL values for the CRL Distribution Points field.
property issuingCertificates
issuingCertificates?: pulumi.Input<pulumi.Input<string>[]>;Specifies the URL values for the Issuing Certificate field.
property ocspServers
ocspServers?: pulumi.Input<pulumi.Input<string>[]>;Specifies the URL values for the OCSP Servers field.
interface SecretBackendCrlConfigArgs
interface SecretBackendCrlConfigArgsThe set of arguments for constructing a SecretBackendCrlConfig resource.
property backend
backend: pulumi.Input<string>;The path the PKI secret backend is mounted at, with no leading or trailing /s.
property disable
disable?: pulumi.Input<boolean>;Disables or enables CRL building.
property expiry
expiry?: pulumi.Input<string>;Specifies the time until expiration.
interface SecretBackendCrlConfigState
interface SecretBackendCrlConfigStateInput properties used for looking up and filtering SecretBackendCrlConfig resources.
property backend
backend?: pulumi.Input<string>;The path the PKI secret backend is mounted at, with no leading or trailing /s.
property disable
disable?: pulumi.Input<boolean>;Disables or enables CRL building.
property expiry
expiry?: pulumi.Input<string>;Specifies the time until expiration.
interface SecretBackendIntermediateCertRequestArgs
interface SecretBackendIntermediateCertRequestArgsThe set of arguments for constructing a SecretBackendIntermediateCertRequest resource.
property altNames
altNames?: pulumi.Input<pulumi.Input<string>[]>;List of alternative names
property backend
backend: pulumi.Input<string>;The PKI secret backend the resource belongs to.
property commonName
commonName: pulumi.Input<string>;CN of intermediate to create
property country
country?: pulumi.Input<string>;The country
property excludeCnFromSans
excludeCnFromSans?: pulumi.Input<boolean>;Flag to exclude CN from SANs
property format
format?: pulumi.Input<string>;The format of data
property ipSans
ipSans?: pulumi.Input<pulumi.Input<string>[]>;List of alternative IPs
property keyBits
keyBits?: pulumi.Input<number>;The number of bits to use
property keyType
keyType?: pulumi.Input<string>;The desired key type
property locality
locality?: pulumi.Input<string>;The locality
property organization
organization?: pulumi.Input<string>;The organization
property otherSans
otherSans?: pulumi.Input<pulumi.Input<string>[]>;List of other SANs
property ou
ou?: pulumi.Input<string>;The organization unit
property postalCode
postalCode?: pulumi.Input<string>;The postal code
property privateKeyFormat
privateKeyFormat?: pulumi.Input<string>;The private key format
property province
province?: pulumi.Input<string>;The province
property streetAddress
streetAddress?: pulumi.Input<string>;The street address
property type
type: pulumi.Input<string>;Type of intermediate to create. Must be either \“exported\” or \“internal\”
property uriSans
uriSans?: pulumi.Input<pulumi.Input<string>[]>;List of alternative URIs
interface SecretBackendIntermediateCertRequestState
interface SecretBackendIntermediateCertRequestStateInput properties used for looking up and filtering SecretBackendIntermediateCertRequest resources.
property altNames
altNames?: pulumi.Input<pulumi.Input<string>[]>;List of alternative names
property backend
backend?: pulumi.Input<string>;The PKI secret backend the resource belongs to.
property commonName
commonName?: pulumi.Input<string>;CN of intermediate to create
property country
country?: pulumi.Input<string>;The country
property csr
csr?: pulumi.Input<string>;The CSR
property excludeCnFromSans
excludeCnFromSans?: pulumi.Input<boolean>;Flag to exclude CN from SANs
property format
format?: pulumi.Input<string>;The format of data
property ipSans
ipSans?: pulumi.Input<pulumi.Input<string>[]>;List of alternative IPs
property keyBits
keyBits?: pulumi.Input<number>;The number of bits to use
property keyType
keyType?: pulumi.Input<string>;The desired key type
property locality
locality?: pulumi.Input<string>;The locality
property organization
organization?: pulumi.Input<string>;The organization
property otherSans
otherSans?: pulumi.Input<pulumi.Input<string>[]>;List of other SANs
property ou
ou?: pulumi.Input<string>;The organization unit
property postalCode
postalCode?: pulumi.Input<string>;The postal code
property privateKey
privateKey?: pulumi.Input<string>;The private key
property privateKeyFormat
privateKeyFormat?: pulumi.Input<string>;The private key format
property privateKeyType
privateKeyType?: pulumi.Input<string>;The private key type
property province
province?: pulumi.Input<string>;The province
property streetAddress
streetAddress?: pulumi.Input<string>;The street address
property type
type?: pulumi.Input<string>;Type of intermediate to create. Must be either \“exported\” or \“internal\”
property uriSans
uriSans?: pulumi.Input<pulumi.Input<string>[]>;List of alternative URIs
interface SecretBackendIntermediateSetSignedArgs
interface SecretBackendIntermediateSetSignedArgsThe set of arguments for constructing a SecretBackendIntermediateSetSigned resource.
