1. Docs
  2. Reference
  3. API
  4. pulumi_vault
  5. pki_secret

pki_secret

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-vault repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-vault repo.

class pulumi_vault.pki_secret.SecretBackend(resource_name, opts=None, default_lease_ttl_seconds=None, description=None, max_lease_ttl_seconds=None, path=None, __props__=None, __name__=None, __opts__=None)

Creates an PKI Secret Backend for Vault. PKI secret backends can then issue certificates, once a role has been added to the backend.

import pulumi
import pulumi_vault as vault

pki = vault.pki_secret.SecretBackend("pki",
    default_lease_ttl_seconds=3600,
    max_lease_ttl_seconds=86400,
    path="pki")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • default_lease_ttl_seconds (pulumi.Input[float]) – The default TTL for credentials issued by this backend.

  • description (pulumi.Input[str]) – A human-friendly description for this backend.

  • max_lease_ttl_seconds (pulumi.Input[float]) – The maximum TTL that can be requested for credentials issued by this backend.

  • path (pulumi.Input[str]) – The unique path this backend should be mounted at. Must not begin or end with a /.

default_lease_ttl_seconds: pulumi.Output[float] = None

The default TTL for credentials issued by this backend.

description: pulumi.Output[str] = None

A human-friendly description for this backend.

max_lease_ttl_seconds: pulumi.Output[float] = None

The maximum TTL that can be requested for credentials issued by this backend.

path: pulumi.Output[str] = None

The unique path this backend should be mounted at. Must not begin or end with a /.

static get(resource_name, id, opts=None, default_lease_ttl_seconds=None, description=None, max_lease_ttl_seconds=None, path=None)

Get an existing SecretBackend resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • default_lease_ttl_seconds (pulumi.Input[float]) – The default TTL for credentials issued by this backend.

  • description (pulumi.Input[str]) – A human-friendly description for this backend.

  • max_lease_ttl_seconds (pulumi.Input[float]) – The maximum TTL that can be requested for credentials issued by this backend.

  • path (pulumi.Input[str]) – The unique path this backend should be mounted at. Must not begin or end with a /.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.pki_secret.SecretBackendCert(resource_name, opts=None, alt_names=None, auto_renew=None, backend=None, common_name=None, exclude_cn_from_sans=None, format=None, ip_sans=None, min_seconds_remaining=None, name=None, other_sans=None, private_key_format=None, ttl=None, __props__=None, __name__=None, __opts__=None)

Create a SecretBackendCert resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[list] alt_names: List of alternative names :param pulumi.Input[bool] auto_renew: If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to. :param pulumi.Input[str] common_name: CN of certificate to create :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs :param pulumi.Input[str] format: The format of data :param pulumi.Input[list] ip_sans: List of alternative IPs :param pulumi.Input[float] min_seconds_remaining: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days) :param pulumi.Input[str] name: Name of the role to create the certificate against :param pulumi.Input[list] other_sans: List of other SANs :param pulumi.Input[str] private_key_format: The private key format :param pulumi.Input[str] ttl: Time to live

alt_names: pulumi.Output[list] = None

List of alternative names

auto_renew: pulumi.Output[bool] = None

If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false

backend: pulumi.Output[str] = None

The PKI secret backend the resource belongs to.

ca_chain: pulumi.Output[str] = None

The CA chain

certificate: pulumi.Output[str] = None

The certificate

common_name: pulumi.Output[str] = None

CN of certificate to create

exclude_cn_from_sans: pulumi.Output[bool] = None

Flag to exclude CN from SANs

expiration: pulumi.Output[float] = None

The expiration date of the certificate in unix epoch format

format: pulumi.Output[str] = None

The format of data

ip_sans: pulumi.Output[list] = None

List of alternative IPs

issuing_ca: pulumi.Output[str] = None

The issuing CA

min_seconds_remaining: pulumi.Output[float] = None

Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)

name: pulumi.Output[str] = None

Name of the role to create the certificate against

other_sans: pulumi.Output[list] = None

List of other SANs

private_key: pulumi.Output[str] = None

The private key

private_key_format: pulumi.Output[str] = None

The private key format

private_key_type: pulumi.Output[str] = None

The private key type

serial_number: pulumi.Output[str] = None

The serial number

ttl: pulumi.Output[str] = None

Time to live

static get(resource_name, id, opts=None, alt_names=None, auto_renew=None, backend=None, ca_chain=None, certificate=None, common_name=None, exclude_cn_from_sans=None, expiration=None, format=None, ip_sans=None, issuing_ca=None, min_seconds_remaining=None, name=None, other_sans=None, private_key=None, private_key_format=None, private_key_type=None, serial_number=None, ttl=None)

Get an existing SecretBackendCert resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • alt_names (pulumi.Input[list]) – List of alternative names

  • auto_renew (pulumi.Input[bool]) – If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false

  • backend (pulumi.Input[str]) – The PKI secret backend the resource belongs to.

