{ "name": "tls", "description": "A Pulumi package to create TLS resources in Pulumi programs.", "keywords": [ "pulumi", "tls" ], "homepage": "https://pulumi.io", "license": "Apache-2.0", "attribution": "This Pulumi package is based on the [`tls` Terraform Provider](https://github.com/hashicorp/terraform-provider-tls).", "repository": "https://github.com/pulumi/pulumi-tls", "meta": { "moduleFormat": "(.*)(?:/[^/]*)" }, "language": { "csharp": { "packageReferences": { "Pulumi": "3.*" }, "namespaces": { "tls": "Tls" }, "compatibility": "tfbridge20", "respectSchemaVersion": true }, "go": { "importBasePath": "github.com/pulumi/pulumi-tls/sdk/v5/go/tls", "generateResourceContainerTypes": true, "generateExtraInputTypes": true, "respectSchemaVersion": true }, "nodejs": { "packageDescription": "A Pulumi package to create TLS resources in Pulumi programs.", "readme": "\u003e This provider is a derived work of the [Terraform Provider](https://github.com/hashicorp/terraform-provider-tls)\n\u003e distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n\u003e first check the [`pulumi-tls` repo](https://github.com/pulumi/pulumi-tls/issues); however, if that doesn't turn up anything,\n\u003e please consult the source [`terraform-provider-tls` repo](https://github.com/hashicorp/terraform-provider-tls/issues).", "devDependencies": { "@types/node": "^10.0.0" }, "compatibility": "tfbridge20", "disableUnionOutputTypes": true, "respectSchemaVersion": true }, "python": { "readme": "\u003e This provider is a derived work of the [Terraform Provider](https://github.com/hashicorp/terraform-provider-tls)\n\u003e distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n\u003e first check the [`pulumi-tls` repo](https://github.com/pulumi/pulumi-tls/issues); however, if that doesn't turn up anything,\n\u003e please consult the source [`terraform-provider-tls` repo](https://github.com/hashicorp/terraform-provider-tls/issues).", "compatibility": "tfbridge20", "respectSchemaVersion": true, "pyproject": { "enabled": true } } }, "config": { "variables": { "proxy": { "$ref": "#/types/tls:config/proxy:proxy", "description": "Proxy used by resources and data sources that connect to external endpoints." } } }, "types": { "tls:config/proxy:proxy": { "properties": { "fromEnv": { "type": "boolean", "description": "When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e the provider will discover the proxy configuration from environment variables. This is based upon [`http.ProxyFromEnvironment`](https://pkg.go.dev/net/http#ProxyFromEnvironment) and it supports the same environment variables (default: \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e).\n" }, "password": { "type": "string", "description": "Password used for Basic authentication against the Proxy.\n", "secret": true }, "url": { "type": "string", "description": "URL used to connect to the Proxy. Accepted schemes are: \u003cspan pulumi-lang-nodejs=\"`http`\" pulumi-lang-dotnet=\"`Http`\" pulumi-lang-go=\"`http`\" pulumi-lang-python=\"`http`\" pulumi-lang-yaml=\"`http`\" pulumi-lang-java=\"`http`\"\u003e`http`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`https`\" pulumi-lang-dotnet=\"`Https`\" pulumi-lang-go=\"`https`\" pulumi-lang-python=\"`https`\" pulumi-lang-yaml=\"`https`\" pulumi-lang-java=\"`https`\"\u003e`https`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`socks5`\" pulumi-lang-dotnet=\"`Socks5`\" pulumi-lang-go=\"`socks5`\" pulumi-lang-python=\"`socks5`\" pulumi-lang-yaml=\"`socks5`\" pulumi-lang-java=\"`socks5`\"\u003e`socks5`\u003c/span\u003e.\n" }, "username": { "type": "string", "description": "Username (or Token) used for Basic authentication against the Proxy.\n" } }, "type": "object" }, "tls:index/CertRequestSubject:CertRequestSubject": { "properties": { "commonName": { "type": "string", "description": "Distinguished name: `CN`\n" }, "country": { "type": "string", "description": "Distinguished name: `C`\n" }, "emailAddress": { "type": "string", "description": "ASN.1 Object Identifier (OID): `1.2.840.113549.1.9.1`\n" }, "locality": { "type": "string", "description": "Distinguished name: `L`\n" }, "organization": { "type": "string", "description": "Distinguished name: `O`\n" }, "organizationalUnit": { "type": "string", "description": "Distinguished name: `OU`\n" }, "postalCode": { "type": "string", "description": "Distinguished name: `PC`\n" }, "province": { "type": "string", "description": "Distinguished name: `ST`\n" }, "serialNumber": { "type": "string", "description": "Distinguished name: `SERIALNUMBER`\n" }, "streetAddresses": { "type": "array", "items": { "type": "string" }, "description": "Distinguished name: `STREET`\n" } }, "type": "object" }, "tls:index/ProviderProxy:ProviderProxy": { "properties": { "fromEnv": { "type": "boolean", "description": "When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e the provider will discover the proxy configuration from environment variables. This is based upon [`http.ProxyFromEnvironment`](https://pkg.go.dev/net/http#ProxyFromEnvironment) and it supports the same environment variables (default: \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e).\n" }, "password": { "type": "string", "description": "Password used for Basic authentication against the Proxy.\n", "secret": true }, "url": { "type": "string", "description": "URL used to connect to the Proxy. Accepted schemes are: \u003cspan pulumi-lang-nodejs=\"`http`\" pulumi-lang-dotnet=\"`Http`\" pulumi-lang-go=\"`http`\" pulumi-lang-python=\"`http`\" pulumi-lang-yaml=\"`http`\" pulumi-lang-java=\"`http`\"\u003e`http`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`https`\" pulumi-lang-dotnet=\"`Https`\" pulumi-lang-go=\"`https`\" pulumi-lang-python=\"`https`\" pulumi-lang-yaml=\"`https`\" pulumi-lang-java=\"`https`\"\u003e`https`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`socks5`\" pulumi-lang-dotnet=\"`Socks5`\" pulumi-lang-go=\"`socks5`\" pulumi-lang-python=\"`socks5`\" pulumi-lang-yaml=\"`socks5`\" pulumi-lang-java=\"`socks5`\"\u003e`socks5`\u003c/span\u003e.\n" }, "username": { "type": "string", "description": "Username (or Token) used for Basic authentication against the Proxy.\n" } }, "type": "object" }, "tls:index/SelfSignedCertSubject:SelfSignedCertSubject": { "properties": { "commonName": { "type": "string", "description": "Distinguished name: `CN`\n" }, "country": { "type": "string", "description": "Distinguished name: `C`\n" }, "emailAddress": { "type": "string", "description": "ASN.1 Object Identifier (OID): `1.2.840.113549.1.9.1`\n" }, "locality": { "type": "string", "description": "Distinguished name: `L`\n" }, "organization": { "type": "string", "description": "Distinguished name: `O`\n" }, "organizationalUnit": { "type": "string", "description": "Distinguished name: `OU`\n" }, "postalCode": { "type": "string", "description": "Distinguished name: `PC`\n" }, "province": { "type": "string", "description": "Distinguished name: `ST`\n" }, "serialNumber": { "type": "string", "description": "Distinguished name: `SERIALNUMBER`\n" }, "streetAddresses": { "type": "array", "items": { "type": "string" }, "description": "Distinguished name: `STREET`\n" } }, "type": "object" }, "tls:index/getCertificateCertificate:getCertificateCertificate": { "properties": { "certPem": { "type": "string", "description": "Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n" }, "isCa": { "type": "boolean", "description": "\u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e if the certificate is of a CA (Certificate Authority).\n" }, "issuer": { "type": "string", "description": "Who verified and signed the certificate, roughly following [RFC2253](https://tools.ietf.org/html/rfc2253).\n" }, "maxPathLength": { "type": "integer", "description": "The maximum number of intermediate certificates that can follow this certificate in a valid certification path. If \u003cspan pulumi-lang-nodejs=\"`isCa`\" pulumi-lang-dotnet=\"`IsCa`\" pulumi-lang-go=\"`isCa`\" pulumi-lang-python=\"`is_ca`\" pulumi-lang-yaml=\"`isCa`\" pulumi-lang-java=\"`isCa`\"\u003e`isCa`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this value is `-1`.\n" }, "notAfter": { "type": "string", "description": "The time until which the certificate is invalid, as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.\n" }, "notBefore": { "type": "string", "description": "The time after which the certificate is valid, as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.\n" }, "publicKeyAlgorithm": { "type": "string", "description": "The key algorithm used to create the certificate.\n" }, "serialNumber": { "type": "string", "description": "Number that uniquely identifies the certificate with the CA's system.\nThe \u003cspan pulumi-lang-nodejs=\"`format`\" pulumi-lang-dotnet=\"`Format`\" pulumi-lang-go=\"`format`\" pulumi-lang-python=\"`format`\" pulumi-lang-yaml=\"`format`\" pulumi-lang-java=\"`format`\"\u003e`format`\u003c/span\u003e function can be used to convert this *base 10* number into other bases, such as hex.\n" }, "sha1Fingerprint": { "type": "string", "description": "The SHA1 fingerprint of the public key of the certificate.\n" }, "signatureAlgorithm": { "type": "string", "description": "The algorithm used to sign the certificate.\n" }, "subject": { "type": "string", "description": "The entity the certificate belongs to, roughly following [RFC2253](https://tools.ietf.org/html/rfc2253).\n" }, "version": { "type": "integer", "description": "The version the certificate is in.\n" } }, "type": "object", "required": [ "certPem", "isCa", "issuer", "maxPathLength", "notAfter", "notBefore", "publicKeyAlgorithm", "serialNumber", "sha1Fingerprint", "signatureAlgorithm", "subject", "version" ], "language": { "nodejs": { "requiredInputs": [] } } } }, "provider": { "description": "The provider type for the tls package. By default, resources use package-wide configuration\nsettings, however an explicit `Provider` instance may be created and passed during resource\nconstruction to achieve fine-grained programmatic control over provider settings. See the\n[documentation](https://www.pulumi.com/docs/reference/programming-model/#providers) for more information.\n", "properties": { "proxy": { "$ref": "#/types/tls:index/ProviderProxy:ProviderProxy", "description": "Proxy used by resources and data sources that connect to external endpoints." } }, "inputProperties": { "proxy": { "$ref": "#/types/tls:index/ProviderProxy:ProviderProxy", "description": "Proxy used by resources and data sources that connect to external endpoints." } }, "methods": { "terraformConfig": "pulumi:providers:tls/terraformConfig" } }, "resources": { "tls:index/certRequest:CertRequest": { "description": "Creates a Certificate Signing Request (CSR) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n\nPEM is the typical format used to request a certificate from a Certificate Authority (CA).\n\nThis resource is intended to be used in conjunction with a Terraform provider for a particular certificate authority in order to provision a new certificate.\n\nThis is a *logical resource*, so it contributes only to the current Terraform\nstate and does not create any external managed resources.\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as std from \"@pulumi/std\";\nimport * as tls from \"@pulumi/tls\";\n\nconst example = new tls.CertRequest(\"example\", {\n privateKeyPem: std.file({\n input: \"private_key.pem\",\n }).then(invoke =\u003e invoke.result),\n subject: {\n commonName: \"example.com\",\n organization: \"ACME Examples, Inc\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_std as std\nimport pulumi_tls as tls\n\nexample = tls.CertRequest(\"example\",\n private_key_pem=std.file(input=\"private_key.pem\").result,\n subject={\n \"common_name\": \"example.com\",\n \"organization\": \"ACME Examples, Inc\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Std = Pulumi.Std;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Tls.CertRequest(\"example\", new()\n {\n PrivateKeyPem = Std.File.Invoke(new()\n {\n Input = \"private_key.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n Subject = new Tls.Inputs.CertRequestSubjectArgs\n {\n CommonName = \"example.com\",\n Organization = \"ACME Examples, Inc\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi-tls/sdk/v5/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"private_key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tls.NewCertRequest(ctx, \"example\", \u0026tls.CertRequestArgs{\n\t\t\tPrivateKeyPem: pulumi.String(invokeFile.Result),\n\t\t\tSubject: \u0026tls.CertRequestSubjectArgs{\n\t\t\t\tCommonName: pulumi.String(\"example.com\"),\n\t\t\t\tOrganization: pulumi.String(\"ACME Examples, Inc\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.tls.CertRequest;\nimport com.pulumi.tls.CertRequestArgs;\nimport com.pulumi.tls.inputs.CertRequestSubjectArgs;\nimport com.pulumi.std.StdFunctions;\nimport com.pulumi.std.inputs.FileArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new CertRequest(\"example\", CertRequestArgs.builder()\n .privateKeyPem(StdFunctions.file(FileArgs.builder()\n .input(\"private_key.pem\")\n .build()).result())\n .subject(CertRequestSubjectArgs.builder()\n .commonName(\"example.com\")\n .organization(\"ACME Examples, Inc\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: tls:CertRequest\n properties:\n privateKeyPem:\n fn::invoke:\n function: std:file\n arguments:\n input: private_key.pem\n return: result\n subject:\n commonName: example.com\n organization: ACME Examples, Inc\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "certRequestPem": { "type": "string", "description": "The certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n" }, "dnsNames": { "type": "array", "items": { "type": "string" }, "description": "List of DNS names for which a certificate is being requested (i.e. certificate subjects).\n" }, "ipAddresses": { "type": "array", "items": { "type": "string" }, "description": "List of IP addresses for which a certificate is being requested (i.e. certificate subjects).