Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
SSH Cert Issuer resource
Create SshCertIssuer Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SshCertIssuer(name: string, args: SshCertIssuerArgs, opts?: CustomResourceOptions);@overload
def SshCertIssuer(resource_name: str,
args: SshCertIssuerArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SshCertIssuer(resource_name: str,
opts: Optional[ResourceOptions] = None,
allowed_users: Optional[str] = None,
ttl: Optional[float] = None,
signer_key_name: Optional[str] = None,
secure_access_bastion_ssh: Optional[str] = None,
secure_access_enforce_hosts_restriction: Optional[bool] = None,
host_provider: Optional[str] = None,
item_custom_fields: Optional[Mapping[str, str]] = None,
name: Optional[str] = None,
principals: Optional[str] = None,
provider_type: Optional[str] = None,
secure_access_api: Optional[str] = None,
secure_access_bastion_api: Optional[str] = None,
extensions: Optional[Mapping[str, str]] = None,
secure_access_enable: Optional[str] = None,
fixed_user_claim_keyname: Optional[str] = None,
secure_access_gateway: Optional[str] = None,
secure_access_hosts: Optional[Sequence[str]] = None,
secure_access_ssh: Optional[str] = None,
secure_access_ssh_creds_user: Optional[str] = None,
secure_access_use_internal_bastion: Optional[bool] = None,
secure_access_use_internal_ssh_access: Optional[bool] = None,
description: Optional[str] = None,
ssh_cert_issuer_id: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
targets: Optional[Sequence[str]] = None,
delete_protection: Optional[bool] = None)func NewSshCertIssuer(ctx *Context, name string, args SshCertIssuerArgs, opts ...ResourceOption) (*SshCertIssuer, error)public SshCertIssuer(string name, SshCertIssuerArgs args, CustomResourceOptions? opts = null)
public SshCertIssuer(String name, SshCertIssuerArgs args)
public SshCertIssuer(String name, SshCertIssuerArgs args, CustomResourceOptions options)
type: akeyless:SshCertIssuer
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SshCertIssuerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SshCertIssuerArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SshCertIssuerArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SshCertIssuerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SshCertIssuerArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var sshCertIssuerResource = new Akeyless.SshCertIssuer("sshCertIssuerResource", new()
{
AllowedUsers = "string",
Ttl = 0,
SignerKeyName = "string",
SecureAccessBastionSsh = "string",
SecureAccessEnforceHostsRestriction = false,
HostProvider = "string",
ItemCustomFields =
{
{ "string", "string" },
},
Name = "string",
Principals = "string",
ProviderType = "string",
SecureAccessApi = "string",
SecureAccessBastionApi = "string",
Extensions =
{
{ "string", "string" },
},
SecureAccessEnable = "string",
FixedUserClaimKeyname = "string",
SecureAccessGateway = "string",
SecureAccessHosts = new[]
{
"string",
},
SecureAccessSsh = "string",
SecureAccessSshCredsUser = "string",
SecureAccessUseInternalBastion = false,
SecureAccessUseInternalSshAccess = false,
Description = "string",
SshCertIssuerId = "string",
Tags = new[]
{
"string",
},
Targets = new[]
{
"string",
},
DeleteProtection = false,
});
example, err := akeyless.NewSshCertIssuer(ctx, "sshCertIssuerResource", &akeyless.SshCertIssuerArgs{
AllowedUsers: pulumi.String("string"),
Ttl: pulumi.Float64(0),
SignerKeyName: pulumi.String("string"),
SecureAccessBastionSsh: pulumi.String("string"),
SecureAccessEnforceHostsRestriction: pulumi.Bool(false),
HostProvider: pulumi.String("string"),
ItemCustomFields: pulumi.StringMap{
"string": pulumi.String("string"),
},
Name: pulumi.String("string"),
Principals: pulumi.String("string"),
ProviderType: pulumi.String("string"),
SecureAccessApi: pulumi.String("string"),
SecureAccessBastionApi: pulumi.String("string"),
Extensions: pulumi.StringMap{
"string": pulumi.String("string"),
},
SecureAccessEnable: pulumi.String("string"),
FixedUserClaimKeyname: pulumi.String("string"),
SecureAccessGateway: pulumi.String("string"),
SecureAccessHosts: pulumi.StringArray{
pulumi.String("string"),
},
SecureAccessSsh: pulumi.String("string"),
SecureAccessSshCredsUser: pulumi.String("string"),
SecureAccessUseInternalBastion: pulumi.Bool(false),
SecureAccessUseInternalSshAccess: pulumi.Bool(false),
Description: pulumi.String("string"),
SshCertIssuerId: pulumi.String("string"),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
Targets: pulumi.StringArray{
pulumi.String("string"),
},
DeleteProtection: pulumi.Bool(false),
})
var sshCertIssuerResource = new SshCertIssuer("sshCertIssuerResource", SshCertIssuerArgs.builder()
.allowedUsers("string")
.ttl(0.0)
.signerKeyName("string")
.secureAccessBastionSsh("string")
.secureAccessEnforceHostsRestriction(false)
.hostProvider("string")
.itemCustomFields(Map.of("string", "string"))
.name("string")
.principals("string")
.providerType("string")
.secureAccessApi("string")
.secureAccessBastionApi("string")
.extensions(Map.of("string", "string"))
.secureAccessEnable("string")