  • ca_chain (pulumi.Input[str]) – The CA chain

  • certificate (pulumi.Input[str]) – The certificate

  • common_name (pulumi.Input[str]) – CN of certificate to create

  • exclude_cn_from_sans (pulumi.Input[bool]) – Flag to exclude CN from SANs

  • expiration (pulumi.Input[float]) – The expiration date of the certificate in unix epoch format

  • format (pulumi.Input[str]) – The format of data

  • ip_sans (pulumi.Input[list]) – List of alternative IPs

  • issuing_ca (pulumi.Input[str]) – The issuing CA

  • min_seconds_remaining (pulumi.Input[float]) – Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)

  • name (pulumi.Input[str]) – Name of the role to create the certificate against

  • other_sans (pulumi.Input[list]) – List of other SANs

  • private_key (pulumi.Input[str]) – The private key

  • private_key_format (pulumi.Input[str]) – The private key format

  • private_key_type (pulumi.Input[str]) – The private key type

  • serial_number (pulumi.Input[str]) – The serial number

  • ttl (pulumi.Input[str]) – Time to live

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.pki_secret.SecretBackendConfigCa(resource_name, opts=None, backend=None, pem_bundle=None, __props__=None, __name__=None, __opts__=None)

Create a SecretBackendConfigCa resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to. :param pulumi.Input[str] pem_bundle: The key and certificate PEM bundle

backend: pulumi.Output[str] = None

The PKI secret backend the resource belongs to.

pem_bundle: pulumi.Output[str] = None

The key and certificate PEM bundle

static get(resource_name, id, opts=None, backend=None, pem_bundle=None)

Get an existing SecretBackendConfigCa resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • backend (pulumi.Input[str]) – The PKI secret backend the resource belongs to.

  • pem_bundle (pulumi.Input[str]) – The key and certificate PEM bundle

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.pki_secret.SecretBackendConfigUrls(resource_name, opts=None, backend=None, crl_distribution_points=None, issuing_certificates=None, ocsp_servers=None, __props__=None, __name__=None, __opts__=None)

Allows setting the issuing certificate endpoints, CRL distribution points, and OCSP server endpoints that will be encoded into issued certificates.

import pulumi
import pulumi_vault as vault

pki = vault.pki_secret.SecretBackend("pki",
    default_lease_ttl_seconds=3600,
    max_lease_ttl_seconds=86400,
    path="%s")
config_urls = vault.pki_secret.SecretBackendConfigUrls("configUrls",
    backend=pki.path,
    issuing_certificates=["http://127.0.0.1:8200/v1/pki/ca"])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • backend (pulumi.Input[str]) – The path the PKI secret backend is mounted at, with no leading or trailing /s.

  • crl_distribution_points (pulumi.Input[list]) – Specifies the URL values for the CRL Distribution Points field.

  • issuing_certificates (pulumi.Input[list]) – Specifies the URL values for the Issuing Certificate field.

  • ocsp_servers (pulumi.Input[list]) – Specifies the URL values for the OCSP Servers field.

backend: pulumi.Output[str] = None

The path the PKI secret backend is mounted at, with no leading or trailing /s.

crl_distribution_points: pulumi.Output[list] = None

Specifies the URL values for the CRL Distribution Points field.

issuing_certificates: pulumi.Output[list] = None

Specifies the URL values for the Issuing Certificate field.

ocsp_servers: pulumi.Output[list] = None

Specifies the URL values for the OCSP Servers field.

static get(resource_name, id, opts=None, backend=None, crl_distribution_points=None, issuing_certificates=None, ocsp_servers=None)

Get an existing SecretBackendConfigUrls resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • backend (pulumi.Input[str]) – The path the PKI secret backend is mounted at, with no leading or trailing /s.

  • crl_distribution_points (pulumi.Input[list]) – Specifies the URL values for the CRL Distribution Points field.

  • issuing_certificates (pulumi.Input[list]) – Specifies the URL values for the Issuing Certificate field.

  • ocsp_servers (pulumi.Input[list]) – Specifies the URL values for the OCSP Servers field.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.pki_secret.SecretBackendCrlConfig(resource_name, opts=None, backend=None, disable=None, expiry=None, __props__=None, __name__=None, __opts__=None)

Allows setting the duration for which the generated CRL should be marked valid. If the CRL is disabled, it will return a signed but zero-length CRL for any request. If enabled, it will re-build the CRL.

import pulumi
import pulumi_vault as vault

pki = vault.Mount("pki",
    default_lease_ttl_seconds=3600,
    max_lease_ttl_seconds=86400,
    path="%s",
    type="pki")
crl_config = vault.pki_secret.SecretBackendCrlConfig("crlConfig",
    backend=pki.path,
    disable=False,
    expiry="72h")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • backend (pulumi.Input[str]) – The path the PKI secret backend is mounted at, with no leading or trailing /s.

  • disable (pulumi.Input[bool]) – Disables or enables CRL building.

  • expiry (pulumi.Input[str]) – Specifies the time until expiration.

backend: pulumi.Output[str] = None

The path the PKI secret backend is mounted at, with no leading or trailing /s.

disable: pulumi.Output[bool] = None

Disables or enables CRL building.

expiry: pulumi.Output[str] = None

Specifies the time until expiration.

static get(resource_name, id, opts=None, backend=None, disable=None, expiry=None)

Get an existing SecretBackendCrlConfig resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • backend (pulumi.Input[str]) – The path the PKI secret backend is mounted at, with no leading or trailing /s.

  • disable (pulumi.Input[bool]) – Disables or enables CRL building.