\n" }, "keyAlgorithm": { "type": "string", "description": "Name of the algorithm used when generating the private key provided in \u003cspan pulumi-lang-nodejs=\"`privateKeyPem`\" pulumi-lang-dotnet=\"`PrivateKeyPem`\" pulumi-lang-go=\"`privateKeyPem`\" pulumi-lang-python=\"`private_key_pem`\" pulumi-lang-yaml=\"`privateKeyPem`\" pulumi-lang-java=\"`privateKeyPem`\"\u003e`privateKeyPem`\u003c/span\u003e.\n" }, "privateKeyPem": { "type": "string", "description": "Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to. This can be read from a separate file using the \u003cspan pulumi-lang-nodejs=\"`file`\" pulumi-lang-dotnet=\"`File`\" pulumi-lang-go=\"`file`\" pulumi-lang-python=\"`file`\" pulumi-lang-yaml=\"`file`\" pulumi-lang-java=\"`file`\"\u003e`file`\u003c/span\u003e interpolation function.\n", "secret": true }, "subject": { "$ref": "#/types/tls:index/CertRequestSubject:CertRequestSubject", "description": "The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.\n" }, "uris": { "type": "array", "items": { "type": "string" }, "description": "List of URIs for which a certificate is being requested (i.e. certificate subjects).\n" } }, "required": [ "certRequestPem", "keyAlgorithm", "privateKeyPem" ], "inputProperties": { "dnsNames": { "type": "array", "items": { "type": "string" }, "description": "List of DNS names for which a certificate is being requested (i.e. certificate subjects).\n" }, "ipAddresses": { "type": "array", "items": { "type": "string" }, "description": "List of IP addresses for which a certificate is being requested (i.e. certificate subjects).\n" }, "privateKeyPem": { "type": "string", "description": "Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to. This can be read from a separate file using the \u003cspan pulumi-lang-nodejs=\"`file`\" pulumi-lang-dotnet=\"`File`\" pulumi-lang-go=\"`file`\" pulumi-lang-python=\"`file`\" pulumi-lang-yaml=\"`file`\" pulumi-lang-java=\"`file`\"\u003e`file`\u003c/span\u003e interpolation function.\n", "secret": true }, "subject": { "$ref": "#/types/tls:index/CertRequestSubject:CertRequestSubject", "description": "The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.\n" }, "uris": { "type": "array", "items": { "type": "string" }, "description": "List of URIs for which a certificate is being requested (i.e. certificate subjects).\n" } }, "requiredInputs": [ "privateKeyPem" ], "stateInputs": { "description": "Input properties used for looking up and filtering CertRequest resources.\n", "properties": { "certRequestPem": { "type": "string", "description": "The certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n" }, "dnsNames": { "type": "array", "items": { "type": "string" }, "description": "List of DNS names for which a certificate is being requested (i.e. certificate subjects).\n" }, "ipAddresses": { "type": "array", "items": { "type": "string" }, "description": "List of IP addresses for which a certificate is being requested (i.e. certificate subjects).\n" }, "keyAlgorithm": { "type": "string", "description": "Name of the algorithm used when generating the private key provided in \u003cspan pulumi-lang-nodejs=\"`privateKeyPem`\" pulumi-lang-dotnet=\"`PrivateKeyPem`\" pulumi-lang-go=\"`privateKeyPem`\" pulumi-lang-python=\"`private_key_pem`\" pulumi-lang-yaml=\"`privateKeyPem`\" pulumi-lang-java=\"`privateKeyPem`\"\u003e`privateKeyPem`\u003c/span\u003e.\n" }, "privateKeyPem": { "type": "string", "description": "Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to. This can be read from a separate file using the \u003cspan pulumi-lang-nodejs=\"`file`\" pulumi-lang-dotnet=\"`File`\" pulumi-lang-go=\"`file`\" pulumi-lang-python=\"`file`\" pulumi-lang-yaml=\"`file`\" pulumi-lang-java=\"`file`\"\u003e`file`\u003c/span\u003e interpolation function.\n", "secret": true }, "subject": { "$ref": "#/types/tls:index/CertRequestSubject:CertRequestSubject", "description": "The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.\n" }, "uris": { "type": "array", "items": { "type": "string" }, "description": "List of URIs for which a certificate is being requested (i.e. certificate subjects).\n" } }, "type": "object" } }, "tls:index/locallySignedCert:LocallySignedCert": { "description": "Creates a TLS certificate in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format using a Certificate Signing Request (CSR) and signs it with a provided (local) Certificate Authority (CA).\n\n\u003e **Note** Locally-signed certificates are generally only trusted by client software when\nsetup to use the provided CA. They are normally used in development environments\nor when deployed internally to an organization.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as std from \"@pulumi/std\";\nimport * as tls from \"@pulumi/tls\";\n\nconst example = new tls.LocallySignedCert(\"example\", {\n certRequestPem: std.file({\n input: \"cert_request.pem\",\n }).then(invoke =\u003e invoke.result),\n caPrivateKeyPem: std.file({\n input: \"ca_private_key.pem\",\n }).then(invoke =\u003e invoke.result),\n caCertPem: std.file({\n input: \"ca_cert.pem\",\n }).then(invoke =\u003e invoke.result),\n validityPeriodHours: 12,\n allowedUses: [\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_std as std\nimport pulumi_tls as tls\n\nexample = tls.LocallySignedCert(\"example\",\n cert_request_pem=std.file(input=\"cert_request.pem\").result,\n ca_private_key_pem=std.file(input=\"ca_private_key.pem\").result,\n ca_cert_pem=std.file(input=\"ca_cert.pem\").result,\n validity_period_hours=12,\n allowed_uses=[\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Std = Pulumi.Std;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Tls.LocallySignedCert(\"example\", new()\n {\n CertRequestPem = Std.File.Invoke(new()\n {\n Input = \"cert_request.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n CaPrivateKeyPem = Std.File.Invoke(new()\n {\n Input = \"ca_private_key.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n CaCertPem = Std.File.Invoke(new()\n {\n Input = \"ca_cert.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n ValidityPeriodHours = 12,\n AllowedUses = new[]\n {\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi-tls/sdk/v5/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"cert_request.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile1, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"ca_private_key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeFile2, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"ca_cert.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tls.NewLocallySignedCert(ctx, \"example\", \u0026tls.LocallySignedCertArgs{\n\t\t\tCertRequestPem: pulumi.String(invokeFile.Result),\n\t\t\tCaPrivateKeyPem: pulumi.String(invokeFile1.Result),\n\t\t\tCaCertPem: pulumi.String(invokeFile2.Result),\n\t\t\tValidityPeriodHours: pulumi.Int(12),\n\t\t\tAllowedUses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"key_encipherment\"),\n\t\t\t\tpulumi.String(\"digital_signature\"),\n\t\t\t\tpulumi.String(\"server_auth\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.tls.LocallySignedCert;\nimport com.pulumi.tls.LocallySignedCertArgs;\nimport com.pulumi.std.StdFunctions;\nimport com.pulumi.std.inputs.FileArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LocallySignedCert(\"example\", LocallySignedCertArgs.builder()\n .certRequestPem(StdFunctions.file(FileArgs.builder()\n .input(\"cert_request.pem\")\n .build()).result())\n .caPrivateKeyPem(StdFunctions.file(FileArgs.builder()\n .input(\"ca_private_key.pem\")\n .build()).result())\n .caCertPem(StdFunctions.file(FileArgs.builder()\n .input(\"ca_cert.pem\")\n .build()).result())\n .validityPeriodHours(12)\n .allowedUses( \n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: tls:LocallySignedCert\n properties:\n certRequestPem:\n fn::invoke:\n function: std:file\n arguments:\n input: cert_request.pem\n return: result\n caPrivateKeyPem:\n fn::invoke:\n function: std:file\n arguments:\n input: ca_private_key.pem\n return: result\n caCertPem:\n fn::invoke:\n function: std:file\n arguments:\n input: ca_cert.pem\n return: result\n validityPeriodHours: 12\n allowedUses:\n - key_encipherment\n - digital_signature\n - server_auth\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## Automatic Renewal\n\nThis resource considers its instances to have been deleted after either their validity\nperiods ends (i.e. beyond the \u003cspan pulumi-lang-nodejs=\"`validityPeriodHours`\" pulumi-lang-dotnet=\"`ValidityPeriodHours`\" pulumi-lang-go=\"`validityPeriodHours`\" pulumi-lang-python=\"`validity_period_hours`\" pulumi-lang-yaml=\"`validityPeriodHours`\" pulumi-lang-java=\"`validityPeriodHours`\"\u003e`validityPeriodHours`\u003c/span\u003e)\nor the early renewal period is reached (i.e. within the \u003cspan pulumi-lang-nodejs=\"`earlyRenewalHours`\" pulumi-lang-dotnet=\"`EarlyRenewalHours`\" pulumi-lang-go=\"`earlyRenewalHours`\" pulumi-lang-python=\"`early_renewal_hours`\" pulumi-lang-yaml=\"`earlyRenewalHours`\" pulumi-lang-java=\"`earlyRenewalHours`\"\u003e`earlyRenewalHours`\u003c/span\u003e):\nwhen this happens, the \u003cspan pulumi-lang-nodejs=\"`readyForRenewal`\" pulumi-lang-dotnet=\"`ReadyForRenewal`\" pulumi-lang-go=\"`readyForRenewal`\" pulumi-lang-python=\"`ready_for_renewal`\" pulumi-lang-yaml=\"`readyForRenewal`\" pulumi-lang-java=\"`readyForRenewal`\"\u003e`readyForRenewal`\u003c/span\u003e attribute will be \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\nAt this time, applying the Terraform configuration will cause a new certificate to be\ngenerated for the instance.\n\nTherefore in a development environment with frequent deployments it may be convenient\nto set a relatively-short expiration time and use early renewal to automatically provision\na new certificate when the current one is about to expire.\n\nThe creation of a new certificate may of course cause dependent resources to be updated\nor replaced, depending on the lifecycle rules applying to those resources.\n", "properties": { "allowedUses": { "type": "array", "items": { "type": "string" }, "description": "List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: \u003cspan pulumi-lang-nodejs=\"`anyExtended`\" pulumi-lang-dotnet=\"`AnyExtended`\" pulumi-lang-go=\"`anyExtended`\" pulumi-lang-python=\"`any_extended`\" pulumi-lang-yaml=\"`anyExtended`\" pulumi-lang-java=\"`anyExtended`\"\u003e`anyExtended`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`certSigning`\" pulumi-lang-dotnet=\"`CertSigning`\" pulumi-lang-go=\"`certSigning`\" pulumi-lang-python=\"`cert_signing`\" pulumi-lang-yaml=\"`certSigning`\" pulumi-lang-java=\"`certSigning`\"\u003e`certSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`clientAuth`\" pulumi-lang-dotnet=\"`ClientAuth`\" pulumi-lang-go=\"`clientAuth`\" pulumi-lang-python=\"`client_auth`\" pulumi-lang-yaml=\"`clientAuth`\" pulumi-lang-java=\"`clientAuth`\"\u003e`clientAuth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`codeSigning`\" pulumi-lang-dotnet=\"`CodeSigning`\" pulumi-lang-go=\"`codeSigning`\" pulumi-lang-python=\"`code_signing`\" pulumi-lang-yaml=\"`codeSigning`\" pulumi-lang-java=\"`codeSigning`\"\u003e`codeSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`contentCommitment`\" pulumi-lang-dotnet=\"`ContentCommitment`\" pulumi-lang-go=\"`contentCommitment`\" pulumi-lang-python=\"`content_commitment`\" pulumi-lang-yaml=\"`contentCommitment`\" pulumi-lang-java=\"`contentCommitment`\"\u003e`contentCommitment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`crlSigning`\" pulumi-lang-dotnet=\"`CrlSigning`\" pulumi-lang-go=\"`crlSigning`\" pulumi-lang-python=\"`crl_signing`\" pulumi-lang-yaml=\"`crlSigning`\" pulumi-lang-java=\"`crlSigning`\"\u003e`crlSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`dataEncipherment`\" pulumi-lang-dotnet=\"`DataEncipherment`\" pulumi-lang-go=\"`dataEncipherment`\" pulumi-lang-python=\"`data_encipherment`\" pulumi-lang-yaml=\"`dataEncipherment`\" pulumi-lang-java=\"`dataEncipherment`\"\u003e`dataEncipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`decipherOnly`\" pulumi-lang-dotnet=\"`DecipherOnly`\" pulumi-lang-go=\"`decipherOnly`\" pulumi-lang-python=\"`decipher_only`\" pulumi-lang-yaml=\"`decipherOnly`\" pulumi-lang-java=\"`decipherOnly`\"\u003e`decipherOnly`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`digitalSignature`\" pulumi-lang-dotnet=\"`DigitalSignature`\" pulumi-lang-go=\"`digitalSignature`\" pulumi-lang-python=\"`digital_signature`\" pulumi-lang-yaml=\"`digitalSignature`\" pulumi-lang-java=\"`digitalSignature`\"\u003e`digitalSignature`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`emailProtection`\" pulumi-lang-dotnet=\"`EmailProtection`\" pulumi-lang-go=\"`emailProtection`\" pulumi-lang-python=\"`email_protection`\" pulumi-lang-yaml=\"`emailProtection`\" pulumi-lang-java=\"`emailProtection`\"\u003e`emailProtection`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`encipherOnly`\" pulumi-lang-dotnet=\"`EncipherOnly`\" pulumi-lang-go=\"`encipherOnly`\" pulumi-lang-python=\"`encipher_only`\" pulumi-lang-yaml=\"`encipherOnly`\" pulumi-lang-java=\"`encipherOnly`\"\u003e`encipherOnly`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecEndSystem`\" pulumi-lang-dotnet=\"`IpsecEndSystem`\" pulumi-lang-go=\"`ipsecEndSystem`\" pulumi-lang-python=\"`ipsec_end_system`\" pulumi-lang-yaml=\"`ipsecEndSystem`\" pulumi-lang-java=\"`ipsecEndSystem`\"\u003e`ipsecEndSystem`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecTunnel`\" pulumi-lang-dotnet=\"`IpsecTunnel`\" pulumi-lang-go=\"`ipsecTunnel`\" pulumi-lang-python=\"`ipsec_tunnel`\" pulumi-lang-yaml=\"`ipsecTunnel`\" pulumi-lang-java=\"`ipsecTunnel`\"\u003e`ipsecTunnel`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecUser`\" pulumi-lang-dotnet=\"`IpsecUser`\" pulumi-lang-go=\"`ipsecUser`\" pulumi-lang-python=\"`ipsec_user`\" pulumi-lang-yaml=\"`ipsecUser`\" pulumi-lang-java=\"`ipsecUser`\"\u003e`ipsecUser`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyAgreement`\" pulumi-lang-dotnet=\"`KeyAgreement`\" pulumi-lang-go=\"`keyAgreement`\" pulumi-lang-python=\"`key_agreement`\" pulumi-lang-yaml=\"`keyAgreement`\" pulumi-lang-java=\"`keyAgreement`\"\u003e`keyAgreement`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyEncipherment`\" pulumi-lang-dotnet=\"`KeyEncipherment`\" pulumi-lang-go=\"`keyEncipherment`\" pulumi-lang-python=\"`key_encipherment`\" pulumi-lang-yaml=\"`keyEncipherment`\" pulumi-lang-java=\"`keyEncipherment`\"\u003e`keyEncipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftCommercialCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftCommercialCodeSigning`\" pulumi-lang-go=\"`microsoftCommercialCodeSigning`\" pulumi-lang-python=\"`microsoft_commercial_code_signing`\" pulumi-lang-yaml=\"`microsoftCommercialCodeSigning`\" pulumi-lang-java=\"`microsoftCommercialCodeSigning`\"\u003e`microsoftCommercialCodeSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftKernelCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftKernelCodeSigning`\" pulumi-lang-go=\"`microsoftKernelCodeSigning`\" pulumi-lang-python=\"`microsoft_kernel_code_signing`\" pulumi-lang-yaml=\"`microsoftKernelCodeSigning`\" pulumi-lang-java=\"`microsoftKernelCodeSigning`\"\u003e`microsoftKernelCodeSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftServerGatedCrypto`\" pulumi-lang-dotnet=\"`MicrosoftServerGatedCrypto`\" pulumi-lang-go=\"`microsoftServerGatedCrypto`\" pulumi-lang-python=\"`microsoft_server_gated_crypto`\" pulumi-lang-yaml=\"`microsoftServerGatedCrypto`\" pulumi-lang-java=\"`microsoftServerGatedCrypto`\"\u003e`microsoftServerGatedCrypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`netscapeServerGatedCrypto`\" pulumi-lang-dotnet=\"`NetscapeServerGatedCrypto`\" pulumi-lang-go=\"`netscapeServerGatedCrypto`\" pulumi-lang-python=\"`netscape_server_gated_crypto`\" pulumi-lang-yaml=\"`netscapeServerGatedCrypto`\" pulumi-lang-java=\"`netscapeServerGatedCrypto`\"\u003e`netscapeServerGatedCrypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ocspSigning`\" pulumi-lang-dotnet=\"`OcspSigning`\" pulumi-lang-go=\"`ocspSigning`\" pulumi-lang-python=\"`ocsp_signing`\" pulumi-lang-yaml=\"`ocspSigning`\" pulumi-lang-java=\"`ocspSigning`\"\u003e`ocspSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`serverAuth`\" pulumi-lang-dotnet=\"`ServerAuth`\" pulumi-lang-go=\"`serverAuth`\" pulumi-lang-python=\"`server_auth`\" pulumi-lang-yaml=\"`serverAuth`\" pulumi-lang-java=\"`serverAuth`\"\u003e`serverAuth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`timestamping`\" pulumi-lang-dotnet=\"`Timestamping`\" pulumi-lang-go=\"`timestamping`\" pulumi-lang-python=\"`timestamping`\" pulumi-lang-yaml=\"`timestamping`\" pulumi-lang-java=\"`timestamping`\"\u003e`timestamping`\u003c/span\u003e.\n" }, "caCertPem": { "type": "string", "description": "Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n" }, "caKeyAlgorithm": { "type": "string", "description": "Name of the algorithm used when generating the private key provided in \u003cspan pulumi-lang-nodejs=\"`caPrivateKeyPem`\" pulumi-lang-dotnet=\"`CaPrivateKeyPem`\" pulumi-lang-go=\"`caPrivateKeyPem`\" pulumi-lang-python=\"`ca_private_key_pem`\" pulumi-lang-yaml=\"`caPrivateKeyPem`\" pulumi-lang-java=\"`caPrivateKeyPem`\"\u003e`caPrivateKeyPem`\u003c/span\u003e.\n" }, "caPrivateKeyPem": { "type": "string", "description": "Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n", "secret": true }, "certPem": { "type": "string", "description": "Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n" }, "certRequestPem": { "type": "string", "description": "Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n" }, "earlyRenewalHours": { "type": "integer", "description": "The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e)\n" }, "isCaCertificate": { "type": "boolean", "description": "Is the generated certificate representing a Certificate Authority (CA) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n" }, "maxPathLength": { "type": "integer", "description": "Maximum number of intermediate certificates that may follow this certificate in a valid certification path. If \u003cspan pulumi-lang-nodejs=\"`isCaCertificate`\" pulumi-lang-dotnet=\"`IsCaCertificate`\" pulumi-lang-go=\"`isCaCertificate`\" pulumi-lang-python=\"`is_ca_certificate`\" pulumi-lang-yaml=\"`isCaCertificate`\" pulumi-lang-java=\"`isCaCertificate`\"\u003e`isCaCertificate`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this value is ignored.\n" }, "readyForRenewal": { "type": "boolean", "description": "Is the certificate either expired (i.e. beyond the \u003cspan pulumi-lang-nodejs=\"`validityPeriodHours`\" pulumi-lang-dotnet=\"`ValidityPeriodHours`\" pulumi-lang-go=\"`validityPeriodHours`\" pulumi-lang-python=\"`validity_period_hours`\" pulumi-lang-yaml=\"`validityPeriodHours`\" pulumi-lang-java=\"`validityPeriodHours`\"\u003e`validityPeriodHours`\u003c/span\u003e) or ready for an early renewal (i.e. within the \u003cspan pulumi-lang-nodejs=\"`earlyRenewalHours`\" pulumi-lang-dotnet=\"`EarlyRenewalHours`\" pulumi-lang-go=\"`earlyRenewalHours`\" pulumi-lang-python=\"`early_renewal_hours`\" pulumi-lang-yaml=\"`earlyRenewalHours`\" pulumi-lang-java=\"`earlyRenewalHours`\"\u003e`earlyRenewalHours`\u003c/span\u003e)?\n" }, "setSubjectKeyId": { "type": "boolean", "description": "Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n" }, "validityEndTime": { "type": "string", "description": "The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.\n" }, "validityPeriodHours": { "type": "integer", "description": "Number of hours, after initial issuing, that the certificate will remain valid for.\n" }, "validityStartTime": { "type": "string", "description": "The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.\n" } }, "required": [ "allowedUses", "caCertPem", "caKeyAlgorithm", "caPrivateKeyPem", "certPem", "certRequestPem", "earlyRenewalHours", "isCaCertificate", "maxPathLength", "readyForRenewal", "setSubjectKeyId", "validityEndTime", "validityPeriodHours", "validityStartTime" ], "inputProperties": { "allowedUses": { "type": "array", "items": { "type": "string" }, "description": "List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: \u003cspan pulumi-lang-nodejs=\"`anyExtended`\" pulumi-lang-dotnet=\"`AnyExtended`\" pulumi-lang-go=\"`anyExtended`\" pulumi-lang-python=\"`any_extended`\" pulumi-lang-yaml=\"`anyExtended`\" pulumi-lang-java=\"`anyExtended`\"\u003e`anyExtended`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`certSigning`\" pulumi-lang-dotnet=\"`CertSigning`\" pulumi-lang-go=\"`certSigning`\" pulumi-lang-python=\"`cert_signing`\" pulumi-lang-yaml=\"`certSigning`\" pulumi-lang-java=\"`certSigning`\"\u003e`certSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`clientAuth`\" pulumi-lang-dotnet=\"`ClientAuth`\" pulumi-lang-go=\"`clientAuth`\" pulumi-lang-python=\"`client_auth`\" pulumi-lang-yaml=\"`clientAuth`\" pulumi-lang-java=\"`clientAuth`\"\u003e`clientAuth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`codeSigning`\" pulumi-lang-dotnet=\"`CodeSigning`\" pulumi-lang-go=\"`codeSigning`\" pulumi-lang-python=\"`code_signing`\" pulumi-lang-yaml=\"`codeSigning`\" pulumi-lang-java=\"`codeSigning`\"\u003e`codeSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`contentCommitment`\" pulumi-lang-dotnet=\"`ContentCommitment`\" pulumi-lang-go=\"`contentCommitment`\" pulumi-lang-python=\"`content_commitment`\" pulumi-lang-yaml=\"`contentCommitment`\" pulumi-lang-java=\"`contentCommitment`\"\u003e`contentCommitment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`crlSigning`\" pulumi-lang-dotnet=\"`CrlSigning`\" pulumi-lang-go=\"`crlSigning`\" pulumi-lang-python=\"`crl_signing`\" pulumi-lang-yaml=\"`crlSigning`\" pulumi-lang-java=\"`crlSigning`\"\u003e`crlSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`dataEncipherment`\" pulumi-lang-dotnet=\"`DataEncipherment`\" pulumi-lang-go=\"`dataEncipherment`\" pulumi-lang-python=\"`data_encipherment`\" pulumi-lang-yaml=\"`dataEncipherment`\" pulumi-lang-java=\"`dataEncipherment`\"\u003e`dataEncipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`decipherOnly`\" pulumi-lang-dotnet=\"`DecipherOnly`\" pulumi-lang-go=\"`decipherOnly`\" pulumi-lang-python=\"`decipher_only`\" pulumi-lang-yaml=\"`decipherOnly`\" pulumi-lang-java=\"`decipherOnly`\"\u003e`decipherOnly`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`digitalSignature`\" pulumi-lang-dotnet=\"`DigitalSignature`\" pulumi-lang-go=\"`digitalSignature`\" pulumi-lang-python=\"`digital_signature`\" pulumi-lang-yaml=\"`digitalSignature`\" pulumi-lang-java=\"`digitalSignature`\"\u003e`digitalSignature`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`emailProtection`\" pulumi-lang-dotnet=\"`EmailProtection`\" pulumi-lang-go=\"`emailProtection`\" pulumi-lang-python=\"`email_protection`\" pulumi-lang-yaml=\"`emailProtection`\" pulumi-lang-java=\"`emailProtection`\"\u003e`emailProtection`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`encipherOnly`\" pulumi-lang-dotnet=\"`EncipherOnly`\" pulumi-lang-go=\"`encipherOnly`\" pulumi-lang-python=\"`encipher_only`\" pulumi-lang-yaml=\"`encipherOnly`\" pulumi-lang-java=\"`encipherOnly`\"\u003e`encipherOnly`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecEndSystem`\" pulumi-lang-dotnet=\"`IpsecEndSystem`\" pulumi-lang-go=\"`ipsecEndSystem`\" pulumi-lang-python=\"`ipsec_end_system`\" pulumi-lang-yaml=\"`ipsecEndSystem`\" pulumi-lang-java=\"`ipsecEndSystem`\"\u003e`ipsecEndSystem`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecTunnel`\" pulumi-lang-dotnet=\"`IpsecTunnel`\" pulumi-lang-go=\"`ipsecTunnel`\" pulumi-lang-python=\"`ipsec_tunnel`\" pulumi-lang-yaml=\"`ipsecTunnel`\" pulumi-lang-java=\"`ipsecTunnel`\"\u003e`ipsecTunnel`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecUser`\" pulumi-lang-dotnet=\"`IpsecUser`\" pulumi-lang-go=\"`ipsecUser`\" pulumi-lang-python=\"`ipsec_user`\" pulumi-lang-yaml=\"`ipsecUser`\" pulumi-lang-java=\"`ipsecUser`\"\u003e`ipsecUser`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyAgreement`\" pulumi-lang-dotnet=\"`KeyAgreement`\" pulumi-lang-go=\"`keyAgreement`\" pulumi-lang-python=\"`key_agreement`\" pulumi-lang-yaml=\"`keyAgreement`\" pulumi-lang-java=\"`keyAgreement`\"\u003e`keyAgreement`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyEncipherment`\" pulumi-lang-dotnet=\"`KeyEncipherment`\" pulumi-lang-go=\"`keyEncipherment`\" pulumi-lang-python=\"`key_encipherment`\" pulumi-lang-yaml=\"`keyEncipherment`\" pulumi-lang-java=\"`keyEncipherment`\"\u003e`keyEncipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftCommercialCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftCommercialCodeSigning`\" pulumi-lang-go=\"`microsoftCommercialCodeSigning`\" pulumi-lang-python=\"`microsoft_commercial_code_signing`\" pulumi-lang-yaml=\"`microsoftCommercialCodeSigning`\" pulumi-lang-java=\"`microsoftCommercialCodeSigning`\"\u003e`microsoftCommercialCodeSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftKernelCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftKernelCodeSigning`\" pulumi-lang-go=\"`microsoftKernelCodeSigning`\" pulumi-lang-python=\"`microsoft_kernel_code_signing`\" pulumi-lang-yaml=\"`microsoftKernelCodeSigning`\" pulumi-lang-java=\"`microsoftKernelCodeSigning`\"\u003e`microsoftKernelCodeSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftServerGatedCrypto`\" pulumi-lang-dotnet=\"`MicrosoftServerGatedCrypto`\" pulumi-lang-go=\"`microsoftServerGatedCrypto`\" pulumi-lang-python=\"`microsoft_server_gated_crypto`\" pulumi-lang-yaml=\"`microsoftServerGatedCrypto`\" pulumi-lang-java=\"`microsoftServerGatedCrypto`\"\u003e`microsoftServerGatedCrypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`netscapeServerGatedCrypto`\" pulumi-lang-dotnet=\"`NetscapeServerGatedCrypto`\" pulumi-lang-go=\"`netscapeServerGatedCrypto`\" pulumi-lang-python=\"`netscape_server_gated_crypto`\" pulumi-lang-yaml=\"`netscapeServerGatedCrypto`\" pulumi-lang-java=\"`netscapeServerGatedCrypto`\"\u003e`netscapeServerGatedCrypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ocspSigning`\" pulumi-lang-dotnet=\"`OcspSigning`\" pulumi-lang-go=\"`ocspSigning`\" pulumi-lang-python=\"`ocsp_signing`\" pulumi-lang-yaml=\"`ocspSigning`\" pulumi-lang-java=\"`ocspSigning`\"\u003e`ocspSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`serverAuth`\" pulumi-lang-dotnet=\"`ServerAuth`\" pulumi-lang-go=\"`serverAuth`\" pulumi-lang-python=\"`server_auth`\" pulumi-lang-yaml=\"`serverAuth`\" pulumi-lang-java=\"`serverAuth`\"\u003e`serverAuth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`timestamping`\" pulumi-lang-dotnet=\"`Timestamping`\" pulumi-lang-go=\"`timestamping`\" pulumi-lang-python=\"`timestamping`\" pulumi-lang-yaml=\"`timestamping`\" pulumi-lang-java=\"`timestamping`\"\u003e`timestamping`\u003c/span\u003e.\n" }, "caCertPem": { "type": "string", "description": "Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n" }, "caPrivateKeyPem": { "type": "string", "description": "Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n", "secret": true }, "certRequestPem": { "type": "string", "description": "Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n" }, "earlyRenewalHours": { "type": "integer", "description": "The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e)\n" }, "isCaCertificate": { "type": "boolean", "description": "Is the generated certificate representing a Certificate Authority (CA) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n" }, "maxPathLength": { "type": "integer", "description": "Maximum number of intermediate certificates that may follow this certificate in a valid certification path. If \u003cspan pulumi-lang-nodejs=\"`isCaCertificate`\" pulumi-lang-dotnet=\"`IsCaCertificate`\" pulumi-lang-go=\"`isCaCertificate`\" pulumi-lang-python=\"`is_ca_certificate`\" pulumi-lang-yaml=\"`isCaCertificate`\" pulumi-lang-java=\"`isCaCertificate`\"\u003e`isCaCertificate`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this value is ignored.\n" }, "setSubjectKeyId": { "type": "boolean", "description": "Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n" }, "validityPeriodHours": { "type": "integer", "description": "Number of hours, after initial issuing, that the certificate will remain valid for.