Secret
data class SecretBackendIssuerArgs(val backend: Output<String>? = null, val crlDistributionPoints: Output<List<String>>? = null, val disableCriticalExtensionChecks: Output<Boolean>? = null, val disableNameChecks: Output<Boolean>? = null, val disableNameConstraintChecks: Output<Boolean>? = null, val disablePathLengthChecks: Output<Boolean>? = null, val enableAiaUrlTemplating: Output<Boolean>? = null, val issuerName: Output<String>? = null, val issuerRef: Output<String>? = null, val issuingCertificates: Output<List<String>>? = null, val leafNotAfterBehavior: Output<String>? = null, val manualChains: Output<List<String>>? = null, val namespace: Output<String>? = null, val ocspServers: Output<List<String>>? = null, val revocationSignatureAlgorithm: Output<String>? = null, val usage: Output<String>? = null) : ConvertibleToJava<SecretBackendIssuerArgs>
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const pki = new vault.Mount("pki", {
path: "pki",
type: "pki",
defaultLeaseTtlSeconds: 3600,
maxLeaseTtlSeconds: 86400,
});
const root = new vault.pkisecret.SecretBackendRootCert("root", {
backend: pki.path,
type: "internal",
commonName: "test",
ttl: "86400",
});
const example = new vault.pkisecret.SecretBackendIssuer("example", {
backend: root.backend,
issuerRef: root.issuerId,
issuerName: "example-issuer",
});Content copied to clipboard
import pulumi
import pulumi_vault as vault
pki = vault.Mount("pki",
path="pki",
type="pki",
default_lease_ttl_seconds=3600,
max_lease_ttl_seconds=86400)
root = vault.pki_secret.SecretBackendRootCert("root",
backend=pki.path,
type="internal",
common_name="test",
ttl="86400")
example = vault.pki_secret.SecretBackendIssuer("example",
backend=root.backend,
issuer_ref=root.issuer_id,
issuer_name="example-issuer")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var pki = new Vault.Mount("pki", new()
{
Path = "pki",
Type = "pki",
DefaultLeaseTtlSeconds = 3600,
MaxLeaseTtlSeconds = 86400,
});
var root = new Vault.PkiSecret.SecretBackendRootCert("root", new()
{
Backend = pki.Path,
Type = "internal",
CommonName = "test",
Ttl = "86400",
});
var example = new Vault.PkiSecret.SecretBackendIssuer("example", new()
{
Backend = root.Backend,
IssuerRef = root.IssuerId,
IssuerName = "example-issuer",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/pkisecret"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
pki, err := vault.NewMount(ctx, "pki", &vault.MountArgs{
Path: pulumi.String("pki"),
Type: pulumi.String("pki"),
DefaultLeaseTtlSeconds: pulumi.Int(3600),
MaxLeaseTtlSeconds: pulumi.Int(86400),
})
if err != nil {
return err
}
root, err := pkisecret.NewSecretBackendRootCert(ctx, "root", &pkisecret.SecretBackendRootCertArgs{
Backend: pki.Path,
Type: pulumi.String("internal"),
CommonName: pulumi.String("test"),
Ttl: pulumi.String("86400"),
})
if err != nil {
return err
}
_, err = pkisecret.NewSecretBackendIssuer(ctx, "example", &pkisecret.SecretBackendIssuerArgs{
Backend: root.Backend,
IssuerRef: root.IssuerId,
IssuerName: pulumi.String("example-issuer"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import com.pulumi.vault.pkiSecret.SecretBackendRootCert;
import com.pulumi.vault.pkiSecret.SecretBackendRootCertArgs;
import com.pulumi.vault.pkiSecret.SecretBackendIssuer;
import com.pulumi.vault.pkiSecret.SecretBackendIssuerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pki = new Mount("pki", MountArgs.builder()
.path("pki")
.type("pki")
.defaultLeaseTtlSeconds(3600)
.maxLeaseTtlSeconds(86400)
.build());
var root = new SecretBackendRootCert("root", SecretBackendRootCertArgs.builder()
.backend(pki.path())
.type("internal")
.commonName("test")
.ttl("86400")
.build());
var example = new SecretBackendIssuer("example", SecretBackendIssuerArgs.builder()
.backend(root.backend())
.issuerRef(root.issuerId())
.issuerName("example-issuer")
.build());
}
}Content copied to clipboard
resources:
pki:
type: vault:Mount
properties:
path: pki
type: pki
defaultLeaseTtlSeconds: 3600
maxLeaseTtlSeconds: 86400
root:
type: vault:pkiSecret:SecretBackendRootCert
properties:
backend: ${pki.path}
type: internal
commonName: test
ttl: '86400'
example:
type: vault:pkiSecret:SecretBackendIssuer
properties:
backend: ${root.backend}
issuerRef: ${root.issuerId}
issuerName: example-issuerContent copied to clipboard
Import
PKI secret backend issuer can be imported using the id, e.g.
$ pulumi import vault:pkiSecret/secretBackendIssuer:SecretBackendIssuer example pki/issuer/bf9b0d48-d0dd-652c-30be-77d04fc7e94dContent copied to clipboard
Constructors
Link copied to clipboard
constructor(backend: Output<String>? = null, crlDistributionPoints: Output<List<String>>? = null, disableCriticalExtensionChecks: Output<Boolean>? = null, disableNameChecks: Output<Boolean>? = null, disableNameConstraintChecks: Output<Boolean>? = null, disablePathLengthChecks: Output<Boolean>? = null, enableAiaUrlTemplating: Output<Boolean>? = null, issuerName: Output<String>? = null, issuerRef: Output<String>? = null, issuingCertificates: Output<List<String>>? = null, leafNotAfterBehavior: Output<String>? = null, manualChains: Output<List<String>>? = null, namespace: Output<String>? = null, ocspServers: Output<List<String>>? = null, revocationSignatureAlgorithm: Output<String>? = null, usage: Output<String>? = null)
Properties
Link copied to clipboard
Specifies the URL values for the CRL Distribution Points field.
Link copied to clipboard
This determines whether this issuer is able to issue certificates where the chain of trust (including the issued certificate) contain critical extensions not processed by Vault.
Link copied to clipboard
This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) contains a link in which the subject of the issuing certificate does not match the named issuer of the certificate it signed.
Link copied to clipboard
This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) violates the name constraints critical extension of one of the issuer certificates in the chain.
Link copied to clipboard
This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) is longer than allowed by a certificate authority in that chain.
Link copied to clipboard
Specifies that the AIA URL values should be templated.
Link copied to clipboard
Name of the issuer.
Link copied to clipboard
Specifies the URL values for the Issuing Certificate field.
Link copied to clipboard
Behavior of a leaf's NotAfter field during issuance.
Link copied to clipboard
Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
Link copied to clipboard
Specifies the URL values for the OCSP Servers field.
Link copied to clipboard
Which signature algorithm to use when building CRLs.