  • expiry (pulumi.Input[str]) – Specifies the time until expiration.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.pki_secret.SecretBackendIntermediateCertRequest(resource_name, opts=None, alt_names=None, backend=None, common_name=None, country=None, exclude_cn_from_sans=None, format=None, ip_sans=None, key_bits=None, key_type=None, locality=None, organization=None, other_sans=None, ou=None, postal_code=None, private_key_format=None, province=None, street_address=None, type=None, uri_sans=None, __props__=None, __name__=None, __opts__=None)

Create a SecretBackendIntermediateCertRequest resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[list] alt_names: List of alternative names :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to. :param pulumi.Input[str] common_name: CN of intermediate to create :param pulumi.Input[str] country: The country :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs :param pulumi.Input[str] format: The format of data :param pulumi.Input[list] ip_sans: List of alternative IPs :param pulumi.Input[float] key_bits: The number of bits to use :param pulumi.Input[str] key_type: The desired key type :param pulumi.Input[str] locality: The locality :param pulumi.Input[str] organization: The organization :param pulumi.Input[list] other_sans: List of other SANs :param pulumi.Input[str] ou: The organization unit :param pulumi.Input[str] postal_code: The postal code :param pulumi.Input[str] private_key_format: The private key format :param pulumi.Input[str] province: The province :param pulumi.Input[str] street_address: The street address :param pulumi.Input[str] type: Type of intermediate to create. Must be either “exported” or “internal” :param pulumi.Input[list] uri_sans: List of alternative URIs

alt_names: pulumi.Output[list] = None

List of alternative names

backend: pulumi.Output[str] = None

The PKI secret backend the resource belongs to.

common_name: pulumi.Output[str] = None

CN of intermediate to create

country: pulumi.Output[str] = None

The country

csr: pulumi.Output[str] = None

The CSR

exclude_cn_from_sans: pulumi.Output[bool] = None

Flag to exclude CN from SANs

format: pulumi.Output[str] = None

The format of data

ip_sans: pulumi.Output[list] = None

List of alternative IPs

key_bits: pulumi.Output[float] = None

The number of bits to use

key_type: pulumi.Output[str] = None

The desired key type

locality: pulumi.Output[str] = None

The locality

organization: pulumi.Output[str] = None

The organization

other_sans: pulumi.Output[list] = None

List of other SANs

ou: pulumi.Output[str] = None

The organization unit

postal_code: pulumi.Output[str] = None

The postal code

private_key: pulumi.Output[str] = None

The private key

private_key_format: pulumi.Output[str] = None

The private key format

private_key_type: pulumi.Output[str] = None

The private key type

province: pulumi.Output[str] = None

The province

street_address: pulumi.Output[str] = None

The street address

type: pulumi.Output[str] = None

Type of intermediate to create. Must be either “exported” or “internal”

uri_sans: pulumi.Output[list] = None

List of alternative URIs

static get(resource_name, id, opts=None, alt_names=None, backend=None, common_name=None, country=None, csr=None, exclude_cn_from_sans=None, format=None, ip_sans=None, key_bits=None, key_type=None, locality=None, organization=None, other_sans=None, ou=None, postal_code=None, private_key=None, private_key_format=None, private_key_type=None, province=None, street_address=None, type=None, uri_sans=None)

Get an existing SecretBackendIntermediateCertRequest resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • alt_names (pulumi.Input[list]) – List of alternative names

  • backend (pulumi.Input[str]) – The PKI secret backend the resource belongs to.

  • common_name (pulumi.Input[str]) – CN of intermediate to create

  • country (pulumi.Input[str]) – The country

  • csr (pulumi.Input[str]) – The CSR

  • exclude_cn_from_sans (pulumi.Input[bool]) – Flag to exclude CN from SANs

  • format (pulumi.Input[str]) – The format of data

  • ip_sans (pulumi.Input[list]) – List of alternative IPs

  • key_bits (pulumi.Input[float]) – The number of bits to use

  • key_type (pulumi.Input[str]) – The desired key type

  • locality (pulumi.Input[str]) – The locality

  • organization (pulumi.Input[str]) – The organization

  • other_sans (pulumi.Input[list]) – List of other SANs

  • ou (pulumi.Input[str]) – The organization unit

  • postal_code (pulumi.Input[str]) – The postal code

  • private_key (pulumi.Input[str]) – The private key

  • private_key_format (pulumi.Input[str]) – The private key format

  • private_key_type (pulumi.Input[str]) – The private key type

  • province (pulumi.Input[str]) – The province

  • street_address (pulumi.Input[str]) – The street address

  • type (pulumi.Input[str]) – Type of intermediate to create. Must be either “exported” or “internal”

  • uri_sans (pulumi.Input[list]) – List of alternative URIs

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.pki_secret.SecretBackendIntermediateSetSigned(resource_name, opts=None, backend=None, certificate=None, __props__=None, __name__=None, __opts__=None)

Create a SecretBackendIntermediateSetSigned resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to. :param pulumi.Input[str] certificate: The certificate

backend: pulumi.Output[str] = None

The PKI secret backend the resource belongs to.

certificate: pulumi.Output[str] = None

The certificate

static get(resource_name, id, opts=None, backend=None, certificate=None)

Get an existing SecretBackendIntermediateSetSigned resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • backend (pulumi.Input[str]) – The PKI secret backend the resource belongs to.