\n" } }, "requiredInputs": [ "allowedUses", "caCertPem", "caPrivateKeyPem", "certRequestPem", "validityPeriodHours" ], "stateInputs": { "description": "Input properties used for looking up and filtering LocallySignedCert resources.\n", "properties": { "allowedUses": { "type": "array", "items": { "type": "string" }, "description": "List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: \u003cspan pulumi-lang-nodejs=\"`anyExtended`\" pulumi-lang-dotnet=\"`AnyExtended`\" pulumi-lang-go=\"`anyExtended`\" pulumi-lang-python=\"`any_extended`\" pulumi-lang-yaml=\"`anyExtended`\" pulumi-lang-java=\"`anyExtended`\"\u003e`anyExtended`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`certSigning`\" pulumi-lang-dotnet=\"`CertSigning`\" pulumi-lang-go=\"`certSigning`\" pulumi-lang-python=\"`cert_signing`\" pulumi-lang-yaml=\"`certSigning`\" pulumi-lang-java=\"`certSigning`\"\u003e`certSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`clientAuth`\" pulumi-lang-dotnet=\"`ClientAuth`\" pulumi-lang-go=\"`clientAuth`\" pulumi-lang-python=\"`client_auth`\" pulumi-lang-yaml=\"`clientAuth`\" pulumi-lang-java=\"`clientAuth`\"\u003e`clientAuth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`codeSigning`\" pulumi-lang-dotnet=\"`CodeSigning`\" pulumi-lang-go=\"`codeSigning`\" pulumi-lang-python=\"`code_signing`\" pulumi-lang-yaml=\"`codeSigning`\" pulumi-lang-java=\"`codeSigning`\"\u003e`codeSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`contentCommitment`\" pulumi-lang-dotnet=\"`ContentCommitment`\" pulumi-lang-go=\"`contentCommitment`\" pulumi-lang-python=\"`content_commitment`\" pulumi-lang-yaml=\"`contentCommitment`\" pulumi-lang-java=\"`contentCommitment`\"\u003e`contentCommitment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`crlSigning`\" pulumi-lang-dotnet=\"`CrlSigning`\" pulumi-lang-go=\"`crlSigning`\" pulumi-lang-python=\"`crl_signing`\" pulumi-lang-yaml=\"`crlSigning`\" pulumi-lang-java=\"`crlSigning`\"\u003e`crlSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`dataEncipherment`\" pulumi-lang-dotnet=\"`DataEncipherment`\" pulumi-lang-go=\"`dataEncipherment`\" pulumi-lang-python=\"`data_encipherment`\" pulumi-lang-yaml=\"`dataEncipherment`\" pulumi-lang-java=\"`dataEncipherment`\"\u003e`dataEncipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`decipherOnly`\" pulumi-lang-dotnet=\"`DecipherOnly`\" pulumi-lang-go=\"`decipherOnly`\" pulumi-lang-python=\"`decipher_only`\" pulumi-lang-yaml=\"`decipherOnly`\" pulumi-lang-java=\"`decipherOnly`\"\u003e`decipherOnly`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`digitalSignature`\" pulumi-lang-dotnet=\"`DigitalSignature`\" pulumi-lang-go=\"`digitalSignature`\" pulumi-lang-python=\"`digital_signature`\" pulumi-lang-yaml=\"`digitalSignature`\" pulumi-lang-java=\"`digitalSignature`\"\u003e`digitalSignature`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`emailProtection`\" pulumi-lang-dotnet=\"`EmailProtection`\" pulumi-lang-go=\"`emailProtection`\" pulumi-lang-python=\"`email_protection`\" pulumi-lang-yaml=\"`emailProtection`\" pulumi-lang-java=\"`emailProtection`\"\u003e`emailProtection`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`encipherOnly`\" pulumi-lang-dotnet=\"`EncipherOnly`\" pulumi-lang-go=\"`encipherOnly`\" pulumi-lang-python=\"`encipher_only`\" pulumi-lang-yaml=\"`encipherOnly`\" pulumi-lang-java=\"`encipherOnly`\"\u003e`encipherOnly`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecEndSystem`\" pulumi-lang-dotnet=\"`IpsecEndSystem`\" pulumi-lang-go=\"`ipsecEndSystem`\" pulumi-lang-python=\"`ipsec_end_system`\" pulumi-lang-yaml=\"`ipsecEndSystem`\" pulumi-lang-java=\"`ipsecEndSystem`\"\u003e`ipsecEndSystem`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecTunnel`\" pulumi-lang-dotnet=\"`IpsecTunnel`\" pulumi-lang-go=\"`ipsecTunnel`\" pulumi-lang-python=\"`ipsec_tunnel`\" pulumi-lang-yaml=\"`ipsecTunnel`\" pulumi-lang-java=\"`ipsecTunnel`\"\u003e`ipsecTunnel`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecUser`\" pulumi-lang-dotnet=\"`IpsecUser`\" pulumi-lang-go=\"`ipsecUser`\" pulumi-lang-python=\"`ipsec_user`\" pulumi-lang-yaml=\"`ipsecUser`\" pulumi-lang-java=\"`ipsecUser`\"\u003e`ipsecUser`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyAgreement`\" pulumi-lang-dotnet=\"`KeyAgreement`\" pulumi-lang-go=\"`keyAgreement`\" pulumi-lang-python=\"`key_agreement`\" pulumi-lang-yaml=\"`keyAgreement`\" pulumi-lang-java=\"`keyAgreement`\"\u003e`keyAgreement`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyEncipherment`\" pulumi-lang-dotnet=\"`KeyEncipherment`\" pulumi-lang-go=\"`keyEncipherment`\" pulumi-lang-python=\"`key_encipherment`\" pulumi-lang-yaml=\"`keyEncipherment`\" pulumi-lang-java=\"`keyEncipherment`\"\u003e`keyEncipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftCommercialCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftCommercialCodeSigning`\" pulumi-lang-go=\"`microsoftCommercialCodeSigning`\" pulumi-lang-python=\"`microsoft_commercial_code_signing`\" pulumi-lang-yaml=\"`microsoftCommercialCodeSigning`\" pulumi-lang-java=\"`microsoftCommercialCodeSigning`\"\u003e`microsoftCommercialCodeSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftKernelCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftKernelCodeSigning`\" pulumi-lang-go=\"`microsoftKernelCodeSigning`\" pulumi-lang-python=\"`microsoft_kernel_code_signing`\" pulumi-lang-yaml=\"`microsoftKernelCodeSigning`\" pulumi-lang-java=\"`microsoftKernelCodeSigning`\"\u003e`microsoftKernelCodeSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftServerGatedCrypto`\" pulumi-lang-dotnet=\"`MicrosoftServerGatedCrypto`\" pulumi-lang-go=\"`microsoftServerGatedCrypto`\" pulumi-lang-python=\"`microsoft_server_gated_crypto`\" pulumi-lang-yaml=\"`microsoftServerGatedCrypto`\" pulumi-lang-java=\"`microsoftServerGatedCrypto`\"\u003e`microsoftServerGatedCrypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`netscapeServerGatedCrypto`\" pulumi-lang-dotnet=\"`NetscapeServerGatedCrypto`\" pulumi-lang-go=\"`netscapeServerGatedCrypto`\" pulumi-lang-python=\"`netscape_server_gated_crypto`\" pulumi-lang-yaml=\"`netscapeServerGatedCrypto`\" pulumi-lang-java=\"`netscapeServerGatedCrypto`\"\u003e`netscapeServerGatedCrypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ocspSigning`\" pulumi-lang-dotnet=\"`OcspSigning`\" pulumi-lang-go=\"`ocspSigning`\" pulumi-lang-python=\"`ocsp_signing`\" pulumi-lang-yaml=\"`ocspSigning`\" pulumi-lang-java=\"`ocspSigning`\"\u003e`ocspSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`serverAuth`\" pulumi-lang-dotnet=\"`ServerAuth`\" pulumi-lang-go=\"`serverAuth`\" pulumi-lang-python=\"`server_auth`\" pulumi-lang-yaml=\"`serverAuth`\" pulumi-lang-java=\"`serverAuth`\"\u003e`serverAuth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`timestamping`\" pulumi-lang-dotnet=\"`Timestamping`\" pulumi-lang-go=\"`timestamping`\" pulumi-lang-python=\"`timestamping`\" pulumi-lang-yaml=\"`timestamping`\" pulumi-lang-java=\"`timestamping`\"\u003e`timestamping`\u003c/span\u003e.\n" }, "caCertPem": { "type": "string", "description": "Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n" }, "caKeyAlgorithm": { "type": "string", "description": "Name of the algorithm used when generating the private key provided in \u003cspan pulumi-lang-nodejs=\"`caPrivateKeyPem`\" pulumi-lang-dotnet=\"`CaPrivateKeyPem`\" pulumi-lang-go=\"`caPrivateKeyPem`\" pulumi-lang-python=\"`ca_private_key_pem`\" pulumi-lang-yaml=\"`caPrivateKeyPem`\" pulumi-lang-java=\"`caPrivateKeyPem`\"\u003e`caPrivateKeyPem`\u003c/span\u003e.\n" }, "caPrivateKeyPem": { "type": "string", "description": "Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n", "secret": true }, "certPem": { "type": "string", "description": "Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n" }, "certRequestPem": { "type": "string", "description": "Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n" }, "earlyRenewalHours": { "type": "integer", "description": "The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e)\n" }, "isCaCertificate": { "type": "boolean", "description": "Is the generated certificate representing a Certificate Authority (CA) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n" }, "maxPathLength": { "type": "integer", "description": "Maximum number of intermediate certificates that may follow this certificate in a valid certification path. If \u003cspan pulumi-lang-nodejs=\"`isCaCertificate`\" pulumi-lang-dotnet=\"`IsCaCertificate`\" pulumi-lang-go=\"`isCaCertificate`\" pulumi-lang-python=\"`is_ca_certificate`\" pulumi-lang-yaml=\"`isCaCertificate`\" pulumi-lang-java=\"`isCaCertificate`\"\u003e`isCaCertificate`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this value is ignored.\n" }, "readyForRenewal": { "type": "boolean", "description": "Is the certificate either expired (i.e. beyond the \u003cspan pulumi-lang-nodejs=\"`validityPeriodHours`\" pulumi-lang-dotnet=\"`ValidityPeriodHours`\" pulumi-lang-go=\"`validityPeriodHours`\" pulumi-lang-python=\"`validity_period_hours`\" pulumi-lang-yaml=\"`validityPeriodHours`\" pulumi-lang-java=\"`validityPeriodHours`\"\u003e`validityPeriodHours`\u003c/span\u003e) or ready for an early renewal (i.e. within the \u003cspan pulumi-lang-nodejs=\"`earlyRenewalHours`\" pulumi-lang-dotnet=\"`EarlyRenewalHours`\" pulumi-lang-go=\"`earlyRenewalHours`\" pulumi-lang-python=\"`early_renewal_hours`\" pulumi-lang-yaml=\"`earlyRenewalHours`\" pulumi-lang-java=\"`earlyRenewalHours`\"\u003e`earlyRenewalHours`\u003c/span\u003e)?\n" }, "setSubjectKeyId": { "type": "boolean", "description": "Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n" }, "validityEndTime": { "type": "string", "description": "The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.\n" }, "validityPeriodHours": { "type": "integer", "description": "Number of hours, after initial issuing, that the certificate will remain valid for.\n" }, "validityStartTime": { "type": "string", "description": "The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.\n" } }, "type": "object" } }, "tls:index/privateKey:PrivateKey": { "description": "\u003e If the managed resource supports a write-only attribute for the private key (first introduced in Terraform 1.11), then the ephemeral variant of \u003cspan pulumi-lang-nodejs=\"`tls.PrivateKey`\" pulumi-lang-dotnet=\"`tls.PrivateKey`\" pulumi-lang-go=\"`PrivateKey`\" pulumi-lang-python=\"`PrivateKey`\" pulumi-lang-yaml=\"`tls.PrivateKey`\" pulumi-lang-java=\"`tls.PrivateKey`\"\u003e`tls.PrivateKey`\u003c/span\u003e should be used, when possible, to avoid storing the private key data in the plan or state file.\n\nCreates a PEM (and OpenSSH) formatted private key.\n\nGenerates a secure private key and encodes it in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) and [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) formats. This resource is primarily intended for easily bootstrapping throwaway development environments.\n\n\u003e **Security Notice** The private key generated by this resource will\nbe stored *unencrypted* in your Terraform state file. **Use of this resource\nfor production deployments is *not* recommended**. Instead, generate\na private key file outside of Terraform and distribute it securely\nto the system where Terraform will be run.\n\nThis is a *logical resource*, so it contributes only to the current Terraform\nstate and does not create any external managed resources.\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as tls from \"@pulumi/tls\";\n\n// ECDSA key with P384 elliptic curve\nconst ecdsa_p384_example = new tls.PrivateKey(\"ecdsa-p384-example\", {\n algorithm: \"ECDSA\",\n ecdsaCurve: \"P384\",\n});\n// RSA key of size 4096 bits\nconst rsa_4096_example = new tls.PrivateKey(\"rsa-4096-example\", {\n algorithm: \"RSA\",\n rsaBits: 4096,\n});\n// ED25519 key\nconst ed25519_example = new tls.PrivateKey(\"ed25519-example\", {algorithm: \"ED25519\"});\n```\n```python\nimport pulumi\nimport pulumi_tls as tls\n\n# ECDSA key with P384 elliptic curve\necdsa_p384_example = tls.PrivateKey(\"ecdsa-p384-example\",\n algorithm=\"ECDSA\",\n ecdsa_curve=\"P384\")\n# RSA key of size 4096 bits\nrsa_4096_example = tls.PrivateKey(\"rsa-4096-example\",\n algorithm=\"RSA\",\n rsa_bits=4096)\n# ED25519 key\ned25519_example = tls.PrivateKey(\"ed25519-example\", algorithm=\"ED25519\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ECDSA key with P384 elliptic curve\n var ecdsa_p384_example = new Tls.PrivateKey(\"ecdsa-p384-example\", new()\n {\n Algorithm = \"ECDSA\",\n EcdsaCurve = \"P384\",\n });\n\n // RSA key of size 4096 bits\n var rsa_4096_example = new Tls.PrivateKey(\"rsa-4096-example\", new()\n {\n Algorithm = \"RSA\",\n RsaBits = 4096,\n });\n\n // ED25519 key\n var ed25519_example = new Tls.PrivateKey(\"ed25519-example\", new()\n {\n Algorithm = \"ED25519\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-tls/sdk/v5/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ECDSA key with P384 elliptic curve\n\t\t_, err := tls.NewPrivateKey(ctx, \"ecdsa-p384-example\", \u0026tls.PrivateKeyArgs{\n\t\t\tAlgorithm: pulumi.String(\"ECDSA\"),\n\t\t\tEcdsaCurve: pulumi.String(\"P384\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// RSA key of size 4096 bits\n\t\t_, err = tls.NewPrivateKey(ctx, \"rsa-4096-example\", \u0026tls.PrivateKeyArgs{\n\t\t\tAlgorithm: pulumi.String(\"RSA\"),\n\t\t\tRsaBits: pulumi.Int(4096),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ED25519 key\n\t\t_, err = tls.NewPrivateKey(ctx, \"ed25519-example\", \u0026tls.PrivateKeyArgs{\n\t\t\tAlgorithm: pulumi.String(\"ED25519\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.tls.PrivateKey;\nimport com.pulumi.tls.PrivateKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // ECDSA key with P384 elliptic curve\n var ecdsa_p384_example = new PrivateKey(\"ecdsa-p384-example\", PrivateKeyArgs.builder()\n .algorithm(\"ECDSA\")\n .ecdsaCurve(\"P384\")\n .build());\n\n // RSA key of size 4096 bits\n var rsa_4096_example = new PrivateKey(\"rsa-4096-example\", PrivateKeyArgs.builder()\n .algorithm(\"RSA\")\n .rsaBits(4096)\n .build());\n\n // ED25519 key\n var ed25519_example = new PrivateKey(\"ed25519-example\", PrivateKeyArgs.builder()\n .algorithm(\"ED25519\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # ECDSA key with P384 elliptic curve\n ecdsa-p384-example:\n type: tls:PrivateKey\n properties:\n algorithm: ECDSA\n ecdsaCurve: P384\n # RSA key of size 4096 bits\n rsa-4096-example:\n type: tls:PrivateKey\n properties:\n algorithm: RSA\n rsaBits: 4096\n # ED25519 key\n ed25519-example:\n type: tls:PrivateKey\n properties:\n algorithm: ED25519\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## Generating a New Key\n\nSince a private key is a logical resource that lives only in the Terraform state,\nit will persist until it is explicitly destroyed by the user.