property backend
backend: pulumi.Input<string>;The PKI secret backend the resource belongs to.
property certificate
certificate: pulumi.Input<string>;The certificate
interface SecretBackendIntermediateSetSignedState
interface SecretBackendIntermediateSetSignedStateInput properties used for looking up and filtering SecretBackendIntermediateSetSigned resources.
property backend
backend?: pulumi.Input<string>;The PKI secret backend the resource belongs to.
property certificate
certificate?: pulumi.Input<string>;The certificate
interface SecretBackendRoleArgs
interface SecretBackendRoleArgsThe set of arguments for constructing a SecretBackendRole resource.
property allowAnyName
allowAnyName?: pulumi.Input<boolean>;Flag to allow any name
property allowBareDomains
allowBareDomains?: pulumi.Input<boolean>;Flag to allow certificates matching the actual domain
property allowGlobDomains
allowGlobDomains?: pulumi.Input<boolean>;Flag to allow names containing glob patterns.
property allowIpSans
allowIpSans?: pulumi.Input<boolean>;Flag to allow IP SANs
property allowLocalhost
allowLocalhost?: pulumi.Input<boolean>;Flag to allow certificates for localhost
property allowSubdomains
allowSubdomains?: pulumi.Input<boolean>;Flag to allow certificates matching subdomains
property allowedDomains
allowedDomains?: pulumi.Input<pulumi.Input<string>[]>;List of allowed domains for certificates
property allowedOtherSans
allowedOtherSans?: pulumi.Input<pulumi.Input<string>[]>;Defines allowed custom SANs
property allowedUriSans
allowedUriSans?: pulumi.Input<pulumi.Input<string>[]>;Defines allowed URI SANs
property backend
backend: pulumi.Input<string>;The path the PKI secret backend is mounted at, with no leading or trailing /s.
property basicConstraintsValidForNonCa
basicConstraintsValidForNonCa?: pulumi.Input<boolean>;Flag to mark basic constraints valid when issuing non-CA certificates
property clientFlag
clientFlag?: pulumi.Input<boolean>;Flag to specify certificates for client use
property codeSigningFlag
codeSigningFlag?: pulumi.Input<boolean>;Flag to specify certificates for code signing use
property countries
countries?: pulumi.Input<pulumi.Input<string>[]>;The country of generated certificates
property emailProtectionFlag
emailProtectionFlag?: pulumi.Input<boolean>;Flag to specify certificates for email protection use
property enforceHostnames
enforceHostnames?: pulumi.Input<boolean>;Flag to allow only valid host names
property extKeyUsages
extKeyUsages?: pulumi.Input<pulumi.Input<string>[]>;Specify the allowed extended key usage constraint on issued certificates
property generateLease
generateLease?: pulumi.Input<boolean>;Flag to generate leases with certificates
property keyBits
keyBits?: pulumi.Input<number>;The number of bits of generated keys
property keyType
keyType?: pulumi.Input<string>;The type of generated keys
property keyUsages
keyUsages?: pulumi.Input<pulumi.Input<string>[]>;Specify the allowed key usage constraint on issued certificates
property localities
localities?: pulumi.Input<pulumi.Input<string>[]>;The locality of generated certificates
property maxTtl
maxTtl?: pulumi.Input<string>;The maximum TTL
property name
name?: pulumi.Input<string>;The name to identify this role within the backend. Must be unique within the backend.
property noStore
noStore?: pulumi.Input<boolean>;Flag to not store certificates in the storage backend
property notBeforeDuration
notBeforeDuration?: pulumi.Input<string>;Specifies the duration by which to backdate the NotBefore property.