  • certificate (pulumi.Input[str]) – The certificate

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.pki_secret.SecretBackendRole(resource_name, opts=None, allow_any_name=None, allow_bare_domains=None, allow_glob_domains=None, allow_ip_sans=None, allow_localhost=None, allow_subdomains=None, allowed_domains=None, allowed_other_sans=None, allowed_uri_sans=None, backend=None, basic_constraints_valid_for_non_ca=None, client_flag=None, code_signing_flag=None, countries=None, email_protection_flag=None, enforce_hostnames=None, ext_key_usages=None, generate_lease=None, key_bits=None, key_type=None, key_usages=None, localities=None, max_ttl=None, name=None, no_store=None, not_before_duration=None, organization_unit=None, organizations=None, policy_identifiers=None, postal_codes=None, provinces=None, require_cn=None, server_flag=None, street_addresses=None, ttl=None, use_csr_common_name=None, use_csr_sans=None, __props__=None, __name__=None, __opts__=None)

Creates a role on an PKI Secret Backend for Vault.

import pulumi
import pulumi_vault as vault

pki = vault.pki_secret.SecretBackend("pki",
    default_lease_ttl_seconds=3600,
    max_lease_ttl_seconds=86400,
    path="%s")
role = vault.pki_secret.SecretBackendRole("role", backend=pki.path)
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • allow_any_name (pulumi.Input[bool]) – Flag to allow any name

  • allow_bare_domains (pulumi.Input[bool]) – Flag to allow certificates matching the actual domain

  • allow_glob_domains (pulumi.Input[bool]) – Flag to allow names containing glob patterns.

  • allow_ip_sans (pulumi.Input[bool]) – Flag to allow IP SANs

  • allow_localhost (pulumi.Input[bool]) – Flag to allow certificates for localhost

  • allow_subdomains (pulumi.Input[bool]) – Flag to allow certificates matching subdomains

  • allowed_domains (pulumi.Input[list]) – List of allowed domains for certificates

  • allowed_other_sans (pulumi.Input[list]) – Defines allowed custom SANs

  • allowed_uri_sans (pulumi.Input[list]) – Defines allowed URI SANs

  • backend (pulumi.Input[str]) – The path the PKI secret backend is mounted at, with no leading or trailing /s.

  • basic_constraints_valid_for_non_ca (pulumi.Input[bool]) – Flag to mark basic constraints valid when issuing non-CA certificates

  • client_flag (pulumi.Input[bool]) – Flag to specify certificates for client use

  • code_signing_flag (pulumi.Input[bool]) – Flag to specify certificates for code signing use

  • countries (pulumi.Input[list]) – The country of generated certificates

  • email_protection_flag (pulumi.Input[bool]) – Flag to specify certificates for email protection use

  • enforce_hostnames (pulumi.Input[bool]) – Flag to allow only valid host names

  • ext_key_usages (pulumi.Input[list]) – Specify the allowed extended key usage constraint on issued certificates

  • generate_lease (pulumi.Input[bool]) – Flag to generate leases with certificates

  • key_bits (pulumi.Input[float]) – The number of bits of generated keys

  • key_type (pulumi.Input[str]) – The type of generated keys

  • key_usages (pulumi.Input[list]) – Specify the allowed key usage constraint on issued certificates

  • localities (pulumi.Input[list]) – The locality of generated certificates

  • max_ttl (pulumi.Input[str]) – The maximum TTL

  • name (pulumi.Input[str]) – The name to identify this role within the backend. Must be unique within the backend.

  • no_store (pulumi.Input[bool]) – Flag to not store certificates in the storage backend

  • not_before_duration (pulumi.Input[str]) – Specifies the duration by which to backdate the NotBefore property.

  • organization_unit (pulumi.Input[list]) – The organization unit of generated certificates

  • organizations (pulumi.Input[list]) – The organization of generated certificates

  • policy_identifiers (pulumi.Input[list]) – Specify the list of allowed policies IODs

  • postal_codes (pulumi.Input[list]) – The postal code of generated certificates

  • provinces (pulumi.Input[list]) – The province of generated certificates

  • require_cn (pulumi.Input[bool]) – Flag to force CN usage

  • server_flag (pulumi.Input[bool]) – Flag to specify certificates for server use

  • street_addresses (pulumi.Input[list]) – The street address of generated certificates

  • ttl (pulumi.Input[str]) – The TTL

  • use_csr_common_name (pulumi.Input[bool]) – Flag to use the CN in the CSR

  • use_csr_sans (pulumi.Input[bool]) – Flag to use the SANs in the CSR

allow_any_name: pulumi.Output[bool] = None

Flag to allow any name

allow_bare_domains: pulumi.Output[bool] = None

Flag to allow certificates matching the actual domain

allow_glob_domains: pulumi.Output[bool] = None

Flag to allow names containing glob patterns.

allow_ip_sans: pulumi.Output[bool] = None

Flag to allow IP SANs

allow_localhost: pulumi.Output[bool] = None

Flag to allow certificates for localhost

allow_subdomains: pulumi.Output[bool] = None

Flag to allow certificates matching subdomains

allowed_domains: pulumi.Output[list] = None

List of allowed domains for certificates

allowed_other_sans: pulumi.Output[list] = None

Defines allowed custom SANs

allowed_uri_sans: pulumi.Output[list] = None

Defines allowed URI SANs

backend: pulumi.Output[str] = None

The path the PKI secret backend is mounted at, with no leading or trailing /s.