.fixedUserClaimKeyname("string")
.secureAccessGateway("string")
.secureAccessHosts("string")
.secureAccessSsh("string")
.secureAccessSshCredsUser("string")
.secureAccessUseInternalBastion(false)
.secureAccessUseInternalSshAccess(false)
.description("string")
.sshCertIssuerId("string")
.tags("string")
.targets("string")
.deleteProtection(false)
.build());
ssh_cert_issuer_resource = akeyless.SshCertIssuer("sshCertIssuerResource",
allowed_users="string",
ttl=float(0),
signer_key_name="string",
secure_access_bastion_ssh="string",
secure_access_enforce_hosts_restriction=False,
host_provider="string",
item_custom_fields={
"string": "string",
},
name="string",
principals="string",
provider_type="string",
secure_access_api="string",
secure_access_bastion_api="string",
extensions={
"string": "string",
},
secure_access_enable="string",
fixed_user_claim_keyname="string",
secure_access_gateway="string",
secure_access_hosts=["string"],
secure_access_ssh="string",
secure_access_ssh_creds_user="string",
secure_access_use_internal_bastion=False,
secure_access_use_internal_ssh_access=False,
description="string",
ssh_cert_issuer_id="string",
tags=["string"],
targets=["string"],
delete_protection=False)
const sshCertIssuerResource = new akeyless.SshCertIssuer("sshCertIssuerResource", {
allowedUsers: "string",
ttl: 0,
signerKeyName: "string",
secureAccessBastionSsh: "string",
secureAccessEnforceHostsRestriction: false,
hostProvider: "string",
itemCustomFields: {
string: "string",
},
name: "string",
principals: "string",
providerType: "string",
secureAccessApi: "string",
secureAccessBastionApi: "string",
extensions: {
string: "string",
},
secureAccessEnable: "string",
fixedUserClaimKeyname: "string",
secureAccessGateway: "string",
secureAccessHosts: ["string"],
secureAccessSsh: "string",
secureAccessSshCredsUser: "string",
secureAccessUseInternalBastion: false,
secureAccessUseInternalSshAccess: false,
description: "string",
sshCertIssuerId: "string",
tags: ["string"],
targets: ["string"],
deleteProtection: false,
});
type: akeyless:SshCertIssuer
properties:
allowedUsers: string
deleteProtection: false
description: string
extensions:
string: string
fixedUserClaimKeyname: string
hostProvider: string
itemCustomFields:
string: string
name: string
principals: string
providerType: string
secureAccessApi: string
secureAccessBastionApi: string
secureAccessBastionSsh: string
secureAccessEnable: string
secureAccessEnforceHostsRestriction: false
secureAccessGateway: string
secureAccessHosts:
- string
secureAccessSsh: string
secureAccessSshCredsUser: string
secureAccessUseInternalBastion: false
secureAccessUseInternalSshAccess: false
signerKeyName: string
sshCertIssuerId: string
tags:
- string
targets:
- string
ttl: 0
SshCertIssuer Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SshCertIssuer resource accepts the following input properties:
- Allowed
Users string - Users allowed to fetch the certificate, e.g root,ubuntu
- Signer
Key stringName - A key to sign the certificate with
- Ttl double
- The requested Time To Live for the certificate, in seconds
- Delete
Protection bool - Protection from accidental deletion of this object [true/false]
- Description string
- Description of the object
- Extensions Dictionary<string, string>
- Signed certificates with extensions, e.g permit-port-forwarding=""
- Fixed
User stringClaim Keyname - For externally provided users, denotes the key-name of IdP claim to extract the username from (relevant only for external-username=true)
- Host
Provider string - Host provider type [explicit/target], Default Host provider is explicit, Relevant only for Secure Remote Access of ssh cert issuer, ldap rotated secret and ldap dynamic secret
- Item
Custom Dictionary<string, string>Fields - Additional custom fields to associate with the item
- Name string
- SSH certificate issuer name
- Principals string
- Signed certificates with principal, e.g examplerole1,examplerole2
- Provider
Type string - Provider type
- Secure
Access stringApi - Secure Access SSH control API endpoint. E.g. https://my.sra-server:9900
- Secure
Access stringBastion Api - Deprecated. use secure-access-api
- Secure
Access stringBastion Ssh - Deprecated. use secure-access-ssh
- Secure
Access stringEnable - Enable/Disable secure remote access [true/false]
- Secure
Access boolEnforce Hosts Restriction - Enable this flag to enforce connections only to the hosts listed in --secure-access-host
- Secure
Access stringGateway - Secure Access Gateway
- Secure
Access List<string>Hosts - Target servers for connections (In case of Linked Target association, host(s) will inherit Linked Target hosts - Relevant only for Dynamic Secrets/producers)
- Secure
Access stringSsh - Bastion's SSH server. E.g. my.sra-server:22
- Secure
Access stringSsh Creds User - SSH username to connect to target server, must be in 'Allowed Users' list
- Secure
Access boolUse Internal Bastion - Deprecated. Use secure-access-use-internal-ssh-access
- Secure
Access boolUse Internal Ssh Access - Use internal SSH Access
- Ssh
Cert stringIssuer Id - The ID of this resource.