property organizationUnit
organizationUnit?: pulumi.Input<pulumi.Input<string>[]>;The organization unit of generated certificates
property organizations
organizations?: pulumi.Input<pulumi.Input<string>[]>;The organization of generated certificates
property policyIdentifiers
policyIdentifiers?: pulumi.Input<pulumi.Input<string>[]>;Specify the list of allowed policies IODs
property postalCodes
postalCodes?: pulumi.Input<pulumi.Input<string>[]>;The postal code of generated certificates
property provinces
provinces?: pulumi.Input<pulumi.Input<string>[]>;The province of generated certificates
property requireCn
requireCn?: pulumi.Input<boolean>;Flag to force CN usage
property serverFlag
serverFlag?: pulumi.Input<boolean>;Flag to specify certificates for server use
property streetAddresses
streetAddresses?: pulumi.Input<pulumi.Input<string>[]>;The street address of generated certificates
property ttl
ttl?: pulumi.Input<string>;The TTL
property useCsrCommonName
useCsrCommonName?: pulumi.Input<boolean>;Flag to use the CN in the CSR
property useCsrSans
useCsrSans?: pulumi.Input<boolean>;Flag to use the SANs in the CSR
interface SecretBackendRoleState
interface SecretBackendRoleStateInput properties used for looking up and filtering SecretBackendRole resources.
property allowAnyName
allowAnyName?: pulumi.Input<boolean>;Flag to allow any name
property allowBareDomains
allowBareDomains?: pulumi.Input<boolean>;Flag to allow certificates matching the actual domain
property allowGlobDomains
allowGlobDomains?: pulumi.Input<boolean>;Flag to allow names containing glob patterns.
property allowIpSans
allowIpSans?: pulumi.Input<boolean>;Flag to allow IP SANs
property allowLocalhost
allowLocalhost?: pulumi.Input<boolean>;Flag to allow certificates for localhost
property allowSubdomains
allowSubdomains?: pulumi.Input<boolean>;Flag to allow certificates matching subdomains
property allowedDomains
allowedDomains?: pulumi.Input<pulumi.Input<string>[]>;List of allowed domains for certificates
property allowedOtherSans
allowedOtherSans?: pulumi.Input<pulumi.Input<string>[]>;Defines allowed custom SANs
property allowedUriSans
allowedUriSans?: pulumi.Input<pulumi.Input<string>[]>;Defines allowed URI SANs
property backend
backend?: pulumi.Input<string>;The path the PKI secret backend is mounted at, with no leading or trailing /s.
property basicConstraintsValidForNonCa
basicConstraintsValidForNonCa?: pulumi.Input<boolean>;Flag to mark basic constraints valid when issuing non-CA certificates
property clientFlag
clientFlag?: pulumi.Input<boolean>;Flag to specify certificates for client use
property codeSigningFlag
codeSigningFlag?: pulumi.Input<boolean>;Flag to specify certificates for code signing use
property countries
countries?: pulumi.Input<pulumi.Input<string>[]>;The country of generated certificates
property emailProtectionFlag
emailProtectionFlag?: pulumi.Input<boolean>;Flag to specify certificates for email protection use
property enforceHostnames
enforceHostnames?: pulumi.Input<boolean>;Flag to allow only valid host names
property extKeyUsages
extKeyUsages?: pulumi.Input<pulumi.Input<string>[]>;Specify the allowed extended key usage constraint on issued certificates
property generateLease
generateLease?: pulumi.Input<boolean>;Flag to generate leases with certificates
property keyBits
keyBits?: pulumi.Input<number>;The number of bits of generated keys
property keyType
keyType?: pulumi.Input<string>;The type of generated keys
property keyUsages
keyUsages?: pulumi.Input<pulumi.Input<string>[]>;Specify the allowed key usage constraint on issued certificates
property localities
localities?: pulumi.Input<pulumi.Input<string>[]>;The locality of generated certificates
property maxTtl
maxTtl?: pulumi.Input<string>;The maximum TTL
property name
name?: pulumi.Input<string>;The name to identify this role within the backend. Must be unique within the backend.
property noStore
noStore?: pulumi.Input<boolean>;Flag to not store certificates in the storage backend
property notBeforeDuration
notBeforeDuration?: pulumi.Input<string>;Specifies the duration by which to backdate the NotBefore property.