basic_constraints_valid_for_non_ca: pulumi.Output[bool] = None

Flag to mark basic constraints valid when issuing non-CA certificates

client_flag: pulumi.Output[bool] = None

Flag to specify certificates for client use

code_signing_flag: pulumi.Output[bool] = None

Flag to specify certificates for code signing use

countries: pulumi.Output[list] = None

The country of generated certificates

email_protection_flag: pulumi.Output[bool] = None

Flag to specify certificates for email protection use

enforce_hostnames: pulumi.Output[bool] = None

Flag to allow only valid host names

ext_key_usages: pulumi.Output[list] = None

Specify the allowed extended key usage constraint on issued certificates

generate_lease: pulumi.Output[bool] = None

Flag to generate leases with certificates

key_bits: pulumi.Output[float] = None

The number of bits of generated keys

key_type: pulumi.Output[str] = None

The type of generated keys

key_usages: pulumi.Output[list] = None

Specify the allowed key usage constraint on issued certificates

localities: pulumi.Output[list] = None

The locality of generated certificates

max_ttl: pulumi.Output[str] = None

The maximum TTL

name: pulumi.Output[str] = None

The name to identify this role within the backend. Must be unique within the backend.

no_store: pulumi.Output[bool] = None

Flag to not store certificates in the storage backend

not_before_duration: pulumi.Output[str] = None

Specifies the duration by which to backdate the NotBefore property.

organization_unit: pulumi.Output[list] = None

The organization unit of generated certificates

organizations: pulumi.Output[list] = None

The organization of generated certificates

policy_identifiers: pulumi.Output[list] = None

Specify the list of allowed policies IODs

postal_codes: pulumi.Output[list] = None

The postal code of generated certificates

provinces: pulumi.Output[list] = None

The province of generated certificates

require_cn: pulumi.Output[bool] = None

Flag to force CN usage

server_flag: pulumi.Output[bool] = None

Flag to specify certificates for server use

street_addresses: pulumi.Output[list] = None

The street address of generated certificates

ttl: pulumi.Output[str] = None

The TTL

use_csr_common_name: pulumi.Output[bool] = None

Flag to use the CN in the CSR

use_csr_sans: pulumi.Output[bool] = None

Flag to use the SANs in the CSR

static get(resource_name, id, opts=None, allow_any_name=None, allow_bare_domains=None, allow_glob_domains=None, allow_ip_sans=None, allow_localhost=None, allow_subdomains=None, allowed_domains=None, allowed_other_sans=None, allowed_uri_sans=None, backend=None, basic_constraints_valid_for_non_ca=None, client_flag=None, code_signing_flag=None, countries=None, email_protection_flag=None, enforce_hostnames=None, ext_key_usages=None, generate_lease=None, key_bits=None, key_type=None, key_usages=None, localities=None, max_ttl=None, name=None, no_store=None, not_before_duration=None, organization_unit=None, organizations=None, policy_identifiers=None, postal_codes=None, provinces=None, require_cn=None, server_flag=None, street_addresses=None, ttl=None, use_csr_common_name=None, use_csr_sans=None)

Get an existing SecretBackendRole resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • allow_any_name (pulumi.Input[bool]) – Flag to allow any name

  • allow_bare_domains (pulumi.Input[bool]) – Flag to allow certificates matching the actual domain

  • allow_glob_domains (pulumi.Input[bool]) – Flag to allow names containing glob patterns.

  • allow_ip_sans (pulumi.Input[bool]) – Flag to allow IP SANs

  • allow_localhost (pulumi.Input[bool]) – Flag to allow certificates for localhost

  • allow_subdomains (pulumi.Input[bool]) – Flag to allow certificates matching subdomains

  • allowed_domains (pulumi.Input[list]) – List of allowed domains for certificates

  • allowed_other_sans (pulumi.Input[list]) – Defines allowed custom SANs

  • allowed_uri_sans (pulumi.Input[list]) – Defines allowed URI SANs

  • backend (pulumi.Input[str]) – The path the PKI secret backend is mounted at, with no leading or trailing /s.

  • basic_constraints_valid_for_non_ca (pulumi.Input[bool]) – Flag to mark basic constraints valid when issuing non-CA certificates

  • client_flag (pulumi.Input[bool]) – Flag to specify certificates for client use

  • code_signing_flag (pulumi.Input[bool]) – Flag to specify certificates for code signing use

  • countries (pulumi.Input[list]) – The country of generated certificates

  • email_protection_flag (pulumi.Input[bool]) – Flag to specify certificates for email protection use

  • enforce_hostnames (pulumi.Input[bool]) – Flag to allow only valid host names

  • ext_key_usages (pulumi.Input[list]) – Specify the allowed extended key usage constraint on issued certificates

  • generate_lease (pulumi.Input[bool]) – Flag to generate leases with certificates

  • key_bits (pulumi.Input[float]) – The number of bits of generated keys

  • key_type (pulumi.Input[str]) – The type of generated keys

  • key_usages (pulumi.Input[list]) – Specify the allowed key usage constraint on issued certificates

  • localities (pulumi.Input[list]) – The locality of generated certificates

  • max_ttl (pulumi.Input[str]) – The maximum TTL

  • name (pulumi.Input[str]) – The name to identify this role within the backend. Must be unique within the backend.

  • no_store (pulumi.Input[bool]) – Flag to not store certificates in the storage backend

  • not_before_duration (pulumi.Input[str]) – Specifies the duration by which to backdate the NotBefore property.