- List<string>
- List of the tags attached to this key
- Targets List<string>
- A list of linked targets to be associated, Relevant only for Secure Remote Access for ssh cert issuer, ldap rotated secret and ldap dynamic secret, To specify multiple targets use argument multiple times
- Allowed
Users string - Users allowed to fetch the certificate, e.g root,ubuntu
- Signer
Key stringName - A key to sign the certificate with
- Ttl float64
- The requested Time To Live for the certificate, in seconds
- Delete
Protection bool - Protection from accidental deletion of this object [true/false]
- Description string
- Description of the object
- Extensions map[string]string
- Signed certificates with extensions, e.g permit-port-forwarding=""
- Fixed
User stringClaim Keyname - For externally provided users, denotes the key-name of IdP claim to extract the username from (relevant only for external-username=true)
- Host
Provider string - Host provider type [explicit/target], Default Host provider is explicit, Relevant only for Secure Remote Access of ssh cert issuer, ldap rotated secret and ldap dynamic secret
- Item
Custom map[string]stringFields - Additional custom fields to associate with the item
- Name string
- SSH certificate issuer name
- Principals string
- Signed certificates with principal, e.g examplerole1,examplerole2
- Provider
Type string - Provider type
- Secure
Access stringApi - Secure Access SSH control API endpoint. E.g. https://my.sra-server:9900
- Secure
Access stringBastion Api - Deprecated. use secure-access-api
- Secure
Access stringBastion Ssh - Deprecated. use secure-access-ssh
- Secure
Access stringEnable - Enable/Disable secure remote access [true/false]
- Secure
Access boolEnforce Hosts Restriction - Enable this flag to enforce connections only to the hosts listed in --secure-access-host
- Secure
Access stringGateway - Secure Access Gateway
- Secure
Access []stringHosts - Target servers for connections (In case of Linked Target association, host(s) will inherit Linked Target hosts - Relevant only for Dynamic Secrets/producers)
- Secure
Access stringSsh - Bastion's SSH server. E.g. my.sra-server:22
- Secure
Access stringSsh Creds User - SSH username to connect to target server, must be in 'Allowed Users' list
- Secure
Access boolUse Internal Bastion - Deprecated. Use secure-access-use-internal-ssh-access
- Secure
Access boolUse Internal Ssh Access - Use internal SSH Access
- Ssh
Cert stringIssuer Id - The ID of this resource.
- []string
- List of the tags attached to this key
- Targets []string
- A list of linked targets to be associated, Relevant only for Secure Remote Access for ssh cert issuer, ldap rotated secret and ldap dynamic secret, To specify multiple targets use argument multiple times
- allowed
Users String - Users allowed to fetch the certificate, e.g root,ubuntu
- signer
Key StringName - A key to sign the certificate with
- ttl Double
- The requested Time To Live for the certificate, in seconds
- delete
Protection Boolean - Protection from accidental deletion of this object [true/false]
- description String
- Description of the object
- extensions Map<String,String>
- Signed certificates with extensions, e.g permit-port-forwarding=""
- fixed
User StringClaim Keyname - For externally provided users, denotes the key-name of IdP claim to extract the username from (relevant only for external-username=true)
- host
Provider String - Host provider type [explicit/target], Default Host provider is explicit, Relevant only for Secure Remote Access of ssh cert issuer, ldap rotated secret and ldap dynamic secret
- item
Custom Map<String,String>Fields - Additional custom fields to associate with the item
- name String
- SSH certificate issuer name
- principals String
- Signed certificates with principal, e.g examplerole1,examplerole2
- provider
Type String - Provider type
- secure
Access StringApi - Secure Access SSH control API endpoint. E.g. https://my.sra-server:9900
- secure
Access StringBastion Api - Deprecated. use secure-access-api
- secure
Access StringBastion Ssh - Deprecated. use secure-access-ssh
- secure
Access StringEnable - Enable/Disable secure remote access [true/false]
- secure
Access BooleanEnforce Hosts Restriction - Enable this flag to enforce connections only to the hosts listed in --secure-access-host
- secure
Access StringGateway - Secure Access Gateway
- secure
Access List<String>Hosts - Target servers for connections (In case of Linked Target association, host(s) will inherit Linked Target hosts - Relevant only for Dynamic Secrets/producers)
- secure
Access StringSsh - Bastion's SSH server. E.g. my.sra-server:22
- secure
Access StringSsh Creds User - SSH username to connect to target server, must be in 'Allowed Users' list
- secure
Access BooleanUse Internal Bastion - Deprecated. Use secure-access-use-internal-ssh-access
- secure
Access BooleanUse Internal Ssh Access - Use internal SSH Access
- ssh
Cert StringIssuer Id - The ID of this resource.
