import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages a Key Vault Certificate. * * ## Example Usage * * ### Importing A PFX) * * > **Note:** this example assumed the PFX file is located in the same directory at `certificate-to-import.pfx`. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * import * as std from "@pulumi/std"; * * const current = azure.core.getClientConfig({}); * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleKeyVault = new azure.keyvault.KeyVault("example", { * name: "examplekeyvault", * location: example.location, * resourceGroupName: example.name, * tenantId: current.then(current => current.tenantId), * skuName: "premium", * accessPolicies: [{ * tenantId: current.then(current => current.tenantId), * objectId: current.then(current => current.objectId), * certificatePermissions: [ * "Create", * "Delete", * "DeleteIssuers", * "Get", * "GetIssuers", * "Import", * "List", * "ListIssuers", * "ManageContacts", * "ManageIssuers", * "SetIssuers", * "Update", * ], * keyPermissions: [ * "Backup", * "Create", * "Decrypt", * "Delete", * "Encrypt", * "Get", * "Import", * "List", * "Purge", * "Recover", * "Restore", * "Sign", * "UnwrapKey", * "Update", * "Verify", * "WrapKey", * ], * secretPermissions: [ * "Backup", * "Delete", * "Get", * "List", * "Purge", * "Recover", * "Restore", * "Set", * ], * }], * }); * const exampleCertificate = new azure.keyvault.Certificate("example", { * name: "imported-cert", * keyVaultId: exampleKeyVault.id, * certificate: { * contents: std.filebase64({ * input: "certificate-to-import.pfx", * }).then(invoke => invoke.result), * password: "", * }, * }); * ``` * * ### Generating a new certificate * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const current = azure.core.getClientConfig({}); * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleKeyVault = new azure.keyvault.KeyVault("example", { * name: "examplekeyvault", * location: example.location, * resourceGroupName: example.name, * tenantId: current.then(current => current.tenantId), * skuName: "standard", * softDeleteRetentionDays: 7, * accessPolicies: [{ * tenantId: current.then(current => current.tenantId), * objectId: current.then(current => current.objectId), * certificatePermissions: [ * "Create", * "Delete", * "DeleteIssuers", * "Get", * "GetIssuers", * "Import", * "List", * "ListIssuers", * "ManageContacts", * "ManageIssuers", * "Purge", * "SetIssuers", * "Update", * ], * keyPermissions: [ * "Backup", * "Create", * "Decrypt", * "Delete", * "Encrypt", * "Get", * "Import", * "List", * "Purge", * "Recover", * "Restore", * "Sign", * "UnwrapKey", * "Update", * "Verify", * "WrapKey", * ], * secretPermissions: [ * "Backup", * "Delete", * "Get", * "List", * "Purge", * "Recover", * "Restore", * "Set", * ], * }], * }); * const exampleCertificate = new azure.keyvault.Certificate("example", { * name: "generated-cert", * keyVaultId: exampleKeyVault.id, * certificatePolicy: { * issuerParameters: { * name: "Self", * }, * keyProperties: { * exportable: true, * keySize: 2048, * keyType: "RSA", * reuseKey: true, * }, * lifetimeActions: [{ * action: { * actionType: "AutoRenew", * }, * trigger: { * daysBeforeExpiry: 30, * }, * }], * secretProperties: { * contentType: "application/x-pkcs12", * }, * x509CertificateProperties: { * extendedKeyUsages: ["1.3.6.1.5.5.7.3.1"], * keyUsages: [ * "cRLSign", * "dataEncipherment", * "digitalSignature", * "keyAgreement", * "keyCertSign", * "keyEncipherment", * ], * subjectAlternativeNames: { * dnsNames: [ * "internal.contoso.com", * "domain.hello.world", * ], * }, * subject: "CN=hello-world", * validityInMonths: 12, * }, * }, * }); * ``` * * ## Import * * Key Vault Certificates can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:keyvault/certificate:Certificate example "https://example-keyvault.vault.azure.net/certificates/example/fdf067c93bbb4b22bff4d8b7a9a56217" * ``` */ export declare class Certificate extends pulumi.CustomResource { /** * Get an existing Certificate resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: CertificateState, opts?: pulumi.CustomResourceOptions): Certificate; /** * Returns true if the given object is an instance of Certificate. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Certificate; /** * A `certificate` block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate. */ readonly certificate: pulumi.Output; /** * A `certificateAttribute` block as defined below. */ readonly certificateAttributes: pulumi.Output; /** * The raw Key Vault Certificate data represented as a hexadecimal string. */ readonly certificateData: pulumi.Output; /** * The Base64 encoded Key Vault Certificate data. */ readonly certificateDataBase64: pulumi.Output; /** * A `certificatePolicy` block as defined below. Changing this (except the `lifetimeAction` field) will create a new version of the Key Vault Certificate. * * > **NOTE:** When creating a Key Vault Certificate, at least one of `certificate` or `certificatePolicy` is required. Provide `certificate` to import an existing certificate, `certificatePolicy` to generate a new certificate. */ readonly certificatePolicy: pulumi.Output; /** * The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created. */ readonly keyVaultId: pulumi.Output; /** * Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created. */ readonly name: pulumi.Output; /** * The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services. */ readonly resourceManagerId: pulumi.Output; /** * The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated. */ readonly resourceManagerVersionlessId: pulumi.Output; /** * The ID of the associated Key Vault Secret. */ readonly secretId: pulumi.Output; /** * A mapping of tags to assign to the resource. */ readonly tags: pulumi.Output<{ [key: string]: string; } | undefined>; /** * The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string. */ readonly thumbprint: pulumi.Output; /** * The current version of the Key Vault Certificate. */ readonly version: pulumi.Output; /** * The Base ID of the Key Vault Certificate. */ readonly versionlessId: pulumi.Output; /** * The Base ID of the Key Vault Secret. */ readonly versionlessSecretId: pulumi.Output; /** * Create a Certificate resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: CertificateArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Certificate resources. */ export interface CertificateState { /** * A `certificate` block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate. */ certificate?: pulumi.Input; /** * A `certificateAttribute` block as defined below. */ certificateAttributes?: pulumi.Input[]>; /** * The raw Key Vault Certificate data represented as a hexadecimal string. */ certificateData?: pulumi.Input; /** * The Base64 encoded Key Vault Certificate data. */ certificateDataBase64?: pulumi.Input; /** * A `certificatePolicy` block as defined below. Changing this (except the `lifetimeAction` field) will create a new version of the Key Vault Certificate. * * > **NOTE:** When creating a Key Vault Certificate, at least one of `certificate` or `certificatePolicy` is required. Provide `certificate` to import an existing certificate, `certificatePolicy` to generate a new certificate. */ certificatePolicy?: pulumi.Input; /** * The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created. */ keyVaultId?: pulumi.Input; /** * Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services. */ resourceManagerId?: pulumi.Input; /** * The Versionless ID of the Key Vault Certificate. This property allows other Azure Services (that support it) to auto-rotate their value when the Key Vault Certificate is updated. */ resourceManagerVersionlessId?: pulumi.Input; /** * The ID of the associated Key Vault Secret. */ secretId?: pulumi.Input; /** * A mapping of tags to assign to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string. */ thumbprint?: pulumi.Input; /** * The current version of the Key Vault Certificate. */ version?: pulumi.Input; /** * The Base ID of the Key Vault Certificate. */ versionlessId?: pulumi.Input; /** * The Base ID of the Key Vault Secret. */ versionlessSecretId?: pulumi.Input; } /** * The set of arguments for constructing a Certificate resource. */ export interface CertificateArgs { /** * A `certificate` block as defined below, used to Import an existing certificate. Changing this will create a new version of the Key Vault Certificate. */ certificate?: pulumi.Input; /** * A `certificatePolicy` block as defined below. Changing this (except the `lifetimeAction` field) will create a new version of the Key Vault Certificate. * * > **NOTE:** When creating a Key Vault Certificate, at least one of `certificate` or `certificatePolicy` is required. Provide `certificate` to import an existing certificate, `certificatePolicy` to generate a new certificate. */ certificatePolicy?: pulumi.Input; /** * The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created. */ keyVaultId: pulumi.Input; /** * Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * A mapping of tags to assign to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; }