  • organization_unit (pulumi.Input[list]) – The organization unit of generated certificates

  • organizations (pulumi.Input[list]) – The organization of generated certificates

  • policy_identifiers (pulumi.Input[list]) – Specify the list of allowed policies IODs

  • postal_codes (pulumi.Input[list]) – The postal code of generated certificates

  • provinces (pulumi.Input[list]) – The province of generated certificates

  • require_cn (pulumi.Input[bool]) – Flag to force CN usage

  • server_flag (pulumi.Input[bool]) – Flag to specify certificates for server use

  • street_addresses (pulumi.Input[list]) – The street address of generated certificates

  • ttl (pulumi.Input[str]) – The TTL

  • use_csr_common_name (pulumi.Input[bool]) – Flag to use the CN in the CSR

  • use_csr_sans (pulumi.Input[bool]) – Flag to use the SANs in the CSR

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.pki_secret.SecretBackendRootCert(resource_name, opts=None, alt_names=None, backend=None, common_name=None, country=None, exclude_cn_from_sans=None, format=None, ip_sans=None, key_bits=None, key_type=None, locality=None, max_path_length=None, organization=None, other_sans=None, ou=None, permitted_dns_domains=None, postal_code=None, private_key_format=None, province=None, street_address=None, ttl=None, type=None, uri_sans=None, __props__=None, __name__=None, __opts__=None)

Create a SecretBackendRootCert resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[list] alt_names: List of alternative names :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to. :param pulumi.Input[str] common_name: CN of intermediate to create :param pulumi.Input[str] country: The country :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs :param pulumi.Input[str] format: The format of data :param pulumi.Input[list] ip_sans: List of alternative IPs :param pulumi.Input[float] key_bits: The number of bits to use :param pulumi.Input[str] key_type: The desired key type :param pulumi.Input[str] locality: The locality :param pulumi.Input[float] max_path_length: The maximum path length to encode in the generated certificate :param pulumi.Input[str] organization: The organization :param pulumi.Input[list] other_sans: List of other SANs :param pulumi.Input[str] ou: The organization unit :param pulumi.Input[list] permitted_dns_domains: List of domains for which certificates are allowed to be issued :param pulumi.Input[str] postal_code: The postal code :param pulumi.Input[str] private_key_format: The private key format :param pulumi.Input[str] province: The province :param pulumi.Input[str] street_address: The street address :param pulumi.Input[str] ttl: Time to live :param pulumi.Input[str] type: Type of intermediate to create. Must be either “exported” or “internal” :param pulumi.Input[list] uri_sans: List of alternative URIs

alt_names: pulumi.Output[list] = None

List of alternative names

backend: pulumi.Output[str] = None

The PKI secret backend the resource belongs to.

certificate: pulumi.Output[str] = None

The certificate

common_name: pulumi.Output[str] = None

CN of intermediate to create

country: pulumi.Output[str] = None

The country

exclude_cn_from_sans: pulumi.Output[bool] = None

Flag to exclude CN from SANs

format: pulumi.Output[str] = None

The format of data

ip_sans: pulumi.Output[list] = None

List of alternative IPs

issuing_ca: pulumi.Output[str] = None

The issuing CA

key_bits: pulumi.Output[float] = None

The number of bits to use

key_type: pulumi.Output[str] = None

The desired key type

locality: pulumi.Output[str] = None

The locality

max_path_length: pulumi.Output[float] = None

The maximum path length to encode in the generated certificate

organization: pulumi.Output[str] = None

The organization

other_sans: pulumi.Output[list] = None

List of other SANs

ou: pulumi.Output[str] = None

The organization unit

permitted_dns_domains: pulumi.Output[list] = None

List of domains for which certificates are allowed to be issued

postal_code: pulumi.Output[str] = None

The postal code

private_key_format: pulumi.Output[str] = None

The private key format

province: pulumi.Output[str] = None

The province

serial: pulumi.Output[str] = None

The serial

street_address: pulumi.Output[str] = None

The street address

ttl: pulumi.Output[str] = None

Time to live

type: pulumi.Output[str] = None

Type of intermediate to create. Must be either “exported” or “internal”

uri_sans: pulumi.Output[list] = None

List of alternative URIs

static get(resource_name, id, opts=None, alt_names=None, backend=None, certificate=None, common_name=None, country=None, exclude_cn_from_sans=None, format=None, ip_sans=None, issuing_ca=None, key_bits=None, key_type=None, locality=None, max_path_length=None, organization=None, other_sans=None, ou=None, permitted_dns_domains=None, postal_code=None, private_key_format=None, province=None, serial=None, street_address=None, ttl=None, type=None, uri_sans=None)

Get an existing SecretBackendRootCert resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • alt_names (pulumi.Input[list]) – List of alternative names

  • backend (pulumi.Input[str]) – The PKI secret backend the resource belongs to.