- List<String>
- List of the tags attached to this key
- targets List<String>
- A list of linked targets to be associated, Relevant only for Secure Remote Access for ssh cert issuer, ldap rotated secret and ldap dynamic secret, To specify multiple targets use argument multiple times
- allowed
Users string - Users allowed to fetch the certificate, e.g root,ubuntu
- signer
Key stringName - A key to sign the certificate with
- ttl number
- The requested Time To Live for the certificate, in seconds
- delete
Protection boolean - Protection from accidental deletion of this object [true/false]
- description string
- Description of the object
- extensions {[key: string]: string}
- Signed certificates with extensions, e.g permit-port-forwarding=""
- fixed
User stringClaim Keyname - For externally provided users, denotes the key-name of IdP claim to extract the username from (relevant only for external-username=true)
- host
Provider string - Host provider type [explicit/target], Default Host provider is explicit, Relevant only for Secure Remote Access of ssh cert issuer, ldap rotated secret and ldap dynamic secret
- item
Custom {[key: string]: string}Fields - Additional custom fields to associate with the item
- name string
- SSH certificate issuer name
- principals string
- Signed certificates with principal, e.g examplerole1,examplerole2
- provider
Type string - Provider type
- secure
Access stringApi - Secure Access SSH control API endpoint. E.g. https://my.sra-server:9900
- secure
Access stringBastion Api - Deprecated. use secure-access-api
- secure
Access stringBastion Ssh - Deprecated. use secure-access-ssh
- secure
Access stringEnable - Enable/Disable secure remote access [true/false]
- secure
Access booleanEnforce Hosts Restriction - Enable this flag to enforce connections only to the hosts listed in --secure-access-host
- secure
Access stringGateway - Secure Access Gateway
- secure
Access string[]Hosts - Target servers for connections (In case of Linked Target association, host(s) will inherit Linked Target hosts - Relevant only for Dynamic Secrets/producers)
- secure
Access stringSsh - Bastion's SSH server. E.g. my.sra-server:22
- secure
Access stringSsh Creds User - SSH username to connect to target server, must be in 'Allowed Users' list
- secure
Access booleanUse Internal Bastion - Deprecated. Use secure-access-use-internal-ssh-access
- secure
Access booleanUse Internal Ssh Access - Use internal SSH Access
- ssh
Cert stringIssuer Id - The ID of this resource.
- string[]
- List of the tags attached to this key
- targets string[]
- A list of linked targets to be associated, Relevant only for Secure Remote Access for ssh cert issuer, ldap rotated secret and ldap dynamic secret, To specify multiple targets use argument multiple times
- allowed_
users str - Users allowed to fetch the certificate, e.g root,ubuntu
- signer_
key_ strname - A key to sign the certificate with
- ttl float
- The requested Time To Live for the certificate, in seconds
- delete_
protection bool - Protection from accidental deletion of this object [true/false]
- description str
- Description of the object
- extensions Mapping[str, str]
- Signed certificates with extensions, e.g permit-port-forwarding=""
- fixed_
user_ strclaim_ keyname - For externally provided users, denotes the key-name of IdP claim to extract the username from (relevant only for external-username=true)
- host_
provider str - Host provider type [explicit/target], Default Host provider is explicit, Relevant only for Secure Remote Access of ssh cert issuer, ldap rotated secret and ldap dynamic secret
- item_
custom_ Mapping[str, str]fields - Additional custom fields to associate with the item
- name str
- SSH certificate issuer name
- principals str
- Signed certificates with principal, e.g examplerole1,examplerole2
- provider_
type str - Provider type
- secure_
access_ strapi - Secure Access SSH control API endpoint. E.g. https://my.sra-server:9900
- secure_
access_ strbastion_ api - Deprecated. use secure-access-api
- secure_
access_ strbastion_ ssh - Deprecated. use secure-access-ssh
- secure_
access_ strenable - Enable/Disable secure remote access [true/false]
- secure_
access_ boolenforce_ hosts_ restriction - Enable this flag to enforce connections only to the hosts listed in --secure-access-host
- secure_
access_ strgateway - Secure Access Gateway
- secure_
access_ Sequence[str]hosts - Target servers for connections (In case of Linked Target association, host(s) will inherit Linked Target hosts - Relevant only for Dynamic Secrets/producers)
- secure_
access_ strssh - Bastion's SSH server. E.g. my.sra-server:22
- secure_
access_ strssh_ creds_ user - SSH username to connect to target server, must be in 'Allowed Users' list
- secure_
access_ booluse_ internal_ bastion - Deprecated. Use secure-access-use-internal-ssh-access
- secure_
access_ booluse_ internal_ ssh_ access - Use internal SSH Access
- ssh_
cert_ strissuer_ id - The ID of this resource.