\n\nIn order to force the generation of a new key within an existing state, the\nprivate key instance can be \"tainted\":\n\n```\nterraform taint tls_private_key.example\n```\n\nA new key will then be generated on the next ``pulumi up``.\n", "properties": { "algorithm": { "type": "string", "description": "Name of the algorithm to use when generating the private key. Currently-supported values are: `RSA`, `ECDSA`, `ED25519`.\n" }, "ecdsaCurve": { "type": "string", "description": "When \u003cspan pulumi-lang-nodejs=\"`algorithm`\" pulumi-lang-dotnet=\"`Algorithm`\" pulumi-lang-go=\"`algorithm`\" pulumi-lang-python=\"`algorithm`\" pulumi-lang-yaml=\"`algorithm`\" pulumi-lang-java=\"`algorithm`\"\u003e`algorithm`\u003c/span\u003e is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are: `P224`, `P256`, `P384`, `P521`. (default: `P224`).\n" }, "privateKeyOpenssh": { "type": "string", "description": "Private key data in [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) format.\n", "secret": true }, "privateKeyPem": { "type": "string", "description": "Private key data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n", "secret": true }, "privateKeyPemPkcs8": { "type": "string", "description": "Private key data in [PKCS#8 PEM (RFC 5208)](https://datatracker.ietf.org/doc/html/rfc5208) format.\n", "secret": true }, "publicKeyFingerprintMd5": { "type": "string", "description": "The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. `aa:bb:cc:...`. Only available if the selected private key format is compatible, similarly to \u003cspan pulumi-lang-nodejs=\"`publicKeyOpenssh`\" pulumi-lang-dotnet=\"`PublicKeyOpenssh`\" pulumi-lang-go=\"`publicKeyOpenssh`\" pulumi-lang-python=\"`public_key_openssh`\" pulumi-lang-yaml=\"`publicKeyOpenssh`\" pulumi-lang-java=\"`publicKeyOpenssh`\"\u003e`publicKeyOpenssh`\u003c/span\u003e and the ECDSA P224 limitations.\n" }, "publicKeyFingerprintSha256": { "type": "string", "description": "The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g. `SHA256:...`. Only available if the selected private key format is compatible, similarly to \u003cspan pulumi-lang-nodejs=\"`publicKeyOpenssh`\" pulumi-lang-dotnet=\"`PublicKeyOpenssh`\" pulumi-lang-go=\"`publicKeyOpenssh`\" pulumi-lang-python=\"`public_key_openssh`\" pulumi-lang-yaml=\"`publicKeyOpenssh`\" pulumi-lang-java=\"`publicKeyOpenssh`\"\u003e`publicKeyOpenssh`\u003c/span\u003e and the ECDSA P224 limitations.\n" }, "publicKeyOpenssh": { "type": "string", "description": "The public key data in [\"Authorized Keys\"](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file) format. This is not populated for `ECDSA` with curve `P224`, as it is not supported. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n" }, "publicKeyPem": { "type": "string", "description": "Public key data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n" }, "rsaBits": { "type": "integer", "description": "When \u003cspan pulumi-lang-nodejs=\"`algorithm`\" pulumi-lang-dotnet=\"`Algorithm`\" pulumi-lang-go=\"`algorithm`\" pulumi-lang-python=\"`algorithm`\" pulumi-lang-yaml=\"`algorithm`\" pulumi-lang-java=\"`algorithm`\"\u003e`algorithm`\u003c/span\u003e is `RSA`, the size of the generated RSA key, in bits (default: \u003cspan pulumi-lang-nodejs=\"`2048`\" pulumi-lang-dotnet=\"`2048`\" pulumi-lang-go=\"`2048`\" pulumi-lang-python=\"`2048`\" pulumi-lang-yaml=\"`2048`\" pulumi-lang-java=\"`2048`\"\u003e`2048`\u003c/span\u003e).\n" } }, "required": [ "algorithm", "ecdsaCurve", "privateKeyOpenssh", "privateKeyPem", "privateKeyPemPkcs8", "publicKeyFingerprintMd5", "publicKeyFingerprintSha256", "publicKeyOpenssh", "publicKeyPem", "rsaBits" ], "inputProperties": { "algorithm": { "type": "string", "description": "Name of the algorithm to use when generating the private key. Currently-supported values are: `RSA`, `ECDSA`, `ED25519`.\n" }, "ecdsaCurve": { "type": "string", "description": "When \u003cspan pulumi-lang-nodejs=\"`algorithm`\" pulumi-lang-dotnet=\"`Algorithm`\" pulumi-lang-go=\"`algorithm`\" pulumi-lang-python=\"`algorithm`\" pulumi-lang-yaml=\"`algorithm`\" pulumi-lang-java=\"`algorithm`\"\u003e`algorithm`\u003c/span\u003e is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are: `P224`, `P256`, `P384`, `P521`. (default: `P224`).\n" }, "rsaBits": { "type": "integer", "description": "When \u003cspan pulumi-lang-nodejs=\"`algorithm`\" pulumi-lang-dotnet=\"`Algorithm`\" pulumi-lang-go=\"`algorithm`\" pulumi-lang-python=\"`algorithm`\" pulumi-lang-yaml=\"`algorithm`\" pulumi-lang-java=\"`algorithm`\"\u003e`algorithm`\u003c/span\u003e is `RSA`, the size of the generated RSA key, in bits (default: \u003cspan pulumi-lang-nodejs=\"`2048`\" pulumi-lang-dotnet=\"`2048`\" pulumi-lang-go=\"`2048`\" pulumi-lang-python=\"`2048`\" pulumi-lang-yaml=\"`2048`\" pulumi-lang-java=\"`2048`\"\u003e`2048`\u003c/span\u003e).\n" } }, "requiredInputs": [ "algorithm" ], "stateInputs": { "description": "Input properties used for looking up and filtering PrivateKey resources.\n", "properties": { "algorithm": { "type": "string", "description": "Name of the algorithm to use when generating the private key. Currently-supported values are: `RSA`, `ECDSA`, `ED25519`.\n" }, "ecdsaCurve": { "type": "string", "description": "When \u003cspan pulumi-lang-nodejs=\"`algorithm`\" pulumi-lang-dotnet=\"`Algorithm`\" pulumi-lang-go=\"`algorithm`\" pulumi-lang-python=\"`algorithm`\" pulumi-lang-yaml=\"`algorithm`\" pulumi-lang-java=\"`algorithm`\"\u003e`algorithm`\u003c/span\u003e is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are: `P224`, `P256`, `P384`, `P521`. (default: `P224`).\n" }, "privateKeyOpenssh": { "type": "string", "description": "Private key data in [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) format.\n", "secret": true }, "privateKeyPem": { "type": "string", "description": "Private key data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n", "secret": true }, "privateKeyPemPkcs8": { "type": "string", "description": "Private key data in [PKCS#8 PEM (RFC 5208)](https://datatracker.ietf.org/doc/html/rfc5208) format.\n", "secret": true }, "publicKeyFingerprintMd5": { "type": "string", "description": "The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. `aa:bb:cc:...`. Only available if the selected private key format is compatible, similarly to \u003cspan pulumi-lang-nodejs=\"`publicKeyOpenssh`\" pulumi-lang-dotnet=\"`PublicKeyOpenssh`\" pulumi-lang-go=\"`publicKeyOpenssh`\" pulumi-lang-python=\"`public_key_openssh`\" pulumi-lang-yaml=\"`publicKeyOpenssh`\" pulumi-lang-java=\"`publicKeyOpenssh`\"\u003e`publicKeyOpenssh`\u003c/span\u003e and the ECDSA P224 limitations.\n" }, "publicKeyFingerprintSha256": { "type": "string", "description": "The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g. `SHA256:...`. Only available if the selected private key format is compatible, similarly to \u003cspan pulumi-lang-nodejs=\"`publicKeyOpenssh`\" pulumi-lang-dotnet=\"`PublicKeyOpenssh`\" pulumi-lang-go=\"`publicKeyOpenssh`\" pulumi-lang-python=\"`public_key_openssh`\" pulumi-lang-yaml=\"`publicKeyOpenssh`\" pulumi-lang-java=\"`publicKeyOpenssh`\"\u003e`publicKeyOpenssh`\u003c/span\u003e and the ECDSA P224 limitations.\n" }, "publicKeyOpenssh": { "type": "string", "description": "The public key data in [\"Authorized Keys\"](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file) format. This is not populated for `ECDSA` with curve `P224`, as it is not supported. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n" }, "publicKeyPem": { "type": "string", "description": "Public key data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n" }, "rsaBits": { "type": "integer", "description": "When \u003cspan pulumi-lang-nodejs=\"`algorithm`\" pulumi-lang-dotnet=\"`Algorithm`\" pulumi-lang-go=\"`algorithm`\" pulumi-lang-python=\"`algorithm`\" pulumi-lang-yaml=\"`algorithm`\" pulumi-lang-java=\"`algorithm`\"\u003e`algorithm`\u003c/span\u003e is `RSA`, the size of the generated RSA key, in bits (default: \u003cspan pulumi-lang-nodejs=\"`2048`\" pulumi-lang-dotnet=\"`2048`\" pulumi-lang-go=\"`2048`\" pulumi-lang-python=\"`2048`\" pulumi-lang-yaml=\"`2048`\" pulumi-lang-java=\"`2048`\"\u003e`2048`\u003c/span\u003e).\n" } }, "type": "object" } }, "tls:index/selfSignedCert:SelfSignedCert": { "description": "Creates a **self-signed** TLS certificate in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n\n\u003e **Warning** Self-signed certificates are usually used only in development environments\nor applications deployed internally to an organization.\nCertificates of this type are generally not trusted by client software such\nas web browsers. Therefore clients are likely to generate trust warnings when\nconnecting to a server that has a self-signed certificate. \n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as std from \"@pulumi/std\";\nimport * as tls from \"@pulumi/tls\";\n\nconst example = new tls.SelfSignedCert(\"example\", {\n privateKeyPem: std.file({\n input: \"private_key.pem\",\n }).then(invoke =\u003e invoke.result),\n subject: {\n commonName: \"example.com\",\n organization: \"ACME Examples, Inc\",\n },\n validityPeriodHours: 12,\n allowedUses: [\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_std as std\nimport pulumi_tls as tls\n\nexample = tls.SelfSignedCert(\"example\",\n private_key_pem=std.file(input=\"private_key.pem\").result,\n subject={\n \"common_name\": \"example.com\",\n \"organization\": \"ACME Examples, Inc\",\n },\n validity_period_hours=12,\n allowed_uses=[\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Std = Pulumi.Std;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Tls.SelfSignedCert(\"example\", new()\n {\n PrivateKeyPem = Std.File.Invoke(new()\n {\n Input = \"private_key.pem\",\n }).Apply(invoke =\u003e invoke.Result),\n Subject = new Tls.Inputs.SelfSignedCertSubjectArgs\n {\n CommonName = \"example.com\",\n Organization = \"ACME Examples, Inc\",\n },\n ValidityPeriodHours = 12,\n AllowedUses = new[]\n {\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi-tls/sdk/v5/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"private_key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tls.NewSelfSignedCert(ctx, \"example\", \u0026tls.SelfSignedCertArgs{\n\t\t\tPrivateKeyPem: pulumi.String(invokeFile.Result),\n\t\t\tSubject: \u0026tls.SelfSignedCertSubjectArgs{\n\t\t\t\tCommonName: pulumi.String(\"example.com\"),\n\t\t\t\tOrganization: pulumi.String(\"ACME Examples, Inc\"),\n\t\t\t},\n\t\t\tValidityPeriodHours: pulumi.Int(12),\n\t\t\tAllowedUses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"key_encipherment\"),\n\t\t\t\tpulumi.String(\"digital_signature\"),\n\t\t\t\tpulumi.String(\"server_auth\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.tls.SelfSignedCert;\nimport com.pulumi.tls.SelfSignedCertArgs;\nimport com.pulumi.tls.inputs.SelfSignedCertSubjectArgs;\nimport com.pulumi.std.StdFunctions;\nimport com.pulumi.std.inputs.FileArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SelfSignedCert(\"example\", SelfSignedCertArgs.builder()\n .privateKeyPem(StdFunctions.file(FileArgs.builder()\n .input(\"private_key.pem\")\n .build()).result())\n .subject(SelfSignedCertSubjectArgs.builder()\n .commonName(\"example.com\")\n .organization(\"ACME Examples, Inc\")\n .build())\n .validityPeriodHours(12)\n .allowedUses( \n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: tls:SelfSignedCert\n properties:\n privateKeyPem:\n fn::invoke:\n function: std:file\n arguments:\n input: private_key.pem\n return: result\n subject:\n commonName: example.com\n organization: ACME Examples, Inc\n validityPeriodHours: 12\n allowedUses:\n - key_encipherment\n - digital_signature\n - server_auth\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## Automatic Renewal\n\nThis resource considers its instances to have been deleted after either their validity\nperiods ends (i.e. beyond the \u003cspan pulumi-lang-nodejs=\"`validityPeriodHours`\" pulumi-lang-dotnet=\"`ValidityPeriodHours`\" pulumi-lang-go=\"`validityPeriodHours`\" pulumi-lang-python=\"`validity_period_hours`\" pulumi-lang-yaml=\"`validityPeriodHours`\" pulumi-lang-java=\"`validityPeriodHours`\"\u003e`validityPeriodHours`\u003c/span\u003e)\nor the early renewal period is reached (i.e. within the \u003cspan pulumi-lang-nodejs=\"`earlyRenewalHours`\" pulumi-lang-dotnet=\"`EarlyRenewalHours`\" pulumi-lang-go=\"`earlyRenewalHours`\" pulumi-lang-python=\"`early_renewal_hours`\" pulumi-lang-yaml=\"`earlyRenewalHours`\" pulumi-lang-java=\"`earlyRenewalHours`\"\u003e`earlyRenewalHours`\u003c/span\u003e):\nwhen this happens, the \u003cspan pulumi-lang-nodejs=\"`readyForRenewal`\" pulumi-lang-dotnet=\"`ReadyForRenewal`\" pulumi-lang-go=\"`readyForRenewal`\" pulumi-lang-python=\"`ready_for_renewal`\" pulumi-lang-yaml=\"`readyForRenewal`\" pulumi-lang-java=\"`readyForRenewal`\"\u003e`readyForRenewal`\u003c/span\u003e attribute will be \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e.\nAt this time, applying the Terraform configuration will cause a new certificate to be\ngenerated for the instance.\n\nTherefore in a development environment with frequent deployments it may be convenient\nto set a relatively-short expiration time and use early renewal to automatically provision\na new certificate when the current one is about to expire.