import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages a Container App Environment Certificate. * * ## Example Usage * * ### Certificate from .pfx file * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * import * as std from "@pulumi/std"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleAnalyticsWorkspace = new azure.operationalinsights.AnalyticsWorkspace("example", { * name: "acctest-01", * location: example.location, * resourceGroupName: example.name, * sku: "PerGB2018", * retentionInDays: 30, * }); * const exampleEnvironment = new azure.containerapp.Environment("example", { * name: "myEnvironment", * location: example.location, * resourceGroupName: example.name, * logAnalyticsWorkspaceId: exampleAnalyticsWorkspace.id, * }); * const exampleEnvironmentCertificate = new azure.containerapp.EnvironmentCertificate("example", { * name: "myfriendlyname", * containerAppEnvironmentId: exampleEnvironment.id, * certificateBlobBase64: std.filebase64({ * input: "path/to/certificate_file.pfx", * }).then(invoke => invoke.result), * certificatePassword: "$3cretSqu1rreL", * }); * ``` * * ### Certificate from Key Vault * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * import * as std from "@pulumi/std"; * * const current = azure.core.getClientConfig({}); * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleAnalyticsWorkspace = new azure.operationalinsights.AnalyticsWorkspace("example", { * name: "example-workspace", * location: example.location, * resourceGroupName: example.name, * sku: "PerGB2018", * retentionInDays: 30, * }); * const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", { * name: "example-identity", * resourceGroupName: example.name, * location: example.location, * }); * const exampleEnvironment = new azure.containerapp.Environment("example", { * name: "example-environment", * location: example.location, * resourceGroupName: example.name, * logAnalyticsWorkspaceId: exampleAnalyticsWorkspace.id, * identity: { * type: "UserAssigned", * identityIds: [exampleUserAssignedIdentity.id], * }, * }); * const exampleKeyVault = new azure.keyvault.KeyVault("example", { * name: "example-keyvault", * location: example.location, * resourceGroupName: example.name, * tenantId: current.then(current => current.tenantId), * skuName: "standard", * enableRbacAuthorization: true, * }); * const userKeyvaultAdmin = new azure.authorization.Assignment("user_keyvault_admin", { * scope: exampleKeyVault.id, * roleDefinitionName: "Key Vault Administrator", * principalId: current.then(current => current.objectId), * }); * const exampleAssignment = new azure.authorization.Assignment("example", { * scope: exampleKeyVault.id, * roleDefinitionName: "Key Vault Secrets User", * principalId: exampleEnvironment.identity.apply(identity => identity?.principalId), * }); * const exampleCertificate = new azure.keyvault.Certificate("example", { * name: "example-certificate", * keyVaultId: exampleKeyVault.id, * certificate: { * contents: std.filebase64({ * input: "path/to/certificate_file.pfx", * }).then(invoke => invoke.result), * password: "", * }, * }, { * dependsOn: [ * userKeyvaultAdmin, * exampleAssignment, * ], * }); * const exampleEnvironmentCertificate = new azure.containerapp.EnvironmentCertificate("example", { * name: "example-certificate", * containerAppEnvironmentId: exampleEnvironment.id, * certificateKeyVault: { * identity: exampleUserAssignedIdentity.id, * keyVaultSecretId: exampleCertificate.versionlessSecretId, * }, * }, { * dependsOn: [exampleAssignment], * }); * ``` * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.App` - 2025-07-01 * * ## Import * * A Container App Environment Certificate can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:containerapp/environmentCertificate:EnvironmentCertificate example "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.App/managedEnvironments/myenv/certificates/mycertificate" * ``` */ export declare class EnvironmentCertificate extends pulumi.CustomResource { /** * Get an existing EnvironmentCertificate resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: EnvironmentCertificateState, opts?: pulumi.CustomResourceOptions): EnvironmentCertificate; /** * Returns true if the given object is an instance of EnvironmentCertificate. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is EnvironmentCertificate; /** * The Certificate Private Key as a base64 encoded PFX or PEM. Changing this forces a new resource to be created. * * > **Note:** One of `certificateBlobBase64` and `certificateKeyVault` must be set. */ readonly certificateBlobBase64: pulumi.Output; /** * A `certificateKeyVault` block as defined below. Changing this forces a new resource to be created. * * > **Note:** one of `certificateBlobBase64` and `certificateKeyVault` must be set. */ readonly certificateKeyVault: pulumi.Output; /** * The password for the Certificate. Changing this forces a new resource to be created. * * > **Note:** required if `certificateBlobBase64` is specified. */ readonly certificatePassword: pulumi.Output; /** * The Container App Managed Environment ID to configure this Certificate on. Changing this forces a new resource to be created. */ readonly containerAppEnvironmentId: pulumi.Output; /** * The expiration date for the Certificate. */ readonly expirationDate: pulumi.Output; /** * The date of issue for the Certificate. */ readonly issueDate: pulumi.Output; /** * The Certificate Issuer. */ readonly issuer: pulumi.Output; /** * The name of the Container Apps Environment Certificate. Changing this forces a new resource to be created. */ readonly name: pulumi.Output; /** * The Subject Name for the Certificate. */ readonly subjectName: pulumi.Output; /** * A mapping of tags to assign to the resource. */ readonly tags: pulumi.Output<{ [key: string]: string; } | undefined>; /** * The Thumbprint of the Certificate. */ readonly thumbprint: pulumi.Output; /** * Create a EnvironmentCertificate resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: EnvironmentCertificateArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering EnvironmentCertificate resources. */ export interface EnvironmentCertificateState { /** * The Certificate Private Key as a base64 encoded PFX or PEM. Changing this forces a new resource to be created. * * > **Note:** One of `certificateBlobBase64` and `certificateKeyVault` must be set. */ certificateBlobBase64?: pulumi.Input; /** * A `certificateKeyVault` block as defined below. Changing this forces a new resource to be created. * * > **Note:** one of `certificateBlobBase64` and `certificateKeyVault` must be set. */ certificateKeyVault?: pulumi.Input; /** * The password for the Certificate. Changing this forces a new resource to be created. * * > **Note:** required if `certificateBlobBase64` is specified. */ certificatePassword?: pulumi.Input; /** * The Container App Managed Environment ID to configure this Certificate on. Changing this forces a new resource to be created. */ containerAppEnvironmentId?: pulumi.Input; /** * The expiration date for the Certificate. */ expirationDate?: pulumi.Input; /** * The date of issue for the Certificate. */ issueDate?: pulumi.Input; /** * The Certificate Issuer. */ issuer?: pulumi.Input; /** * The name of the Container Apps Environment Certificate. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * The Subject Name for the Certificate. */ subjectName?: pulumi.Input; /** * A mapping of tags to assign to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The Thumbprint of the Certificate. */ thumbprint?: pulumi.Input; } /** * The set of arguments for constructing a EnvironmentCertificate resource. */ export interface EnvironmentCertificateArgs { /** * The Certificate Private Key as a base64 encoded PFX or PEM. Changing this forces a new resource to be created. * * > **Note:** One of `certificateBlobBase64` and `certificateKeyVault` must be set. */ certificateBlobBase64?: pulumi.Input; /** * A `certificateKeyVault` block as defined below. Changing this forces a new resource to be created. * * > **Note:** one of `certificateBlobBase64` and `certificateKeyVault` must be set. */ certificateKeyVault?: pulumi.Input; /** * The password for the Certificate. Changing this forces a new resource to be created. * * > **Note:** required if `certificateBlobBase64` is specified. */ certificatePassword?: pulumi.Input; /** * The Container App Managed Environment ID to configure this Certificate on. Changing this forces a new resource to be created. */ containerAppEnvironmentId: pulumi.Input; /** * The name of the Container Apps Environment Certificate. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * A mapping of tags to assign to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; }