Secret
data class SecretBackendRootCertArgs(val altNames: Output<List<String>>? = null, val backend: Output<String>? = null, val commonName: Output<String>? = null, val country: Output<String>? = null, val excludeCnFromSans: Output<Boolean>? = null, val excludedDnsDomains: Output<List<String>>? = null, val excludedEmailAddresses: Output<List<String>>? = null, val excludedIpRanges: Output<List<String>>? = null, val excludedUriDomains: Output<List<String>>? = null, val format: Output<String>? = null, val ipSans: Output<List<String>>? = null, val issuerName: Output<String>? = null, val keyBits: Output<Int>? = null, val keyName: Output<String>? = null, val keyRef: Output<String>? = null, val keyType: Output<String>? = null, val locality: Output<String>? = null, val managedKeyId: Output<String>? = null, val managedKeyName: Output<String>? = null, val maxPathLength: Output<Int>? = null, val namespace: Output<String>? = null, val notAfter: Output<String>? = null, val organization: Output<String>? = null, val otherSans: Output<List<String>>? = null, val ou: Output<String>? = null, val permittedDnsDomains: Output<List<String>>? = null, val permittedEmailAddresses: Output<List<String>>? = null, val permittedIpRanges: Output<List<String>>? = null, val permittedUriDomains: Output<List<String>>? = null, val postalCode: Output<String>? = null, val privateKeyFormat: Output<String>? = null, val province: Output<String>? = null, val signatureBits: Output<Int>? = null, val streetAddress: Output<String>? = null, val ttl: Output<String>? = null, val type: Output<String>? = null, val uriSans: Output<List<String>>? = null) : ConvertibleToJava<SecretBackendRootCertArgs>
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const test = new vault.pkisecret.SecretBackendRootCert("test", {
backend: pki.path,
type: "internal",
commonName: "Root CA",
ttl: "315360000",
format: "pem",
privateKeyFormat: "der",
keyType: "rsa",
keyBits: 4096,
excludeCnFromSans: true,
ou: "My OU",
organization: "My organization",
}, {
dependsOn: [pki],
});Content copied to clipboard
import pulumi
import pulumi_vault as vault
test = vault.pki_secret.SecretBackendRootCert("test",
backend=pki["path"],
type="internal",
common_name="Root CA",
ttl="315360000",
format="pem",
private_key_format="der",
key_type="rsa",
key_bits=4096,
exclude_cn_from_sans=True,
ou="My OU",
organization="My organization",
opts = pulumi.ResourceOptions(depends_on=[pki]))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var test = new Vault.PkiSecret.SecretBackendRootCert("test", new()
{
Backend = pki.Path,
Type = "internal",
CommonName = "Root CA",
Ttl = "315360000",
Format = "pem",
PrivateKeyFormat = "der",
KeyType = "rsa",
KeyBits = 4096,
ExcludeCnFromSans = true,
Ou = "My OU",
Organization = "My organization",
}, new CustomResourceOptions
{
DependsOn =
{
pki,
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/pkisecret"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := pkisecret.NewSecretBackendRootCert(ctx, "test", &pkisecret.SecretBackendRootCertArgs{
Backend: pulumi.Any(pki.Path),
Type: pulumi.String("internal"),
CommonName: pulumi.String("Root CA"),
Ttl: pulumi.String("315360000"),
Format: pulumi.String("pem"),
PrivateKeyFormat: pulumi.String("der"),
KeyType: pulumi.String("rsa"),
KeyBits: pulumi.Int(4096),
ExcludeCnFromSans: pulumi.Bool(true),
Ou: pulumi.String("My OU"),
Organization: pulumi.String("My organization"),
}, pulumi.DependsOn([]pulumi.Resource{
pki,
}))
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.pkiSecret.SecretBackendRootCert;
import com.pulumi.vault.pkiSecret.SecretBackendRootCertArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new SecretBackendRootCert("test", SecretBackendRootCertArgs.builder()
.backend(pki.path())
.type("internal")
.commonName("Root CA")
.ttl("315360000")
.format("pem")
.privateKeyFormat("der")
.keyType("rsa")
.keyBits(4096)
.excludeCnFromSans(true)
.ou("My OU")
.organization("My organization")
.build(), CustomResourceOptions.builder()
.dependsOn(pki)
.build());
}
}Content copied to clipboard
resources:
test:
type: vault:pkiSecret:SecretBackendRootCert
properties:
backend: ${pki.path}
type: internal
commonName: Root CA
ttl: '315360000'
format: pem
privateKeyFormat: der
keyType: rsa
keyBits: 4096
excludeCnFromSans: true
ou: My OU
organization: My organization
options:
dependsOn:
- ${pki}Content copied to clipboard
Constructors
Link copied to clipboard
constructor(altNames: Output<List<String>>? = null, backend: Output<String>? = null, commonName: Output<String>? = null, country: Output<String>? = null, excludeCnFromSans: Output<Boolean>? = null, excludedDnsDomains: Output<List<String>>? = null, excludedEmailAddresses: Output<List<String>>? = null, excludedIpRanges: Output<List<String>>? = null, excludedUriDomains: Output<List<String>>? = null, format: Output<String>? = null, ipSans: Output<List<String>>? = null, issuerName: Output<String>? = null, keyBits: Output<Int>? = null, keyName: Output<String>? = null, keyRef: Output<String>? = null, keyType: Output<String>? = null, locality: Output<String>? = null, managedKeyId: Output<String>? = null, managedKeyName: Output<String>? = null, maxPathLength: Output<Int>? = null, namespace: Output<String>? = null, notAfter: Output<String>? = null, organization: Output<String>? = null, otherSans: Output<List<String>>? = null, ou: Output<String>? = null, permittedDnsDomains: Output<List<String>>? = null, permittedEmailAddresses: Output<List<String>>? = null, permittedIpRanges: Output<List<String>>? = null, permittedUriDomains: Output<List<String>>? = null, postalCode: Output<String>? = null, privateKeyFormat: Output<String>? = null, province: Output<String>? = null, signatureBits: Output<Int>? = null, streetAddress: Output<String>? = null, ttl: Output<String>? = null, type: Output<String>? = null, uriSans: Output<List<String>>? = null)
Properties
Link copied to clipboard
CN of intermediate to create
Link copied to clipboard
Flag to exclude CN from SANs
Link copied to clipboard
List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
Link copied to clipboard
List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
Link copied to clipboard
List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
Link copied to clipboard
List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
Link copied to clipboard
Provides a name to the specified issuer. The name must be unique across all issuers and not be the reserved value default
Link copied to clipboard
The ID of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_name
Link copied to clipboard
The name of the previously configured managed key. This field is required if type is kms and it conflicts with managed_key_id
Link copied to clipboard
The maximum path length to encode in the generated certificate
Link copied to clipboard
The organization
Link copied to clipboard
List of domains for which certificates are allowed to be issued
Link copied to clipboard
List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
Link copied to clipboard
List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
Link copied to clipboard
List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
Link copied to clipboard
The postal code
Link copied to clipboard
The private key format
Link copied to clipboard
The number of bits to use in the signature algorithm
Link copied to clipboard
The street address