\n\nThe creation of a new certificate may of course cause dependent resources to be updated\nor replaced, depending on the lifecycle rules applying to those resources.\n", "properties": { "allowedUses": { "type": "array", "items": { "type": "string" }, "description": "List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: \u003cspan pulumi-lang-nodejs=\"`anyExtended`\" pulumi-lang-dotnet=\"`AnyExtended`\" pulumi-lang-go=\"`anyExtended`\" pulumi-lang-python=\"`any_extended`\" pulumi-lang-yaml=\"`anyExtended`\" pulumi-lang-java=\"`anyExtended`\"\u003e`anyExtended`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`certSigning`\" pulumi-lang-dotnet=\"`CertSigning`\" pulumi-lang-go=\"`certSigning`\" pulumi-lang-python=\"`cert_signing`\" pulumi-lang-yaml=\"`certSigning`\" pulumi-lang-java=\"`certSigning`\"\u003e`certSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`clientAuth`\" pulumi-lang-dotnet=\"`ClientAuth`\" pulumi-lang-go=\"`clientAuth`\" pulumi-lang-python=\"`client_auth`\" pulumi-lang-yaml=\"`clientAuth`\" pulumi-lang-java=\"`clientAuth`\"\u003e`clientAuth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`codeSigning`\" pulumi-lang-dotnet=\"`CodeSigning`\" pulumi-lang-go=\"`codeSigning`\" pulumi-lang-python=\"`code_signing`\" pulumi-lang-yaml=\"`codeSigning`\" pulumi-lang-java=\"`codeSigning`\"\u003e`codeSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`contentCommitment`\" pulumi-lang-dotnet=\"`ContentCommitment`\" pulumi-lang-go=\"`contentCommitment`\" pulumi-lang-python=\"`content_commitment`\" pulumi-lang-yaml=\"`contentCommitment`\" pulumi-lang-java=\"`contentCommitment`\"\u003e`contentCommitment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`crlSigning`\" pulumi-lang-dotnet=\"`CrlSigning`\" pulumi-lang-go=\"`crlSigning`\" pulumi-lang-python=\"`crl_signing`\" pulumi-lang-yaml=\"`crlSigning`\" pulumi-lang-java=\"`crlSigning`\"\u003e`crlSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`dataEncipherment`\" pulumi-lang-dotnet=\"`DataEncipherment`\" pulumi-lang-go=\"`dataEncipherment`\" pulumi-lang-python=\"`data_encipherment`\" pulumi-lang-yaml=\"`dataEncipherment`\" pulumi-lang-java=\"`dataEncipherment`\"\u003e`dataEncipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`decipherOnly`\" pulumi-lang-dotnet=\"`DecipherOnly`\" pulumi-lang-go=\"`decipherOnly`\" pulumi-lang-python=\"`decipher_only`\" pulumi-lang-yaml=\"`decipherOnly`\" pulumi-lang-java=\"`decipherOnly`\"\u003e`decipherOnly`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`digitalSignature`\" pulumi-lang-dotnet=\"`DigitalSignature`\" pulumi-lang-go=\"`digitalSignature`\" pulumi-lang-python=\"`digital_signature`\" pulumi-lang-yaml=\"`digitalSignature`\" pulumi-lang-java=\"`digitalSignature`\"\u003e`digitalSignature`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`emailProtection`\" pulumi-lang-dotnet=\"`EmailProtection`\" pulumi-lang-go=\"`emailProtection`\" pulumi-lang-python=\"`email_protection`\" pulumi-lang-yaml=\"`emailProtection`\" pulumi-lang-java=\"`emailProtection`\"\u003e`emailProtection`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`encipherOnly`\" pulumi-lang-dotnet=\"`EncipherOnly`\" pulumi-lang-go=\"`encipherOnly`\" pulumi-lang-python=\"`encipher_only`\" pulumi-lang-yaml=\"`encipherOnly`\" pulumi-lang-java=\"`encipherOnly`\"\u003e`encipherOnly`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecEndSystem`\" pulumi-lang-dotnet=\"`IpsecEndSystem`\" pulumi-lang-go=\"`ipsecEndSystem`\" pulumi-lang-python=\"`ipsec_end_system`\" pulumi-lang-yaml=\"`ipsecEndSystem`\" pulumi-lang-java=\"`ipsecEndSystem`\"\u003e`ipsecEndSystem`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecTunnel`\" pulumi-lang-dotnet=\"`IpsecTunnel`\" pulumi-lang-go=\"`ipsecTunnel`\" pulumi-lang-python=\"`ipsec_tunnel`\" pulumi-lang-yaml=\"`ipsecTunnel`\" pulumi-lang-java=\"`ipsecTunnel`\"\u003e`ipsecTunnel`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecUser`\" pulumi-lang-dotnet=\"`IpsecUser`\" pulumi-lang-go=\"`ipsecUser`\" pulumi-lang-python=\"`ipsec_user`\" pulumi-lang-yaml=\"`ipsecUser`\" pulumi-lang-java=\"`ipsecUser`\"\u003e`ipsecUser`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyAgreement`\" pulumi-lang-dotnet=\"`KeyAgreement`\" pulumi-lang-go=\"`keyAgreement`\" pulumi-lang-python=\"`key_agreement`\" pulumi-lang-yaml=\"`keyAgreement`\" pulumi-lang-java=\"`keyAgreement`\"\u003e`keyAgreement`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyEncipherment`\" pulumi-lang-dotnet=\"`KeyEncipherment`\" pulumi-lang-go=\"`keyEncipherment`\" pulumi-lang-python=\"`key_encipherment`\" pulumi-lang-yaml=\"`keyEncipherment`\" pulumi-lang-java=\"`keyEncipherment`\"\u003e`keyEncipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftCommercialCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftCommercialCodeSigning`\" pulumi-lang-go=\"`microsoftCommercialCodeSigning`\" pulumi-lang-python=\"`microsoft_commercial_code_signing`\" pulumi-lang-yaml=\"`microsoftCommercialCodeSigning`\" pulumi-lang-java=\"`microsoftCommercialCodeSigning`\"\u003e`microsoftCommercialCodeSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftKernelCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftKernelCodeSigning`\" pulumi-lang-go=\"`microsoftKernelCodeSigning`\" pulumi-lang-python=\"`microsoft_kernel_code_signing`\" pulumi-lang-yaml=\"`microsoftKernelCodeSigning`\" pulumi-lang-java=\"`microsoftKernelCodeSigning`\"\u003e`microsoftKernelCodeSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftServerGatedCrypto`\" pulumi-lang-dotnet=\"`MicrosoftServerGatedCrypto`\" pulumi-lang-go=\"`microsoftServerGatedCrypto`\" pulumi-lang-python=\"`microsoft_server_gated_crypto`\" pulumi-lang-yaml=\"`microsoftServerGatedCrypto`\" pulumi-lang-java=\"`microsoftServerGatedCrypto`\"\u003e`microsoftServerGatedCrypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`netscapeServerGatedCrypto`\" pulumi-lang-dotnet=\"`NetscapeServerGatedCrypto`\" pulumi-lang-go=\"`netscapeServerGatedCrypto`\" pulumi-lang-python=\"`netscape_server_gated_crypto`\" pulumi-lang-yaml=\"`netscapeServerGatedCrypto`\" pulumi-lang-java=\"`netscapeServerGatedCrypto`\"\u003e`netscapeServerGatedCrypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ocspSigning`\" pulumi-lang-dotnet=\"`OcspSigning`\" pulumi-lang-go=\"`ocspSigning`\" pulumi-lang-python=\"`ocsp_signing`\" pulumi-lang-yaml=\"`ocspSigning`\" pulumi-lang-java=\"`ocspSigning`\"\u003e`ocspSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`serverAuth`\" pulumi-lang-dotnet=\"`ServerAuth`\" pulumi-lang-go=\"`serverAuth`\" pulumi-lang-python=\"`server_auth`\" pulumi-lang-yaml=\"`serverAuth`\" pulumi-lang-java=\"`serverAuth`\"\u003e`serverAuth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`timestamping`\" pulumi-lang-dotnet=\"`Timestamping`\" pulumi-lang-go=\"`timestamping`\" pulumi-lang-python=\"`timestamping`\" pulumi-lang-yaml=\"`timestamping`\" pulumi-lang-java=\"`timestamping`\"\u003e`timestamping`\u003c/span\u003e.\n" }, "certPem": { "type": "string", "description": "Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n" }, "dnsNames": { "type": "array", "items": { "type": "string" }, "description": "List of DNS names for which a certificate is being requested (i.e. certificate subjects).\n" }, "earlyRenewalHours": { "type": "integer", "description": "The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e)\n" }, "ipAddresses": { "type": "array", "items": { "type": "string" }, "description": "List of IP addresses for which a certificate is being requested (i.e. certificate subjects).\n" }, "isCaCertificate": { "type": "boolean", "description": "Is the generated certificate representing a Certificate Authority (CA) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n" }, "keyAlgorithm": { "type": "string", "description": "Name of the algorithm used when generating the private key provided in \u003cspan pulumi-lang-nodejs=\"`privateKeyPem`\" pulumi-lang-dotnet=\"`PrivateKeyPem`\" pulumi-lang-go=\"`privateKeyPem`\" pulumi-lang-python=\"`private_key_pem`\" pulumi-lang-yaml=\"`privateKeyPem`\" pulumi-lang-java=\"`privateKeyPem`\"\u003e`privateKeyPem`\u003c/span\u003e.\n" }, "maxPathLength": { "type": "integer", "description": "Maximum number of intermediate certificates that may follow this certificate in a valid certification path. If \u003cspan pulumi-lang-nodejs=\"`isCaCertificate`\" pulumi-lang-dotnet=\"`IsCaCertificate`\" pulumi-lang-go=\"`isCaCertificate`\" pulumi-lang-python=\"`is_ca_certificate`\" pulumi-lang-yaml=\"`isCaCertificate`\" pulumi-lang-java=\"`isCaCertificate`\"\u003e`isCaCertificate`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this value is ignored.\n" }, "privateKeyPem": { "type": "string", "description": "Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to.\n", "secret": true }, "readyForRenewal": { "type": "boolean", "description": "Is the certificate either expired (i.e. beyond the \u003cspan pulumi-lang-nodejs=\"`validityPeriodHours`\" pulumi-lang-dotnet=\"`ValidityPeriodHours`\" pulumi-lang-go=\"`validityPeriodHours`\" pulumi-lang-python=\"`validity_period_hours`\" pulumi-lang-yaml=\"`validityPeriodHours`\" pulumi-lang-java=\"`validityPeriodHours`\"\u003e`validityPeriodHours`\u003c/span\u003e) or ready for an early renewal (i.e. within the \u003cspan pulumi-lang-nodejs=\"`earlyRenewalHours`\" pulumi-lang-dotnet=\"`EarlyRenewalHours`\" pulumi-lang-go=\"`earlyRenewalHours`\" pulumi-lang-python=\"`early_renewal_hours`\" pulumi-lang-yaml=\"`earlyRenewalHours`\" pulumi-lang-java=\"`earlyRenewalHours`\"\u003e`earlyRenewalHours`\u003c/span\u003e)?\n" }, "setAuthorityKeyId": { "type": "boolean", "description": "Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n" }, "setSubjectKeyId": { "type": "boolean", "description": "Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n" }, "subject": { "$ref": "#/types/tls:index/SelfSignedCertSubject:SelfSignedCertSubject", "description": "The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.\n" }, "uris": { "type": "array", "items": { "type": "string" }, "description": "List of URIs for which a certificate is being requested (i.e. certificate subjects).\n" }, "validityEndTime": { "type": "string", "description": "The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.\n" }, "validityPeriodHours": { "type": "integer", "description": "Number of hours, after initial issuing, that the certificate will remain valid for.\n" }, "validityStartTime": { "type": "string", "description": "The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.\n" } }, "required": [ "allowedUses", "certPem", "earlyRenewalHours", "isCaCertificate", "keyAlgorithm", "maxPathLength", "privateKeyPem", "readyForRenewal", "setAuthorityKeyId", "setSubjectKeyId", "validityEndTime", "validityPeriodHours", "validityStartTime" ], "inputProperties": { "allowedUses": { "type": "array", "items": { "type": "string" }, "description": "List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: \u003cspan pulumi-lang-nodejs=\"`anyExtended`\" pulumi-lang-dotnet=\"`AnyExtended`\" pulumi-lang-go=\"`anyExtended`\" pulumi-lang-python=\"`any_extended`\" pulumi-lang-yaml=\"`anyExtended`\" pulumi-lang-java=\"`anyExtended`\"\u003e`anyExtended`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`certSigning`\" pulumi-lang-dotnet=\"`CertSigning`\" pulumi-lang-go=\"`certSigning`\" pulumi-lang-python=\"`cert_signing`\" pulumi-lang-yaml=\"`certSigning`\" pulumi-lang-java=\"`certSigning`\"\u003e`certSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`clientAuth`\" pulumi-lang-dotnet=\"`ClientAuth`\" pulumi-lang-go=\"`clientAuth`\" pulumi-lang-python=\"`client_auth`\" pulumi-lang-yaml=\"`clientAuth`\" pulumi-lang-java=\"`clientAuth`\"\u003e`clientAuth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`codeSigning`\" pulumi-lang-dotnet=\"`CodeSigning`\" pulumi-lang-go=\"`codeSigning`\" pulumi-lang-python=\"`code_signing`\" pulumi-lang-yaml=\"`codeSigning`\" pulumi-lang-java=\"`codeSigning`\"\u003e`codeSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`contentCommitment`\" pulumi-lang-dotnet=\"`ContentCommitment`\" pulumi-lang-go=\"`contentCommitment`\" pulumi-lang-python=\"`content_commitment`\" pulumi-lang-yaml=\"`contentCommitment`\" pulumi-lang-java=\"`contentCommitment`\"\u003e`contentCommitment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`crlSigning`\" pulumi-lang-dotnet=\"`CrlSigning`\" pulumi-lang-go=\"`crlSigning`\" pulumi-lang-python=\"`crl_signing`\" pulumi-lang-yaml=\"`crlSigning`\" pulumi-lang-java=\"`crlSigning`\"\u003e`crlSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`dataEncipherment`\" pulumi-lang-dotnet=\"`DataEncipherment`\" pulumi-lang-go=\"`dataEncipherment`\" pulumi-lang-python=\"`data_encipherment`\" pulumi-lang-yaml=\"`dataEncipherment`\" pulumi-lang-java=\"`dataEncipherment`\"\u003e`dataEncipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`decipherOnly`\" pulumi-lang-dotnet=\"`DecipherOnly`\" pulumi-lang-go=\"`decipherOnly`\" pulumi-lang-python=\"`decipher_only`\" pulumi-lang-yaml=\"`decipherOnly`\" pulumi-lang-java=\"`decipherOnly`\"\u003e`decipherOnly`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`digitalSignature`\" pulumi-lang-dotnet=\"`DigitalSignature`\" pulumi-lang-go=\"`digitalSignature`\" pulumi-lang-python=\"`digital_signature`\" pulumi-lang-yaml=\"`digitalSignature`\" pulumi-lang-java=\"`digitalSignature`\"\u003e`digitalSignature`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`emailProtection`\" pulumi-lang-dotnet=\"`EmailProtection`\" pulumi-lang-go=\"`emailProtection`\" pulumi-lang-python=\"`email_protection`\" pulumi-lang-yaml=\"`emailProtection`\" pulumi-lang-java=\"`emailProtection`\"\u003e`emailProtection`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`encipherOnly`\" pulumi-lang-dotnet=\"`EncipherOnly`\" pulumi-lang-go=\"`encipherOnly`\" pulumi-lang-python=\"`encipher_only`\" pulumi-lang-yaml=\"`encipherOnly`\" pulumi-lang-java=\"`encipherOnly`\"\u003e`encipherOnly`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecEndSystem`\" pulumi-lang-dotnet=\"`IpsecEndSystem`\" pulumi-lang-go=\"`ipsecEndSystem`\" pulumi-lang-python=\"`ipsec_end_system`\" pulumi-lang-yaml=\"`ipsecEndSystem`\" pulumi-lang-java=\"`ipsecEndSystem`\"\u003e`ipsecEndSystem`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecTunnel`\" pulumi-lang-dotnet=\"`IpsecTunnel`\" pulumi-lang-go=\"`ipsecTunnel`\" pulumi-lang-python=\"`ipsec_tunnel`\" pulumi-lang-yaml=\"`ipsecTunnel`\" pulumi-lang-java=\"`ipsecTunnel`\"\u003e`ipsecTunnel`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecUser`\" pulumi-lang-dotnet=\"`IpsecUser`\" pulumi-lang-go=\"`ipsecUser`\" pulumi-lang-python=\"`ipsec_user`\" pulumi-lang-yaml=\"`ipsecUser`\" pulumi-lang-java=\"`ipsecUser`\"\u003e`ipsecUser`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyAgreement`\" pulumi-lang-dotnet=\"`KeyAgreement`\" pulumi-lang-go=\"`keyAgreement`\" pulumi-lang-python=\"`key_agreement`\" pulumi-lang-yaml=\"`keyAgreement`\" pulumi-lang-java=\"`keyAgreement`\"\u003e`keyAgreement`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyEncipherment`\" pulumi-lang-dotnet=\"`KeyEncipherment`\" pulumi-lang-go=\"`keyEncipherment`\" pulumi-lang-python=\"`key_encipherment`\" pulumi-lang-yaml=\"`keyEncipherment`\" pulumi-lang-java=\"`keyEncipherment`\"\u003e`keyEncipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftCommercialCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftCommercialCodeSigning`\" pulumi-lang-go=\"`microsoftCommercialCodeSigning`\" pulumi-lang-python=\"`microsoft_commercial_code_signing`\" pulumi-lang-yaml=\"`microsoftCommercialCodeSigning`\" pulumi-lang-java=\"`microsoftCommercialCodeSigning`\"\u003e`microsoftCommercialCodeSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftKernelCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftKernelCodeSigning`\" pulumi-lang-go=\"`microsoftKernelCodeSigning`\" pulumi-lang-python=\"`microsoft_kernel_code_signing`\" pulumi-lang-yaml=\"`microsoftKernelCodeSigning`\" pulumi-lang-java=\"`microsoftKernelCodeSigning`\"\u003e`microsoftKernelCodeSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftServerGatedCrypto`\" pulumi-lang-dotnet=\"`MicrosoftServerGatedCrypto`\" pulumi-lang-go=\"`microsoftServerGatedCrypto`\" pulumi-lang-python=\"`microsoft_server_gated_crypto`\" pulumi-lang-yaml=\"`microsoftServerGatedCrypto`\" pulumi-lang-java=\"`microsoftServerGatedCrypto`\"\u003e`microsoftServerGatedCrypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`netscapeServerGatedCrypto`\" pulumi-lang-dotnet=\"`NetscapeServerGatedCrypto`\" pulumi-lang-go=\"`netscapeServerGatedCrypto`\" pulumi-lang-python=\"`netscape_server_gated_crypto`\" pulumi-lang-yaml=\"`netscapeServerGatedCrypto`\" pulumi-lang-java=\"`netscapeServerGatedCrypto`\"\u003e`netscapeServerGatedCrypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ocspSigning`\" pulumi-lang-dotnet=\"`OcspSigning`\" pulumi-lang-go=\"`ocspSigning`\" pulumi-lang-python=\"`ocsp_signing`\" pulumi-lang-yaml=\"`ocspSigning`\" pulumi-lang-java=\"`ocspSigning`\"\u003e`ocspSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`serverAuth`\" pulumi-lang-dotnet=\"`ServerAuth`\" pulumi-lang-go=\"`serverAuth`\" pulumi-lang-python=\"`server_auth`\" pulumi-lang-yaml=\"`serverAuth`\" pulumi-lang-java=\"`serverAuth`\"\u003e`serverAuth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`timestamping`\" pulumi-lang-dotnet=\"`Timestamping`\" pulumi-lang-go=\"`timestamping`\" pulumi-lang-python=\"`timestamping`\" pulumi-lang-yaml=\"`timestamping`\" pulumi-lang-java=\"`timestamping`\"\u003e`timestamping`\u003c/span\u003e.\n" }, "dnsNames": { "type": "array", "items": { "type": "string" }, "description": "List of DNS names for which a certificate is being requested (i.e. certificate subjects).\n" }, "earlyRenewalHours": { "type": "integer", "description": "The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e)\n" }, "ipAddresses": { "type": "array", "items": { "type": "string" }, "description": "List of IP addresses for which a certificate is being requested (i.e. certificate subjects).\n" }, "isCaCertificate": { "type": "boolean", "description": "Is the generated certificate representing a Certificate Authority (CA) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n" }, "maxPathLength": { "type": "integer", "description": "Maximum number of intermediate certificates that may follow this certificate in a valid certification path. If \u003cspan pulumi-lang-nodejs=\"`isCaCertificate`\" pulumi-lang-dotnet=\"`IsCaCertificate`\" pulumi-lang-go=\"`isCaCertificate`\" pulumi-lang-python=\"`is_ca_certificate`\" pulumi-lang-yaml=\"`isCaCertificate`\" pulumi-lang-java=\"`isCaCertificate`\"\u003e`isCaCertificate`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this value is ignored.\n" }, "privateKeyPem": { "type": "string", "description": "Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to.\n", "secret": true }, "setAuthorityKeyId": { "type": "boolean", "description": "Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n" }, "setSubjectKeyId": { "type": "boolean", "description": "Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n" }, "subject": { "$ref": "#/types/tls:index/SelfSignedCertSubject:SelfSignedCertSubject", "description": "The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.\n" }, "uris": { "type": "array", "items": { "type": "string" }, "description": "List of URIs for which a certificate is being requested (i.e. certificate subjects).\n" }, "validityPeriodHours": { "type": "integer", "description": "Number of hours, after initial issuing, that the certificate will remain valid for.\n" } }, "requiredInputs": [ "allowedUses", "privateKeyPem", "validityPeriodHours" ], "stateInputs": { "description": "Input properties used for looking up and filtering SelfSignedCert resources.\n", "properties": { "allowedUses": { "type": "array", "items": { "type": "string" }, "description": "List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: \u003cspan pulumi-lang-nodejs=\"`anyExtended`\" pulumi-lang-dotnet=\"`AnyExtended`\" pulumi-lang-go=\"`anyExtended`\" pulumi-lang-python=\"`any_extended`\" pulumi-lang-yaml=\"`anyExtended`\" pulumi-lang-java=\"`anyExtended`\"\u003e`anyExtended`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`certSigning`\" pulumi-lang-dotnet=\"`CertSigning`\" pulumi-lang-go=\"`certSigning`\" pulumi-lang-python=\"`cert_signing`\" pulumi-lang-yaml=\"`certSigning`\" pulumi-lang-java=\"`certSigning`\"\u003e`certSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`clientAuth`\" pulumi-lang-dotnet=\"`ClientAuth`\" pulumi-lang-go=\"`clientAuth`\" pulumi-lang-python=\"`client_auth`\" pulumi-lang-yaml=\"`clientAuth`\" pulumi-lang-java=\"`clientAuth`\"\u003e`clientAuth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`codeSigning`\" pulumi-lang-dotnet=\"`CodeSigning`\" pulumi-lang-go=\"`codeSigning`\" pulumi-lang-python=\"`code_signing`\" pulumi-lang-yaml=\"`codeSigning`\" pulumi-lang-java=\"`codeSigning`\"\u003e`codeSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`contentCommitment`\" pulumi-lang-dotnet=\"`ContentCommitment`\" pulumi-lang-go=\"`contentCommitment`\" pulumi-lang-python=\"`content_commitment`\" pulumi-lang-yaml=\"`contentCommitment`\" pulumi-lang-java=\"`contentCommitment`\"\u003e`contentCommitment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`crlSigning`\" pulumi-lang-dotnet=\"`CrlSigning`\" pulumi-lang-go=\"`crlSigning`\" pulumi-lang-python=\"`crl_signing`\" pulumi-lang-yaml=\"`crlSigning`\" pulumi-lang-java=\"`crlSigning`\"\u003e`crlSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`dataEncipherment`\" pulumi-lang-dotnet=\"`DataEncipherment`\" pulumi-lang-go=\"`dataEncipherment`\" pulumi-lang-python=\"`data_encipherment`\" pulumi-lang-yaml=\"`dataEncipherment`\" pulumi-lang-java=\"`dataEncipherment`\"\u003e`dataEncipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`decipherOnly`\" pulumi-lang-dotnet=\"`DecipherOnly`\" pulumi-lang-go=\"`decipherOnly`\" pulumi-lang-python=\"`decipher_only`\" pulumi-lang-yaml=\"`decipherOnly`\" pulumi-lang-java=\"`decipherOnly`\"\u003e`decipherOnly`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`digitalSignature`\" pulumi-lang-dotnet=\"`DigitalSignature`\" pulumi-lang-go=\"`digitalSignature`\" pulumi-lang-python=\"`digital_signature`\" pulumi-lang-yaml=\"`digitalSignature`\" pulumi-lang-java=\"`digitalSignature`\"\u003e`digitalSignature`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`emailProtection`\" pulumi-lang-dotnet=\"`EmailProtection`\" pulumi-lang-go=\"`emailProtection`\" pulumi-lang-python=\"`email_protection`\" pulumi-lang-yaml=\"`emailProtection`\" pulumi-lang-java=\"`emailProtection`\"\u003e`emailProtection`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`encipherOnly`\" pulumi-lang-dotnet=\"`EncipherOnly`\" pulumi-lang-go=\"`encipherOnly`\" pulumi-lang-python=\"`encipher_only`\" pulumi-lang-yaml=\"`encipherOnly`\" pulumi-lang-java=\"`encipherOnly`\"\u003e`encipherOnly`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecEndSystem`\" pulumi-lang-dotnet=\"`IpsecEndSystem`\" pulumi-lang-go=\"`ipsecEndSystem`\" pulumi-lang-python=\"`ipsec_end_system`\" pulumi-lang-yaml=\"`ipsecEndSystem`\" pulumi-lang-java=\"`ipsecEndSystem`\"\u003e`ipsecEndSystem`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecTunnel`\" pulumi-lang-dotnet=\"`IpsecTunnel`\" pulumi-lang-go=\"`ipsecTunnel`\" pulumi-lang-python=\"`ipsec_tunnel`\" pulumi-lang-yaml=\"`ipsecTunnel`\" pulumi-lang-java=\"`ipsecTunnel`\"\u003e`ipsecTunnel`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecUser`\" pulumi-lang-dotnet=\"`IpsecUser`\" pulumi-lang-go=\"`ipsecUser`\" pulumi-lang-python=\"`ipsec_user`\" pulumi-lang-yaml=\"`ipsecUser`\" pulumi-lang-java=\"`ipsecUser`\"\u003e`ipsecUser`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyAgreement`\" pulumi-lang-dotnet=\"`KeyAgreement`\" pulumi-lang-go=\"`keyAgreement`\" pulumi-lang-python=\"`key_agreement`\" pulumi-lang-yaml=\"`keyAgreement`\" pulumi-lang-java=\"`keyAgreement`\"\u003e`keyAgreement`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyEncipherment`\" pulumi-lang-dotnet=\"`KeyEncipherment`\" pulumi-lang-go=\"`keyEncipherment`\" pulumi-lang-python=\"`key_encipherment`\" pulumi-lang-yaml=\"`keyEncipherment`\" pulumi-lang-java=\"`keyEncipherment`\"\u003e`keyEncipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftCommercialCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftCommercialCodeSigning`\" pulumi-lang-go=\"`microsoftCommercialCodeSigning`\" pulumi-lang-python=\"`microsoft_commercial_code_signing`\" pulumi-lang-yaml=\"`microsoftCommercialCodeSigning`\" pulumi-lang-java=\"`microsoftCommercialCodeSigning`\"\u003e`microsoftCommercialCodeSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftKernelCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftKernelCodeSigning`\" pulumi-lang-go=\"`microsoftKernelCodeSigning`\" pulumi-lang-python=\"`microsoft_kernel_code_signing`\" pulumi-lang-yaml=\"`microsoftKernelCodeSigning`\" pulumi-lang-java=\"`microsoftKernelCodeSigning`\"\u003e`microsoftKernelCodeSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftServerGatedCrypto`\" pulumi-lang-dotnet=\"`MicrosoftServerGatedCrypto`\" pulumi-lang-go=\"`microsoftServerGatedCrypto`\" pulumi-lang-python=\"`microsoft_server_gated_crypto`\" pulumi-lang-yaml=\"`microsoftServerGatedCrypto`\" pulumi-lang-java=\"`microsoftServerGatedCrypto`\"\u003e`microsoftServerGatedCrypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`netscapeServerGatedCrypto`\" pulumi-lang-dotnet=\"`NetscapeServerGatedCrypto`\" pulumi-lang-go=\"`netscapeServerGatedCrypto`\" pulumi-lang-python=\"`netscape_server_gated_crypto`\" pulumi-lang-yaml=\"`netscapeServerGatedCrypto`\" pulumi-lang-java=\"`netscapeServerGatedCrypto`\"\u003e`netscapeServerGatedCrypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ocspSigning`\" pulumi-lang-dotnet=\"`OcspSigning`\" pulumi-lang-go=\"`ocspSigning`\" pulumi-lang-python=\"`ocsp_signing`\" pulumi-lang-yaml=\"`ocspSigning`\" pulumi-lang-java=\"`ocspSigning`\"\u003e`ocspSigning`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`serverAuth`\" pulumi-lang-dotnet=\"`ServerAuth`\" pulumi-lang-go=\"`serverAuth`\" pulumi-lang-python=\"`server_auth`\" pulumi-lang-yaml=\"`serverAuth`\" pulumi-lang-java=\"`serverAuth`\"\u003e`serverAuth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`timestamping`\" pulumi-lang-dotnet=\"`Timestamping`\" pulumi-lang-go=\"`timestamping`\" pulumi-lang-python=\"`timestamping`\" pulumi-lang-yaml=\"`timestamping`\" pulumi-lang-java=\"`timestamping`\"\u003e`timestamping`\u003c/span\u003e.\n" }, "certPem": { "type": "string", "description": "Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n" }, "dnsNames": { "type": "array", "items": { "type": "string" }, "description": "List of DNS names for which a certificate is being requested (i.e. certificate subjects).\n" }, "earlyRenewalHours": { "type": "integer", "description": "The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: \u003cspan pulumi-lang-nodejs=\"`0`\" pulumi-lang-dotnet=\"`0`\" pulumi-lang-go=\"`0`\" pulumi-lang-python=\"`0`\" pulumi-lang-yaml=\"`0`\" pulumi-lang-java=\"`0`\"\u003e`0`\u003c/span\u003e)\n" }, "ipAddresses": { "type": "array", "items": { "type": "string" }, "description": "List of IP addresses for which a certificate is being requested (i.e. certificate subjects).\n" }, "isCaCertificate": { "type": "boolean", "description": "Is the generated certificate representing a Certificate Authority (CA) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n" }, "keyAlgorithm": { "type": "string", "description": "Name of the algorithm used when generating the private key provided in \u003cspan pulumi-lang-nodejs=\"`privateKeyPem`\" pulumi-lang-dotnet=\"`PrivateKeyPem`\" pulumi-lang-go=\"`privateKeyPem`\" pulumi-lang-python=\"`private_key_pem`\" pulumi-lang-yaml=\"`privateKeyPem`\" pulumi-lang-java=\"`privateKeyPem`\"\u003e`privateKeyPem`\u003c/span\u003e.\n" }, "maxPathLength": { "type": "integer", "description": "Maximum number of intermediate certificates that may follow this certificate in a valid certification path. If \u003cspan pulumi-lang-nodejs=\"`isCaCertificate`\" pulumi-lang-dotnet=\"`IsCaCertificate`\" pulumi-lang-go=\"`isCaCertificate`\" pulumi-lang-python=\"`is_ca_certificate`\" pulumi-lang-yaml=\"`isCaCertificate`\" pulumi-lang-java=\"`isCaCertificate`\"\u003e`isCaCertificate`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this value is ignored.