property organizationUnit
organizationUnit?: pulumi.Input<pulumi.Input<string>[]>;The organization unit of generated certificates
property organizations
organizations?: pulumi.Input<pulumi.Input<string>[]>;The organization of generated certificates
property policyIdentifiers
policyIdentifiers?: pulumi.Input<pulumi.Input<string>[]>;Specify the list of allowed policies IODs
property postalCodes
postalCodes?: pulumi.Input<pulumi.Input<string>[]>;The postal code of generated certificates
property provinces
provinces?: pulumi.Input<pulumi.Input<string>[]>;The province of generated certificates
property requireCn
requireCn?: pulumi.Input<boolean>;Flag to force CN usage
property serverFlag
serverFlag?: pulumi.Input<boolean>;Flag to specify certificates for server use
property streetAddresses
streetAddresses?: pulumi.Input<pulumi.Input<string>[]>;The street address of generated certificates
property ttl
ttl?: pulumi.Input<string>;The TTL
property useCsrCommonName
useCsrCommonName?: pulumi.Input<boolean>;Flag to use the CN in the CSR
property useCsrSans
useCsrSans?: pulumi.Input<boolean>;Flag to use the SANs in the CSR
interface SecretBackendRootCertArgs
interface SecretBackendRootCertArgsThe set of arguments for constructing a SecretBackendRootCert resource.
property altNames
altNames?: pulumi.Input<pulumi.Input<string>[]>;List of alternative names
property backend
backend: pulumi.Input<string>;The PKI secret backend the resource belongs to.
property commonName
commonName: pulumi.Input<string>;CN of intermediate to create
property country
country?: pulumi.Input<string>;The country
property excludeCnFromSans
excludeCnFromSans?: pulumi.Input<boolean>;Flag to exclude CN from SANs
property format
format?: pulumi.Input<string>;The format of data
property ipSans
ipSans?: pulumi.Input<pulumi.Input<string>[]>;List of alternative IPs
property keyBits
keyBits?: pulumi.Input<number>;The number of bits to use
property keyType
keyType?: pulumi.Input<string>;The desired key type
property locality
locality?: pulumi.Input<string>;The locality
property maxPathLength
maxPathLength?: pulumi.Input<number>;The maximum path length to encode in the generated certificate
property organization
organization?: pulumi.Input<string>;The organization
property otherSans
otherSans?: pulumi.Input<pulumi.Input<string>[]>;List of other SANs
property ou
ou?: pulumi.Input<string>;The organization unit
property permittedDnsDomains
permittedDnsDomains?: pulumi.Input<pulumi.Input<string>[]>;List of domains for which certificates are allowed to be issued
property postalCode
postalCode?: pulumi.Input<string>;The postal code
property privateKeyFormat
privateKeyFormat?: pulumi.Input<string>;The private key format
property province
province?: pulumi.Input<string>;The province
property streetAddress
streetAddress?: pulumi.Input<string>;The street address
property ttl
ttl?: pulumi.Input<string>;Time to live
property type
type: pulumi.Input<string>;Type of intermediate to create. Must be either \“exported\” or \“internal\”
property uriSans
uriSans?: pulumi.Input<pulumi.Input<string>[]>;List of alternative URIs
interface SecretBackendRootCertState
interface SecretBackendRootCertStateInput properties used for looking up and filtering SecretBackendRootCert resources.
property altNames
altNames?: pulumi.Input<pulumi.Input<string>[]>;List of alternative names
property backend
backend?: pulumi.Input<string>;The PKI secret backend the resource belongs to.
