get
suspend fun getBackendCertMetadata(argument: GetBackendCertMetadataPlainArgs): GetBackendCertMetadataResult
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const pki = new vault.Mount("pki", {
path: "pki",
type: "pki",
description: "PKI secret engine mount",
});
const root = new vault.pkisecret.SecretBackendRootCert("root", {
backend: pki.path,
type: "internal",
commonName: "example",
ttl: "86400",
issuerName: "example",
});
const testSecretBackendRole = new vault.pkisecret.SecretBackendRole("test", {
backend: testVaultPkiSecretBackendRootCert.backend,
name: "test",
allowedDomains: ["test.my.domain"],
allowSubdomains: true,
maxTtl: "3600",
keyUsages: [
"DigitalSignature",
"KeyAgreement",
"KeyEncipherment",
],
noStoreMetadata: false,
});
const testSecretBackendCert = new vault.pkisecret.SecretBackendCert("test", {
backend: testSecretBackendRole.backend,
name: testSecretBackendRole.name,
commonName: "cert.test.my.domain",
ttl: "720h",
minSecondsRemaining: 60,
certMetadata: "dGVzdCBtZXRhZGF0YQ==",
});
const test = testSecretBackendCert.serialNumber.apply(serialNumber => vault.pkiSecret.getBackendCertMetadataOutput({
path: test_root.path,
serial: serialNumber,
}));Content copied to clipboard
import pulumi
import pulumi_vault as vault
pki = vault.Mount("pki",
path="pki",
type="pki",
description="PKI secret engine mount")
root = vault.pki_secret.SecretBackendRootCert("root",
backend=pki.path,
type="internal",
common_name="example",
ttl="86400",
issuer_name="example")
test_secret_backend_role = vault.pki_secret.SecretBackendRole("test",
backend=test_vault_pki_secret_backend_root_cert["backend"],
name="test",
allowed_domains=["test.my.domain"],
allow_subdomains=True,
max_ttl="3600",
key_usages=[
"DigitalSignature",
"KeyAgreement",
"KeyEncipherment",
],
no_store_metadata=False)
test_secret_backend_cert = vault.pki_secret.SecretBackendCert("test",
backend=test_secret_backend_role.backend,
name=test_secret_backend_role.name,
common_name="cert.test.my.domain",
ttl="720h",
min_seconds_remaining=60,
cert_metadata="dGVzdCBtZXRhZGF0YQ==")
test = test_secret_backend_cert.serial_number.apply(lambda serial_number: vault.pkiSecret.get_backend_cert_metadata_output(path=test_root["path"],
serial=serial_number))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var pki = new Vault.Mount("pki", new()
{
Path = "pki",
Type = "pki",
Description = "PKI secret engine mount",
});
var root = new Vault.PkiSecret.SecretBackendRootCert("root", new()
{
Backend = pki.Path,
Type = "internal",
CommonName = "example",
Ttl = "86400",
IssuerName = "example",
});
var testSecretBackendRole = new Vault.PkiSecret.SecretBackendRole("test", new()
{
Backend = testVaultPkiSecretBackendRootCert.Backend,
Name = "test",
AllowedDomains = new[]
{
"test.my.domain",
},
AllowSubdomains = true,
MaxTtl = "3600",
KeyUsages = new[]
{
"DigitalSignature",
"KeyAgreement",
"KeyEncipherment",
},
NoStoreMetadata = false,
});
var testSecretBackendCert = new Vault.PkiSecret.SecretBackendCert("test", new()
{
Backend = testSecretBackendRole.Backend,
Name = testSecretBackendRole.Name,
CommonName = "cert.test.my.domain",
Ttl = "720h",
MinSecondsRemaining = 60,
CertMetadata = "dGVzdCBtZXRhZGF0YQ==",
});
var test = Vault.PkiSecret.GetBackendCertMetadata.Invoke(new()
{
Path = test_root.Path,
Serial = testSecretBackendCert.SerialNumber,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/pkisecret"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
pki, err := vault.NewMount(ctx, "pki", &vault.MountArgs{
Path: pulumi.String("pki"),
Type: pulumi.String("pki"),
Description: pulumi.String("PKI secret engine mount"),
})
if err != nil {
return err
}
_, err = pkisecret.NewSecretBackendRootCert(ctx, "root", &pkisecret.SecretBackendRootCertArgs{
Backend: pki.Path,
Type: pulumi.String("internal"),
CommonName: pulumi.String("example"),
Ttl: pulumi.String("86400"),
IssuerName: pulumi.String("example"),
})
if err != nil {
return err
}
testSecretBackendRole, err := pkisecret.NewSecretBackendRole(ctx, "test", &pkisecret.SecretBackendRoleArgs{
Backend: pulumi.Any(testVaultPkiSecretBackendRootCert.Backend),
Name: pulumi.String("test"),
AllowedDomains: pulumi.StringArray{
pulumi.String("test.my.domain"),
},
AllowSubdomains: pulumi.Bool(true),
MaxTtl: pulumi.String("3600"),
KeyUsages: pulumi.StringArray{
pulumi.String("DigitalSignature"),
pulumi.String("KeyAgreement"),
pulumi.String("KeyEncipherment"),
},
NoStoreMetadata: pulumi.Bool(false),
})