  • certificate (pulumi.Input[str]) – The certificate

  • common_name (pulumi.Input[str]) – CN of intermediate to create

  • country (pulumi.Input[str]) – The country

  • exclude_cn_from_sans (pulumi.Input[bool]) – Flag to exclude CN from SANs

  • format (pulumi.Input[str]) – The format of data

  • ip_sans (pulumi.Input[list]) – List of alternative IPs

  • issuing_ca (pulumi.Input[str]) – The issuing CA

  • key_bits (pulumi.Input[float]) – The number of bits to use

  • key_type (pulumi.Input[str]) – The desired key type

  • locality (pulumi.Input[str]) – The locality

  • max_path_length (pulumi.Input[float]) – The maximum path length to encode in the generated certificate

  • organization (pulumi.Input[str]) – The organization

  • other_sans (pulumi.Input[list]) – List of other SANs

  • ou (pulumi.Input[str]) – The organization unit

  • permitted_dns_domains (pulumi.Input[list]) – List of domains for which certificates are allowed to be issued

  • postal_code (pulumi.Input[str]) – The postal code

  • private_key_format (pulumi.Input[str]) – The private key format

  • province (pulumi.Input[str]) – The province

  • serial (pulumi.Input[str]) – The serial

  • street_address (pulumi.Input[str]) – The street address

  • ttl (pulumi.Input[str]) – Time to live

  • type (pulumi.Input[str]) – Type of intermediate to create. Must be either “exported” or “internal”

  • uri_sans (pulumi.Input[list]) – List of alternative URIs

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.pki_secret.SecretBackendRootSignIntermediate(resource_name, opts=None, alt_names=None, backend=None, common_name=None, country=None, csr=None, exclude_cn_from_sans=None, format=None, ip_sans=None, locality=None, max_path_length=None, organization=None, other_sans=None, ou=None, permitted_dns_domains=None, postal_code=None, province=None, street_address=None, ttl=None, uri_sans=None, use_csr_values=None, __props__=None, __name__=None, __opts__=None)

Creates an PKI certificate.

import pulumi
import pulumi_vault as vault

root = vault.pki_secret.SecretBackendRootSignIntermediate("root",
    backend=vault_pki_secret_backend["root"]["path"],
    csr=vault_pki_secret_backend_intermediate_cert_request["intermediate"]["csr"],
    common_name="Intermediate CA",
    exclude_cn_from_sans=True,
    ou="My OU",
    organization="My organization")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • alt_names (pulumi.Input[list]) – List of alternative names

  • backend (pulumi.Input[str]) – The PKI secret backend the resource belongs to.

  • common_name (pulumi.Input[str]) – CN of intermediate to create

  • country (pulumi.Input[str]) – The country

  • csr (pulumi.Input[str]) – The CSR

  • exclude_cn_from_sans (pulumi.Input[bool]) – Flag to exclude CN from SANs

  • format (pulumi.Input[str]) – The format of data

  • ip_sans (pulumi.Input[list]) – List of alternative IPs

  • locality (pulumi.Input[str]) – The locality

  • max_path_length (pulumi.Input[float]) – The maximum path length to encode in the generated certificate

  • organization (pulumi.Input[str]) – The organization

  • other_sans (pulumi.Input[list]) – List of other SANs

  • ou (pulumi.Input[str]) – The organization unit

  • permitted_dns_domains (pulumi.Input[list]) – List of domains for which certificates are allowed to be issued

  • postal_code (pulumi.Input[str]) – The postal code

  • province (pulumi.Input[str]) – The province

  • street_address (pulumi.Input[str]) – The street address

  • ttl (pulumi.Input[str]) – Time to live

  • uri_sans (pulumi.Input[list]) – List of alternative URIs

  • use_csr_values (pulumi.Input[bool]) – Preserve CSR values

alt_names: pulumi.Output[list] = None

List of alternative names

backend: pulumi.Output[str] = None

The PKI secret backend the resource belongs to.

ca_chain: pulumi.Output[str] = None

The CA chain

certificate: pulumi.Output[str] = None

The certificate

common_name: pulumi.Output[str] = None

CN of intermediate to create

country: pulumi.Output[str] = None

The country

csr: pulumi.Output[str] = None

The CSR

exclude_cn_from_sans: pulumi.Output[bool] = None

Flag to exclude CN from SANs

format: pulumi.Output[str] = None

The format of data

ip_sans: pulumi.Output[list] = None

List of alternative IPs

issuing_ca: pulumi.Output[str] = None

The issuing CA

locality: pulumi.Output[str] = None

The locality

max_path_length: pulumi.Output[float] = None

The maximum path length to encode in the generated certificate

organization: pulumi.Output[str] = None

The organization

other_sans: pulumi.Output[list] = None

List of other SANs

ou: pulumi.Output[str] = None

The organization unit

permitted_dns_domains: pulumi.Output[list] = None

List of domains for which certificates are allowed to be issued

postal_code: pulumi.Output[str] = None

The postal code

province: pulumi.Output[str] = None

The province

serial: pulumi.Output[str] = None

The serial

street_address: pulumi.Output[str] = None

The street address

ttl: pulumi.Output[str] = None

Time to live

uri_sans: pulumi.Output[list] = None

List of alternative URIs

use_csr_values: pulumi.Output[bool] = None

Preserve CSR values

static get(resource_name, id, opts=None, alt_names=None, backend=None, ca_chain=None, certificate=None, common_name=None, country=None, csr=None, exclude_cn_from_sans=None, format=None, ip_sans=None, issuing_ca=None, locality=None, max_path_length=None, organization=None, other_sans=None, ou=None, permitted_dns_domains=None, postal_code=None, province=None, serial=None, street_address=None, ttl=None, uri_sans=None, use_csr_values=None)

Get an existing SecretBackendRootSignIntermediate resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • alt_names (pulumi.Input[list]) – List of alternative names

  • backend (pulumi.Input[str]) – The PKI secret backend the resource belongs to.