- Sequence[str]
- List of the tags attached to this key
- targets Sequence[str]
- A list of linked targets to be associated, Relevant only for Secure Remote Access for ssh cert issuer, ldap rotated secret and ldap dynamic secret, To specify multiple targets use argument multiple times
- allowed
Users String - Users allowed to fetch the certificate, e.g root,ubuntu
- signer
Key StringName - A key to sign the certificate with
- ttl Number
- The requested Time To Live for the certificate, in seconds
- delete
Protection Boolean - Protection from accidental deletion of this object [true/false]
- description String
- Description of the object
- extensions Map<String>
- Signed certificates with extensions, e.g permit-port-forwarding=""
- fixed
User StringClaim Keyname - For externally provided users, denotes the key-name of IdP claim to extract the username from (relevant only for external-username=true)
- host
Provider String - Host provider type [explicit/target], Default Host provider is explicit, Relevant only for Secure Remote Access of ssh cert issuer, ldap rotated secret and ldap dynamic secret
- item
Custom Map<String>Fields - Additional custom fields to associate with the item
- name String
- SSH certificate issuer name
- principals String
- Signed certificates with principal, e.g examplerole1,examplerole2
- provider
Type String - Provider type
- secure
Access StringApi - Secure Access SSH control API endpoint. E.g. https://my.sra-server:9900
- secure
Access StringBastion Api - Deprecated. use secure-access-api
- secure
Access StringBastion Ssh - Deprecated. use secure-access-ssh
- secure
Access StringEnable - Enable/Disable secure remote access [true/false]
- secure
Access BooleanEnforce Hosts Restriction - Enable this flag to enforce connections only to the hosts listed in --secure-access-host
- secure
Access StringGateway - Secure Access Gateway
- secure
Access List<String>Hosts - Target servers for connections (In case of Linked Target association, host(s) will inherit Linked Target hosts - Relevant only for Dynamic Secrets/producers)
- secure
Access StringSsh - Bastion's SSH server. E.g. my.sra-server:22
- secure
Access StringSsh Creds User - SSH username to connect to target server, must be in 'Allowed Users' list
- secure
Access BooleanUse Internal Bastion - Deprecated. Use secure-access-use-internal-ssh-access
- secure
Access BooleanUse Internal Ssh Access - Use internal SSH Access
- ssh
Cert StringIssuer Id - The ID of this resource.
- List<String>
- List of the tags attached to this key
- targets List<String>
- A list of linked targets to be associated, Relevant only for Secure Remote Access for ssh cert issuer, ldap rotated secret and ldap dynamic secret, To specify multiple targets use argument multiple times
Outputs
All input properties are implicitly available as output properties. Additionally, the SshCertIssuer resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing SshCertIssuer Resource
Get an existing SshCertIssuer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SshCertIssuerState, opts?: CustomResourceOptions): SshCertIssuer@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allowed_users: Optional[str] = None,
delete_protection: Optional[bool] = None,
description: Optional[str] = None,
extensions: Optional[Mapping[str, str]] = None,
fixed_user_claim_keyname: Optional[str] = None,
host_provider: Optional[str] = None,
item_custom_fields: Optional[Mapping[str, str]] = None,
name: Optional[str] = None,
principals: Optional[str] = None,
provider_type: Optional[str] = None,
secure_access_api: Optional[str] = None,
secure_access_bastion_api: Optional[str] = None,
secure_access_bastion_ssh: Optional[str] = None,
secure_access_enable: Optional[str] = None,
secure_access_enforce_hosts_restriction: Optional[bool] = None,
secure_access_gateway: Optional[str] = None,
secure_access_hosts: Optional[Sequence[str]] = None,
secure_access_ssh: Optional[str] = None,
secure_access_ssh_creds_user: Optional[str] = None,
secure_access_use_internal_bastion: Optional[bool] = None,
secure_access_use_internal_ssh_access: Optional[bool] = None,
signer_key_name: Optional[str] = None,
ssh_cert_issuer_id: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
targets: Optional[Sequence[str]] = None,
ttl: Optional[float] = None) -> SshCertIssuerfunc GetSshCertIssuer(ctx *Context, name string, id IDInput, state *SshCertIssuerState, opts ...ResourceOption) (*SshCertIssuer, error)public static SshCertIssuer Get(string name, Input<string> id, SshCertIssuerState? state, CustomResourceOptions? opts = null)public static SshCertIssuer get(String name, Output<String> id, SshCertIssuerState state, CustomResourceOptions options)resources: _: type: akeyless:SshCertIssuer get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allowed