if err != nil {
return err
}
testSecretBackendCert, err := pkisecret.NewSecretBackendCert(ctx, "test", &pkisecret.SecretBackendCertArgs{
Backend: testSecretBackendRole.Backend,
Name: testSecretBackendRole.Name,
CommonName: pulumi.String("cert.test.my.domain"),
Ttl: pulumi.String("720h"),
MinSecondsRemaining: pulumi.Int(60),
CertMetadata: pulumi.String("dGVzdCBtZXRhZGF0YQ=="),
})
if err != nil {
return err
}
_ = testSecretBackendCert.SerialNumber.ApplyT(func(serialNumber string) (pkisecret.GetBackendCertMetadataResult, error) {
return pkisecret.GetBackendCertMetadataResult(interface{}(pkisecret.GetBackendCertMetadataOutput(ctx, pkisecret.GetBackendCertMetadataOutputArgs{
Path: test_root.Path,
Serial: serialNumber,
}, nil))), nil
}).(pkisecret.GetBackendCertMetadataResultOutput)
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import com.pulumi.vault.pkiSecret.SecretBackendRootCert;
import com.pulumi.vault.pkiSecret.SecretBackendRootCertArgs;
import com.pulumi.vault.pkiSecret.SecretBackendRole;
import com.pulumi.vault.pkiSecret.SecretBackendRoleArgs;
import com.pulumi.vault.pkiSecret.SecretBackendCert;
import com.pulumi.vault.pkiSecret.SecretBackendCertArgs;
import com.pulumi.vault.pkiSecret.PkiSecretFunctions;
import com.pulumi.vault.pkiSecret.inputs.GetBackendCertMetadataArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pki = new Mount("pki", MountArgs.builder()
.path("pki")
.type("pki")
.description("PKI secret engine mount")
.build());
var root = new SecretBackendRootCert("root", SecretBackendRootCertArgs.builder()
.backend(pki.path())
.type("internal")
.commonName("example")
.ttl("86400")
.issuerName("example")
.build());
var testSecretBackendRole = new SecretBackendRole("testSecretBackendRole", SecretBackendRoleArgs.builder()
.backend(testVaultPkiSecretBackendRootCert.backend())
.name("test")
.allowedDomains("test.my.domain")
.allowSubdomains(true)
.maxTtl("3600")
.keyUsages(
"DigitalSignature",
"KeyAgreement",
"KeyEncipherment")
.noStoreMetadata(false)
.build());
var testSecretBackendCert = new SecretBackendCert("testSecretBackendCert", SecretBackendCertArgs.builder()
.backend(testSecretBackendRole.backend())
.name(testSecretBackendRole.name())
.commonName("cert.test.my.domain")
.ttl("720h")
.minSecondsRemaining(60)
.certMetadata("dGVzdCBtZXRhZGF0YQ==")
.build());
final var test = PkiSecretFunctions.getBackendCertMetadata(GetBackendCertMetadataArgs.builder()
.path(test_root.path())
.serial(testSecretBackendCert.serialNumber())
.build());
}
}Content copied to clipboard
resources:
pki:
type: vault:Mount
properties:
path: pki
type: pki
description: PKI secret engine mount
root:
type: vault:pkiSecret:SecretBackendRootCert
properties:
backend: ${pki.path}
type: internal
commonName: example
ttl: '86400'
issuerName: example
testSecretBackendRole:
type: vault:pkiSecret:SecretBackendRole
name: test
properties:
backend: ${testVaultPkiSecretBackendRootCert.backend}
name: test
allowedDomains:
- test.my.domain
allowSubdomains: true
maxTtl: '3600'
keyUsages:
- DigitalSignature
- KeyAgreement
- KeyEncipherment
noStoreMetadata: false
testSecretBackendCert:
type: vault:pkiSecret:SecretBackendCert
name: test
properties:
backend: ${testSecretBackendRole.backend}
name: ${testSecretBackendRole.name}
commonName: cert.test.my.domain
ttl: 720h
minSecondsRemaining: 60
certMetadata: dGVzdCBtZXRhZGF0YQ==
variables:
test:
fn::invoke:
function: vault:pkiSecret:getBackendCertMetadata
arguments:
path: ${["test-root"].path}
serial: ${testSecretBackendCert.serialNumber}Content copied to clipboard
Return
A collection of values returned by getBackendCertMetadata.
Parameters
argument
A collection of arguments for invoking getBackendCertMetadata.
suspend fun getBackendCertMetadata(namespace: String? = null, path: String, serial: String): GetBackendCertMetadataResult
Return
A collection of values returned by getBackendCertMetadata.
Parameters
namespace
The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
path
The path to the PKI secret backend to read the cert metadata from, with no leading or trailing /s.
serial
Specifies the serial of the certificate whose metadata to read.
See also
suspend fun getBackendCertMetadata(argument: suspend GetBackendCertMetadataPlainArgsBuilder.() -> Unit): GetBackendCertMetadataResult
Return
A collection of values returned by getBackendCertMetadata.
Parameters
argument
Builder for com.pulumi.vault.pkiSecret.kotlin.inputs.GetBackendCertMetadataPlainArgs.