  • ca_chain (pulumi.Input[str]) – The CA chain

  • certificate (pulumi.Input[str]) – The certificate

  • common_name (pulumi.Input[str]) – CN of intermediate to create

  • country (pulumi.Input[str]) – The country

  • csr (pulumi.Input[str]) – The CSR

  • exclude_cn_from_sans (pulumi.Input[bool]) – Flag to exclude CN from SANs

  • format (pulumi.Input[str]) – The format of data

  • ip_sans (pulumi.Input[list]) – List of alternative IPs

  • issuing_ca (pulumi.Input[str]) – The issuing CA

  • locality (pulumi.Input[str]) – The locality

  • max_path_length (pulumi.Input[float]) – The maximum path length to encode in the generated certificate

  • organization (pulumi.Input[str]) – The organization

  • other_sans (pulumi.Input[list]) – List of other SANs

  • ou (pulumi.Input[str]) – The organization unit

  • permitted_dns_domains (pulumi.Input[list]) – List of domains for which certificates are allowed to be issued

  • postal_code (pulumi.Input[str]) – The postal code

  • province (pulumi.Input[str]) – The province

  • serial (pulumi.Input[str]) – The serial

  • street_address (pulumi.Input[str]) – The street address

  • ttl (pulumi.Input[str]) – Time to live

  • uri_sans (pulumi.Input[list]) – List of alternative URIs

  • use_csr_values (pulumi.Input[bool]) – Preserve CSR values

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_vault.pki_secret.SecretBackendSign(resource_name, opts=None, alt_names=None, auto_renew=None, backend=None, common_name=None, csr=None, exclude_cn_from_sans=None, format=None, ip_sans=None, min_seconds_remaining=None, name=None, other_sans=None, ttl=None, uri_sans=None, __props__=None, __name__=None, __opts__=None)

Create a SecretBackendSign resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[list] alt_names: List of alternative names :param pulumi.Input[bool] auto_renew: If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to. :param pulumi.Input[str] common_name: CN of certificate to create :param pulumi.Input[str] csr: The CSR :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs :param pulumi.Input[str] format: The format of data :param pulumi.Input[list] ip_sans: List of alternative IPs :param pulumi.Input[float] min_seconds_remaining: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days) :param pulumi.Input[str] name: Name of the role to create the certificate against :param pulumi.Input[list] other_sans: List of other SANs :param pulumi.Input[str] ttl: Time to live :param pulumi.Input[list] uri_sans: List of alterative URIs

alt_names: pulumi.Output[list] = None

List of alternative names

auto_renew: pulumi.Output[bool] = None

If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false

backend: pulumi.Output[str] = None

The PKI secret backend the resource belongs to.

ca_chains: pulumi.Output[list] = None

The CA chain

certificate: pulumi.Output[str] = None

The certificate

common_name: pulumi.Output[str] = None

CN of certificate to create

csr: pulumi.Output[str] = None

The CSR

exclude_cn_from_sans: pulumi.Output[bool] = None

Flag to exclude CN from SANs

expiration: pulumi.Output[float] = None

The expiration date of the certificate in unix epoch format

format: pulumi.Output[str] = None

The format of data

ip_sans: pulumi.Output[list] = None

List of alternative IPs

issuing_ca: pulumi.Output[str] = None

The issuing CA

min_seconds_remaining: pulumi.Output[float] = None

Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)

name: pulumi.Output[str] = None

Name of the role to create the certificate against

other_sans: pulumi.Output[list] = None

List of other SANs

serial: pulumi.Output[str] = None

The serial

ttl: pulumi.Output[str] = None

Time to live

uri_sans: pulumi.Output[list] = None

List of alterative URIs

static get(resource_name, id, opts=None, alt_names=None, auto_renew=None, backend=None, ca_chains=None, certificate=None, common_name=None, csr=None, exclude_cn_from_sans=None, expiration=None, format=None, ip_sans=None, issuing_ca=None, min_seconds_remaining=None, name=None, other_sans=None, serial=None, ttl=None, uri_sans=None)

Get an existing SecretBackendSign resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • alt_names (pulumi.Input[list]) – List of alternative names

  • auto_renew (pulumi.Input[bool]) – If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false

  • backend (pulumi.Input[str]) – The PKI secret backend the resource belongs to.

  • ca_chains (pulumi.Input[list]) – The CA chain

  • certificate (pulumi.Input[str]) – The certificate

  • common_name (pulumi.Input[str]) – CN of certificate to create

  • csr (pulumi.Input[str]) – The CSR

  • exclude_cn_from_sans (pulumi.Input[bool]) – Flag to exclude CN from SANs

  • expiration (pulumi.Input[float]) – The expiration date of the certificate in unix epoch format

  • format (pulumi.Input[str]) – The format of data

  • ip_sans (pulumi.Input[list]) – List of alternative IPs

  • issuing_ca (pulumi.Input[str]) – The issuing CA

  • min_seconds_remaining (pulumi.Input[float]) – Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)

  • name (pulumi.Input[str]) – Name of the role to create the certificate against

  • other_sans (pulumi.Input[list]) – List of other SANs

  • serial (pulumi.Input[str]) – The serial

  • ttl (pulumi.Input[str]) – Time to live

  • uri_sans (pulumi.Input[list]) – List of alterative URIs

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str