Users string - Users allowed to fetch the certificate, e.g root,ubuntu
- Delete
Protection bool - Protection from accidental deletion of this object [true/false]
- Description string
- Description of the object
- Extensions Dictionary<string, string>
- Signed certificates with extensions, e.g permit-port-forwarding=""
- Fixed
User stringClaim Keyname - For externally provided users, denotes the key-name of IdP claim to extract the username from (relevant only for external-username=true)
- Host
Provider string - Host provider type [explicit/target], Default Host provider is explicit, Relevant only for Secure Remote Access of ssh cert issuer, ldap rotated secret and ldap dynamic secret
- Item
Custom Dictionary<string, string>Fields - Additional custom fields to associate with the item
- Name string
- SSH certificate issuer name
- Principals string
- Signed certificates with principal, e.g examplerole1,examplerole2
- Provider
Type string - Provider type
- Secure
Access stringApi - Secure Access SSH control API endpoint. E.g. https://my.sra-server:9900
- Secure
Access stringBastion Api - Deprecated. use secure-access-api
- Secure
Access stringBastion Ssh - Deprecated. use secure-access-ssh
- Secure
Access stringEnable - Enable/Disable secure remote access [true/false]
- Secure
Access boolEnforce Hosts Restriction - Enable this flag to enforce connections only to the hosts listed in --secure-access-host
- Secure
Access stringGateway - Secure Access Gateway
- Secure
Access List<string>Hosts - Target servers for connections (In case of Linked Target association, host(s) will inherit Linked Target hosts - Relevant only for Dynamic Secrets/producers)
- Secure
Access stringSsh - Bastion's SSH server. E.g. my.sra-server:22
- Secure
Access stringSsh Creds User - SSH username to connect to target server, must be in 'Allowed Users' list
- Secure
Access boolUse Internal Bastion - Deprecated. Use secure-access-use-internal-ssh-access
- Secure
Access boolUse Internal Ssh Access - Use internal SSH Access
- Signer
Key stringName - A key to sign the certificate with
- Ssh
Cert stringIssuer Id - The ID of this resource.
- List<string>
- List of the tags attached to this key
- Targets List<string>
- A list of linked targets to be associated, Relevant only for Secure Remote Access for ssh cert issuer, ldap rotated secret and ldap dynamic secret, To specify multiple targets use argument multiple times
- Ttl double
- The requested Time To Live for the certificate, in seconds
- Allowed
Users string - Users allowed to fetch the certificate, e.g root,ubuntu
- Delete
Protection bool - Protection from accidental deletion of this object [true/false]
- Description string
- Description of the object
- Extensions map[string]string
- Signed certificates with extensions, e.g permit-port-forwarding=""
- Fixed
User stringClaim Keyname - For externally provided users, denotes the key-name of IdP claim to extract the username from (relevant only for external-username=true)
- Host
Provider string - Host provider type [explicit/target], Default Host provider is explicit, Relevant only for Secure Remote Access of ssh cert issuer, ldap rotated secret and ldap dynamic secret
- Item
Custom map[string]stringFields - Additional custom fields to associate with the item
- Name string
- SSH certificate issuer name
- Principals string
- Signed certificates with principal, e.g examplerole1,examplerole2
- Provider
Type string - Provider type
- Secure
Access stringApi - Secure Access SSH control API endpoint. E.g. https://my.sra-server:9900
- Secure
Access stringBastion Api - Deprecated. use secure-access-api
- Secure
Access stringBastion Ssh - Deprecated. use secure-access-ssh
- Secure
Access stringEnable - Enable/Disable secure remote access [true/false]
- Secure
Access boolEnforce Hosts Restriction - Enable this flag to enforce connections only to the hosts listed in --secure-access-host
- Secure
Access stringGateway - Secure Access Gateway
- Secure
Access []stringHosts - Target servers for connections (In case of Linked Target association, host(s) will inherit Linked Target hosts - Relevant only for Dynamic Secrets/producers)
- Secure
Access stringSsh - Bastion's SSH server. E.g. my.sra-server:22
- Secure
Access stringSsh Creds User - SSH username to connect to target server, must be in 'Allowed Users' list
- Secure
Access boolUse Internal Bastion - Deprecated. Use secure-access-use-internal-ssh-access
- Secure
Access boolUse Internal Ssh Access - Use internal SSH Access
- Signer
Key stringName - A key to sign the certificate with
- Ssh
Cert stringIssuer Id - The ID of this resource.