property certificate
certificate?: pulumi.Input<string>;The certificate
property commonName
commonName?: pulumi.Input<string>;CN of intermediate to create
property country
country?: pulumi.Input<string>;The country
property excludeCnFromSans
excludeCnFromSans?: pulumi.Input<boolean>;Flag to exclude CN from SANs
property format
format?: pulumi.Input<string>;The format of data
property ipSans
ipSans?: pulumi.Input<pulumi.Input<string>[]>;List of alternative IPs
property issuingCa
issuingCa?: pulumi.Input<string>;The issuing CA
property keyBits
keyBits?: pulumi.Input<number>;The number of bits to use
property keyType
keyType?: pulumi.Input<string>;The desired key type
property locality
locality?: pulumi.Input<string>;The locality
property maxPathLength
maxPathLength?: pulumi.Input<number>;The maximum path length to encode in the generated certificate
property organization
organization?: pulumi.Input<string>;The organization
property otherSans
otherSans?: pulumi.Input<pulumi.Input<string>[]>;List of other SANs
property ou
ou?: pulumi.Input<string>;The organization unit
property permittedDnsDomains
permittedDnsDomains?: pulumi.Input<pulumi.Input<string>[]>;List of domains for which certificates are allowed to be issued
property postalCode
postalCode?: pulumi.Input<string>;The postal code
property privateKeyFormat
privateKeyFormat?: pulumi.Input<string>;The private key format
property province
province?: pulumi.Input<string>;The province
property serial
serial?: pulumi.Input<string>;The serial
property streetAddress
streetAddress?: pulumi.Input<string>;The street address
property ttl
ttl?: pulumi.Input<string>;Time to live
property type
type?: pulumi.Input<string>;Type of intermediate to create. Must be either \“exported\” or \“internal\”
property uriSans
uriSans?: pulumi.Input<pulumi.Input<string>[]>;List of alternative URIs
interface SecretBackendRootSignIntermediateArgs
interface SecretBackendRootSignIntermediateArgsThe set of arguments for constructing a SecretBackendRootSignIntermediate resource.
property altNames
altNames?: pulumi.Input<pulumi.Input<string>[]>;List of alternative names
property backend
backend: pulumi.Input<string>;The PKI secret backend the resource belongs to.
property commonName
commonName: pulumi.Input<string>;CN of intermediate to create
property country
country?: pulumi.Input<string>;The country
property csr
csr: pulumi.Input<string>;The CSR
property excludeCnFromSans
excludeCnFromSans?: pulumi.Input<boolean>;Flag to exclude CN from SANs
property format
format?: pulumi.Input<string>;The format of data
property ipSans
ipSans?: pulumi.Input<pulumi.Input<string>[]>;List of alternative IPs
property locality
locality?: pulumi.Input<string>;The locality
property maxPathLength
maxPathLength?: pulumi.Input<number>;The maximum path length to encode in the generated certificate
property organization
organization?: pulumi.Input<string>;The organization
property otherSans
otherSans?: pulumi.Input<pulumi.Input<string>[]>;List of other SANs
property ou
ou?: pulumi.Input<string>;The organization unit
property permittedDnsDomains
permittedDnsDomains?: pulumi.Input<pulumi.Input<string>[]>;List of domains for which certificates are allowed to be issued
property postalCode
postalCode?: pulumi.Input<string>;The postal code
property province
province?: pulumi.Input<string>;The province
property streetAddress
streetAddress?: pulumi.Input<string>;The street address
property ttl
ttl?: pulumi.Input<string>;Time to live
property uriSans
uriSans?: pulumi.Input<pulumi.Input<string>[]>;List of alternative URIs
property useCsrValues
useCsrValues?: pulumi.Input<boolean>;Preserve CSR values
interface SecretBackendRootSignIntermediateState
interface SecretBackendRootSignIntermediateStateInput properties used for looking up and filtering SecretBackendRootSignIntermediate resources.
property altNames
altNames?: pulumi.Input<pulumi.Input<string>[]>;List of alternative names
property backend
backend?: pulumi.Input<string>;The PKI secret backend the resource belongs to.
property caChain
caChain?: pulumi.Input<string>;The CA chain
property certificate
certificate?: pulumi.Input<string>;The certificate
property commonName
commonName?: pulumi.Input<string>;CN of intermediate to create
property country
country?: pulumi.Input<string>;The country
property csr
csr?: pulumi.Input<string>;The CSR
property excludeCnFromSans
excludeCnFromSans?: pulumi.Input<boolean>;Flag to exclude CN from SANs
property format
format?: pulumi.Input<string>;The format of data
property ipSans
ipSans?: pulumi.Input<pulumi.Input<string>[]>;List of alternative IPs
property issuingCa
issuingCa?: pulumi.Input<string>;The issuing CA
property locality
locality?: pulumi.Input<string>;The locality
property maxPathLength
maxPathLength?: pulumi.Input<number>;The maximum path length to encode in the generated certificate
property organization
organization?: pulumi.Input<string>;The organization
property otherSans
otherSans?: pulumi.Input<pulumi.Input<string>[]>;List of other SANs
property ou
ou?: pulumi.Input<string>;The organization unit
property permittedDnsDomains
permittedDnsDomains?: pulumi.Input<pulumi.Input<string>[]>;List of domains for which certificates are allowed to be issued
property postalCode
postalCode?: pulumi.Input<string>;The postal code
property province
province?: pulumi.Input<string>;The province
property serial
serial?: pulumi.Input<string>;The serial
property streetAddress
streetAddress?: pulumi.Input<string>;The street address
property ttl
ttl?: pulumi.Input<string>;Time to live
property uriSans
uriSans?: pulumi.Input<pulumi.Input<string>[]>;List of alternative URIs
property useCsrValues
useCsrValues?: pulumi.Input<boolean>;Preserve CSR values
interface SecretBackendSignArgs
interface SecretBackendSignArgsThe set of arguments for constructing a SecretBackendSign resource.
property altNames
altNames?: pulumi.Input<pulumi.Input<string>[]>;List of alternative names
property autoRenew
autoRenew?: pulumi.Input<boolean>;If set to true, certs will be renewed if the expiration is within minSecondsRemaining. Default false
property backend
backend: pulumi.Input<string>;The PKI secret backend the resource belongs to.
property commonName
commonName: pulumi.Input<string>;CN of certificate to create
property csr
csr: pulumi.Input<string>;The CSR
property excludeCnFromSans
excludeCnFromSans?: pulumi.Input<boolean>;Flag to exclude CN from SANs
property format
format?: pulumi.Input<string>;The format of data
property ipSans
ipSans?: pulumi.Input<pulumi.Input<string>[]>;List of alternative IPs
property minSecondsRemaining
minSecondsRemaining?: pulumi.Input<number>;Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
property name
name?: pulumi.Input<string>;Name of the role to create the certificate against
property otherSans
otherSans?: pulumi.Input<pulumi.Input<string>[]>;List of other SANs
property ttl
ttl?: pulumi.Input<string>;Time to live
property uriSans
uriSans?: pulumi.Input<pulumi.Input<string>[]>;List of alterative URIs
interface SecretBackendSignState
interface SecretBackendSignStateInput properties used for looking up and filtering SecretBackendSign resources.
property altNames
altNames?: pulumi.Input<pulumi.Input<string>[]>;List of alternative names
property autoRenew
autoRenew?: pulumi.Input<boolean>;If set to true, certs will be renewed if the expiration is within minSecondsRemaining. Default false
property backend
backend?: pulumi.Input<string>;The PKI secret backend the resource belongs to.
property caChains
caChains?: pulumi.Input<pulumi.Input<string>[]>;The CA chain
property certificate
certificate?: pulumi.Input<string>;The certificate
property commonName
commonName?: pulumi.Input<string>;CN of certificate to create
property csr
csr?: pulumi.Input<string>;The CSR
property excludeCnFromSans
excludeCnFromSans?: pulumi.Input<boolean>;Flag to exclude CN from SANs
property expiration
expiration?: pulumi.Input<number>;The expiration date of the certificate in unix epoch format
property format
format?: pulumi.Input<string>;The format of data
property ipSans
ipSans?: pulumi.Input<pulumi.Input<string>[]>;List of alternative IPs
property issuingCa
issuingCa?: pulumi.Input<string>;The issuing CA
property minSecondsRemaining
minSecondsRemaining?: pulumi.Input<number>;Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
property name
name?: pulumi.Input<string>;Name of the role to create the certificate against
property otherSans
otherSans?: pulumi.Input<pulumi.Input<string>[]>;List of other SANs
property serial
serial?: pulumi.Input<string>;The serial
property ttl
ttl?: pulumi.Input<string>;Time to live
property uriSans
uriSans?: pulumi.Input<pulumi.Input<string>[]>;List of alterative URIs
interface SecretBackendState
interface SecretBackendStateInput properties used for looking up and filtering SecretBackend resources.
property defaultLeaseTtlSeconds
defaultLeaseTtlSeconds?: pulumi.Input<number>;The default TTL for credentials issued by this backend.
property description
description?: pulumi.Input<string>;A human-friendly description for this backend.
property maxLeaseTtlSeconds
maxLeaseTtlSeconds?: pulumi.Input<number>;The maximum TTL that can be requested for credentials issued by this backend.
property path
path?: pulumi.Input<string>;The unique path this backend should be mounted at. Must not begin or end with a /.