- []string
- List of the tags attached to this key
- Targets []string
- A list of linked targets to be associated, Relevant only for Secure Remote Access for ssh cert issuer, ldap rotated secret and ldap dynamic secret, To specify multiple targets use argument multiple times
- Ttl float64
- The requested Time To Live for the certificate, in seconds
- allowed
Users String - Users allowed to fetch the certificate, e.g root,ubuntu
- delete
Protection Boolean - Protection from accidental deletion of this object [true/false]
- description String
- Description of the object
- extensions Map<String,String>
- Signed certificates with extensions, e.g permit-port-forwarding=""
- fixed
User StringClaim Keyname - For externally provided users, denotes the key-name of IdP claim to extract the username from (relevant only for external-username=true)
- host
Provider String - Host provider type [explicit/target], Default Host provider is explicit, Relevant only for Secure Remote Access of ssh cert issuer, ldap rotated secret and ldap dynamic secret
- item
Custom Map<String,String>Fields - Additional custom fields to associate with the item
- name String
- SSH certificate issuer name
- principals String
- Signed certificates with principal, e.g examplerole1,examplerole2
- provider
Type String - Provider type
- secure
Access StringApi - Secure Access SSH control API endpoint. E.g. https://my.sra-server:9900
- secure
Access StringBastion Api - Deprecated. use secure-access-api
- secure
Access StringBastion Ssh - Deprecated. use secure-access-ssh
- secure
Access StringEnable - Enable/Disable secure remote access [true/false]
- secure
Access BooleanEnforce Hosts Restriction - Enable this flag to enforce connections only to the hosts listed in --secure-access-host
- secure
Access StringGateway - Secure Access Gateway
- secure
Access List<String>Hosts - Target servers for connections (In case of Linked Target association, host(s) will inherit Linked Target hosts - Relevant only for Dynamic Secrets/producers)
- secure
Access StringSsh - Bastion's SSH server. E.g. my.sra-server:22
- secure
Access StringSsh Creds User - SSH username to connect to target server, must be in 'Allowed Users' list
- secure
Access BooleanUse Internal Bastion - Deprecated. Use secure-access-use-internal-ssh-access
- secure
Access BooleanUse Internal Ssh Access - Use internal SSH Access
- signer
Key StringName - A key to sign the certificate with
- ssh
Cert StringIssuer Id - The ID of this resource.
- List<String>
- List of the tags attached to this key
- targets List<String>
- A list of linked targets to be associated, Relevant only for Secure Remote Access for ssh cert issuer, ldap rotated secret and ldap dynamic secret, To specify multiple targets use argument multiple times
- ttl Double
- The requested Time To Live for the certificate, in seconds
- allowed
Users string - Users allowed to fetch the certificate, e.g root,ubuntu
- delete
Protection boolean - Protection from accidental deletion of this object [true/false]
- description string
- Description of the object
- extensions {[key: string]: string}
- Signed certificates with extensions, e.g permit-port-forwarding=""
- fixed
User stringClaim Keyname - For externally provided users, denotes the key-name of IdP claim to extract the username from (relevant only for external-username=true)
- host
Provider string - Host provider type [explicit/target], Default Host provider is explicit, Relevant only for Secure Remote Access of ssh cert issuer, ldap rotated secret and ldap dynamic secret
- item
Custom {[key: string]: string}Fields - Additional custom fields to associate with the item
- name string
- SSH certificate issuer name
- principals string
- Signed certificates with principal, e.g examplerole1,examplerole2
- provider
Type string - Provider type
- secure
Access stringApi - Secure Access SSH control API endpoint. E.g. https://my.sra-server:9900
- secure
Access stringBastion Api - Deprecated. use secure-access-api
- secure
Access stringBastion Ssh - Deprecated. use secure-access-ssh
- secure
Access stringEnable - Enable/Disable secure remote access [true/false]
- secure
Access booleanEnforce Hosts Restriction - Enable this flag to enforce connections only to the hosts listed in --secure-access-host
- secure
Access stringGateway - Secure Access Gateway
- secure
Access string[]Hosts - Target servers for connections (In case of Linked Target association, host(s) will inherit Linked Target hosts - Relevant only for Dynamic Secrets/producers)
- secure
Access stringSsh - Bastion's SSH server. E.g. my.sra-server:22
- secure
Access stringSsh Creds User - SSH username to connect to target server, must be in 'Allowed Users' list
- secure
Access booleanUse Internal Bastion - Deprecated. Use secure-access-use-internal-ssh-access
- secure
Access booleanUse Internal Ssh Access - Use internal SSH Access
- signer
Key stringName - A key to sign the certificate with
- ssh
Cert stringIssuer Id - The ID of this resource.
- string[]
- List of the tags attached to this key
- targets string[]
- A list of linked targets to be associated, Relevant only for Secure Remote Access for ssh cert issuer, ldap rotated secret and ldap dynamic secret, To specify multiple targets use argument multiple times
- ttl number
- The requested Time To Live for the certificate, in seconds
- allowed_
users str - Users allowed to fetch the certificate, e.g root,ubuntu
- delete_
protection bool - Protection from accidental deletion of this object [true/false]
- description str
- Description of the object
- extensions Mapping[str, str]
- Signed certificates with extensions, e.g permit-port-forwarding=""
- fixed_
user_ strclaim_ keyname - For externally provided users, denotes the key-name of IdP claim to extract the username from (relevant only for external-username=true)
- host_
provider str - Host provider type [explicit/target], Default Host provider is explicit, Relevant only for Secure Remote Access of ssh cert issuer, ldap rotated secret and ldap dynamic secret
- item_
custom_ Mapping[str, str]fields - Additional custom fields to associate with the item
- name str
- SSH certificate issuer name
- principals str
- Signed certificates with principal, e.g examplerole1,examplerole2
- provider_
type str - Provider type
- secure_
access_ strapi - Secure Access SSH control API endpoint. E.g. https://my.sra-server:9900
- secure_
access_ strbastion_ api - Deprecated. use secure-access-api
- secure_
access_ strbastion_ ssh - Deprecated. use secure-access-ssh
- secure_
access_ strenable - Enable/Disable secure remote access [true/false]
- secure_
access_ boolenforce_ hosts_ restriction - Enable this flag to enforce connections only to the hosts listed in --secure-access-host
- secure_
access_ strgateway - Secure Access Gateway
- secure_
access_ Sequence[str]hosts - Target servers for connections (In case of Linked Target association, host(s) will inherit Linked Target hosts - Relevant only for Dynamic Secrets/producers)
- secure_
access_ strssh - Bastion's SSH server. E.g. my.sra-server:22
- secure_
access_ strssh_ creds_ user - SSH username to connect to target server, must be in 'Allowed Users' list
- secure_
access_ booluse_ internal_ bastion - Deprecated. Use secure-access-use-internal-ssh-access
- secure_
access_ booluse_ internal_ ssh_ access - Use internal SSH Access
- signer_
key_ strname - A key to sign the certificate with
- ssh_
cert_ strissuer_ id - The ID of this resource.
- Sequence[str]
- List of the tags attached to this key
- targets Sequence[str]
- A list of linked targets to be associated, Relevant only for Secure Remote Access for ssh cert issuer, ldap rotated secret and ldap dynamic secret, To specify multiple targets use argument multiple times
- ttl float
- The requested Time To Live for the certificate, in seconds
- allowed
Users String - Users allowed to fetch the certificate, e.g root,ubuntu
- delete
Protection Boolean - Protection from accidental deletion of this object [true/false]
- description String
- Description of the object
- extensions Map<String>
- Signed certificates with extensions, e.g permit-port-forwarding=""
- fixed
User StringClaim Keyname - For externally provided users, denotes the key-name of IdP claim to extract the username from (relevant only for external-username=true)
- host
Provider String - Host provider type [explicit/target], Default Host provider is explicit, Relevant only for Secure Remote Access of ssh cert issuer, ldap rotated secret and ldap dynamic secret
- item
Custom Map<String>Fields - Additional custom fields to associate with the item
- name String
- SSH certificate issuer name
- principals String
- Signed certificates with principal, e.g examplerole1,examplerole2
- provider
Type String - Provider type
- secure
Access StringApi - Secure Access SSH control API endpoint. E.g. https://my.sra-server:9900
- secure
Access StringBastion Api - Deprecated. use secure-access-api
- secure
Access StringBastion Ssh - Deprecated. use secure-access-ssh
- secure
Access StringEnable - Enable/Disable secure remote access [true/false]
- secure
Access BooleanEnforce Hosts Restriction - Enable this flag to enforce connections only to the hosts listed in --secure-access-host
- secure
Access StringGateway - Secure Access Gateway
- secure
Access List<String>Hosts - Target servers for connections (In case of Linked Target association, host(s) will inherit Linked Target hosts - Relevant only for Dynamic Secrets/producers)
- secure
Access StringSsh - Bastion's SSH server. E.g. my.sra-server:22
- secure
Access StringSsh Creds User - SSH username to connect to target server, must be in 'Allowed Users' list
- secure
Access BooleanUse Internal Bastion - Deprecated. Use secure-access-use-internal-ssh-access
- secure
Access BooleanUse Internal Ssh Access - Use internal SSH Access
- signer
Key StringName - A key to sign the certificate with
- ssh
Cert StringIssuer Id - The ID of this resource.
- List<String>
- List of the tags attached to this key
- targets List<String>
- A list of linked targets to be associated, Relevant only for Secure Remote Access for ssh cert issuer, ldap rotated secret and ldap dynamic secret, To specify multiple targets use argument multiple times
- ttl Number
- The requested Time To Live for the certificate, in seconds
Package Details
- Repository
- akeyless akeyless-community/terraform-provider-akeyless
- License
- Notes
- This Pulumi package is based on the
akeylessTerraform Provider.
Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