\n" }, "privateKeyPem": { "type": "string", "description": "Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to.\n", "secret": true }, "readyForRenewal": { "type": "boolean", "description": "Is the certificate either expired (i.e. beyond the \u003cspan pulumi-lang-nodejs=\"`validityPeriodHours`\" pulumi-lang-dotnet=\"`ValidityPeriodHours`\" pulumi-lang-go=\"`validityPeriodHours`\" pulumi-lang-python=\"`validity_period_hours`\" pulumi-lang-yaml=\"`validityPeriodHours`\" pulumi-lang-java=\"`validityPeriodHours`\"\u003e`validityPeriodHours`\u003c/span\u003e) or ready for an early renewal (i.e. within the \u003cspan pulumi-lang-nodejs=\"`earlyRenewalHours`\" pulumi-lang-dotnet=\"`EarlyRenewalHours`\" pulumi-lang-go=\"`earlyRenewalHours`\" pulumi-lang-python=\"`early_renewal_hours`\" pulumi-lang-yaml=\"`earlyRenewalHours`\" pulumi-lang-java=\"`earlyRenewalHours`\"\u003e`earlyRenewalHours`\u003c/span\u003e)?\n" }, "setAuthorityKeyId": { "type": "boolean", "description": "Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n" }, "setSubjectKeyId": { "type": "boolean", "description": "Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n" }, "subject": { "$ref": "#/types/tls:index/SelfSignedCertSubject:SelfSignedCertSubject", "description": "The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.\n" }, "uris": { "type": "array", "items": { "type": "string" }, "description": "List of URIs for which a certificate is being requested (i.e. certificate subjects).\n" }, "validityEndTime": { "type": "string", "description": "The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.\n" }, "validityPeriodHours": { "type": "integer", "description": "Number of hours, after initial issuing, that the certificate will remain valid for.\n" }, "validityStartTime": { "type": "string", "description": "The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.\n" } }, "type": "object" } } }, "functions": { "pulumi:providers:tls/terraformConfig": { "description": "This function returns a Terraform config object with terraform-namecased keys,to be used with the Terraform Module Provider.", "inputs": { "properties": { "__self__": { "type": "ref", "$ref": "#/provider" } }, "type": "pulumi:providers:tls/terraformConfig", "required": [ "__self__" ] }, "outputs": { "properties": { "result": { "additionalProperties": { "$ref": "pulumi.json#/Any" }, "type": "object" } }, "required": [ "result" ], "type": "object" } }, "tls:index/getCertificate:getCertificate": { "description": "Get information about the TLS certificates securing a host.\n\nUse this data source to get information, such as SHA1 fingerprint or serial number, about the TLS certificates that protects a URL.\n\n## Example Usage\n\n### URL Usage\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as tls from \"@pulumi/tls\";\n\nconst exampleEksCluster = new aws.index.EksCluster(\"example\", {name: \"example\"});\nconst example = tls.getCertificate({\n url: exampleEksCluster.identity[0].oidc[0].issuer,\n});\nconst exampleIamOpenidConnectProvider = new aws.index.IamOpenidConnectProvider(\"example\", {\n clientIdList: [\"sts.amazonaws.com\"],\n thumbprintList: [example.certificates?.[0]?.sha1Fingerprint],\n url: exampleEksCluster.identity[0].oidc[0].issuer,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_tls as tls\n\nexample_eks_cluster = aws.index.EksCluster(\"example\", name=example)\nexample = tls.get_certificate(url=example_eks_cluster[\"identity\"][0][\"oidc\"][0][\"issuer\"])\nexample_iam_openid_connect_provider = aws.index.IamOpenidConnectProvider(\"example\",\n client_id_list=[sts.amazonaws.com],\n thumbprint_list=[example.certificates[0].sha1_fingerprint],\n url=example_eks_cluster.identity[0].oidc[0].issuer)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleEksCluster = new Aws.Index.EksCluster(\"example\", new()\n {\n Name = \"example\",\n });\n\n var example = Tls.GetCertificate.Invoke(new()\n {\n Url = exampleEksCluster.Identity[0].Oidc[0].Issuer,\n });\n\n var exampleIamOpenidConnectProvider = new Aws.Index.IamOpenidConnectProvider(\"example\", new()\n {\n ClientIdList = new[]\n {\n \"sts.amazonaws.com\",\n },\n ThumbprintList = new[]\n {\n example.Apply(getCertificateResult =\u003e getCertificateResult.Certificates[0]?.Sha1Fingerprint),\n },\n Url = exampleEksCluster.Identity[0].Oidc[0].Issuer,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v7/go/aws\"\n\t\"github.com/pulumi/pulumi-tls/sdk/v5/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleEksCluster, err := aws.NewEksCluster(ctx, \"example\", \u0026aws.EksClusterArgs{\n\t\t\tName: \"example\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := tls.GetCertificate(ctx, \u0026tls.GetCertificateArgs{\n\t\t\tUrl: pulumi.StringRef(exampleEksCluster.Identity[0].Oidc[0].Issuer),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aws.NewIamOpenidConnectProvider(ctx, \"example\", \u0026aws.IamOpenidConnectProviderArgs{\n\t\t\tClientIdList: []string{\n\t\t\t\t\"sts.amazonaws.com\",\n\t\t\t},\n\t\t\tThumbprintList: []*string{\n\t\t\t\texample.Certificates[0].Sha1Fingerprint,\n\t\t\t},\n\t\t\tUrl: exampleEksCluster.Identity[0].Oidc[0].Issuer,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.EksCluster;\nimport com.pulumi.aws.EksClusterArgs;\nimport com.pulumi.tls.TlsFunctions;\nimport com.pulumi.tls.inputs.GetCertificateArgs;\nimport com.pulumi.aws.IamOpenidConnectProvider;\nimport com.pulumi.aws.IamOpenidConnectProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleEksCluster = new EksCluster(\"exampleEksCluster\", EksClusterArgs.builder()\n .name(\"example\")\n .build());\n\n final var example = TlsFunctions.getCertificate(GetCertificateArgs.builder()\n .url(exampleEksCluster.identity()[0].oidc()[0].issuer())\n .build());\n\n var exampleIamOpenidConnectProvider = new IamOpenidConnectProvider(\"exampleIamOpenidConnectProvider\", IamOpenidConnectProviderArgs.builder()\n .clientIdList(List.of(\"sts.amazonaws.com\"))\n .thumbprintList(List.of(example.certificates()[0].sha1Fingerprint()))\n .url(exampleEksCluster.identity()[0].oidc()[0].issuer())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleEksCluster:\n type: aws:EksCluster\n name: example\n properties:\n name: example\n exampleIamOpenidConnectProvider:\n type: aws:IamOpenidConnectProvider\n name: example\n properties:\n clientIdList:\n - sts.amazonaws.com\n thumbprintList:\n - ${example.certificates[0].sha1Fingerprint}\n url: ${exampleEksCluster.identity[0].oidc[0].issuer}\nvariables:\n example:\n fn::invoke:\n function: tls:getCertificate\n arguments:\n url: ${exampleEksCluster.identity[0].oidc[0].issuer}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Content Usage\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as std from \"@pulumi/std\";\nimport * as tls from \"@pulumi/tls\";\n\nconst exampleContent = std.file({\n input: \"example.pem\",\n}).then(invoke =\u003e tls.getCertificate({\n content: invoke.result,\n}));\n```\n```python\nimport pulumi\nimport pulumi_std as std\nimport pulumi_tls as tls\n\nexample_content = tls.get_certificate(content=std.file(input=\"example.pem\").result)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Std = Pulumi.Std;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleContent = Tls.GetCertificate.Invoke(new()\n {\n Content = Std.File.Invoke(new()\n {\n Input = \"example.pem\",\n }).Result,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi-tls/sdk/v5/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tls.GetCertificate(ctx, \u0026tls.GetCertificateArgs{\n\t\t\tContent: pulumi.StringRef(std.File(ctx, \u0026std.FileArgs{\n\t\t\t\tInput: \"example.pem\",\n\t\t\t}, nil).Result),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.std.StdFunctions;\nimport com.pulumi.std.inputs.FileArgs;\nimport com.pulumi.tls.TlsFunctions;\nimport com.pulumi.tls.inputs.GetCertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var exampleContent = TlsFunctions.getCertificate(GetCertificateArgs.builder()\n .content(StdFunctions.file(FileArgs.builder()\n .input(\"example.pem\")\n .build()).result())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n exampleContent:\n fn::invoke:\n function: tls:getCertificate\n arguments:\n content:\n fn::invoke:\n function: std:file\n arguments:\n input: example.pem\n return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--\n Schema ORIGINALLY generated by tfplugindocs,\n then manually tweaked to circumvent current limitations.\n\n This should be revisited, once https://github.com/hashicorp/terraform-plugin-docs/issues/66 is resolved.\n--\u003e\n", "inputs": { "description": "A collection of arguments for invoking getCertificate.\n", "properties": { "content": { "type": "string", "description": "The content of the certificate in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. Cannot be used with \u003cspan pulumi-lang-nodejs=\"`url`\" pulumi-lang-dotnet=\"`Url`\" pulumi-lang-go=\"`url`\" pulumi-lang-python=\"`url`\" pulumi-lang-yaml=\"`url`\" pulumi-lang-java=\"`url`\"\u003e`url`\u003c/span\u003e.\n" }, "url": { "type": "string", "description": "The URL of the website to get the certificates from. Cannot be used with \u003cspan pulumi-lang-nodejs=\"`content`\" pulumi-lang-dotnet=\"`Content`\" pulumi-lang-go=\"`content`\" pulumi-lang-python=\"`content`\" pulumi-lang-yaml=\"`content`\" pulumi-lang-java=\"`content`\"\u003e`content`\u003c/span\u003e.\n" }, "verifyChain": { "type": "boolean", "description": "Whether to verify the certificate chain while parsing it or not (default: \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e). Cannot be used with \u003cspan pulumi-lang-nodejs=\"`content`\" pulumi-lang-dotnet=\"`Content`\" pulumi-lang-go=\"`content`\" pulumi-lang-python=\"`content`\" pulumi-lang-yaml=\"`content`\" pulumi-lang-java=\"`content`\"\u003e`content`\u003c/span\u003e.\n" } }, "type": "object" }, "outputs": { "description": "A collection of values returned by getCertificate.\n", "properties": { "certificates": { "description": "The certificates protecting the site, with the root of the chain first.\n", "items": { "$ref": "#/types/tls:index/getCertificateCertificate:getCertificateCertificate" }, "type": "array" }, "content": { "description": "The content of the certificate in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. Cannot be used with \u003cspan pulumi-lang-nodejs=\"`url`\" pulumi-lang-dotnet=\"`Url`\" pulumi-lang-go=\"`url`\" pulumi-lang-python=\"`url`\" pulumi-lang-yaml=\"`url`\" pulumi-lang-java=\"`url`\"\u003e`url`\u003c/span\u003e.\n", "type": "string" }, "id": { "description": "Unique identifier of this data source: hashing of the certificates in the chain.\n", "type": "string" }, "url": { "description": "The URL of the website to get the certificates from. Cannot be used with \u003cspan pulumi-lang-nodejs=\"`content`\" pulumi-lang-dotnet=\"`Content`\" pulumi-lang-go=\"`content`\" pulumi-lang-python=\"`content`\" pulumi-lang-yaml=\"`content`\" pulumi-lang-java=\"`content`\"\u003e`content`\u003c/span\u003e.\n", "type": "string" }, "verifyChain": { "description": "Whether to verify the certificate chain while parsing it or not (default: \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e). Cannot be used with \u003cspan pulumi-lang-nodejs=\"`content`\" pulumi-lang-dotnet=\"`Content`\" pulumi-lang-go=\"`content`\" pulumi-lang-python=\"`content`\" pulumi-lang-yaml=\"`content`\" pulumi-lang-java=\"`content`\"\u003e`content`\u003c/span\u003e.\n", "type": "boolean" } }, "required": [ "certificates", "id" ], "type": "object" } }, "tls:index/getPublicKey:getPublicKey": { "description": "Get a public key from a PEM-encoded private key.\n\nUse this data source to get the public key from a [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) or [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) formatted private key, for use in other resources.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as std from \"@pulumi/std\";\nimport * as tls from \"@pulumi/tls\";\n\nconst ed25519_example = new tls.PrivateKey(\"ed25519-example\", {algorithm: \"ED25519\"});\n// Public key loaded from a terraform-generated private key, using the PEM (RFC 1421) format\nconst privateKeyPem_example = tls.getPublicKeyOutput({\n privateKeyPem: ed25519_example.privateKeyPem,\n});\n// Public key loaded from filesystem, using the Open SSH (RFC 4716) format\nconst privateKeyOpenssh_example = std.file({\n input: \"~/.ssh/id_rsa_rfc4716\",\n}).then(invoke =\u003e tls.getPublicKey({\n privateKeyOpenssh: invoke.result,\n}));\n```\n```python\nimport pulumi\nimport pulumi_std as std\nimport pulumi_tls as tls\n\ned25519_example = tls.PrivateKey(\"ed25519-example\", algorithm=\"ED25519\")\n# Public key loaded from a terraform-generated private key, using the PEM (RFC 1421) format\nprivate_key_pem_example = tls.get_public_key_output(private_key_pem=ed25519_example.private_key_pem)\n# Public key loaded from filesystem, using the Open SSH (RFC 4716) format\nprivate_key_openssh_example = tls.get_public_key(private_key_openssh=std.file(input=\"~/.ssh/id_rsa_rfc4716\").result)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Std = Pulumi.Std;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ed25519_example = new Tls.PrivateKey(\"ed25519-example\", new()\n {\n Algorithm = \"ED25519\",\n });\n\n // Public key loaded from a terraform-generated private key, using the PEM (RFC 1421) format\n var privateKeyPem_example = Tls.GetPublicKey.Invoke(new()\n {\n PrivateKeyPem = ed25519_example.PrivateKeyPem,\n });\n\n // Public key loaded from filesystem, using the Open SSH (RFC 4716) format\n var privateKeyOpenssh_example = Tls.GetPublicKey.Invoke(new()\n {\n PrivateKeyOpenssh = Std.File.Invoke(new()\n {\n Input = \"~/.ssh/id_rsa_rfc4716\",\n }).Result,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi-tls/sdk/v5/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ted25519_example, err := tls.NewPrivateKey(ctx, \"ed25519-example\", \u0026tls.PrivateKeyArgs{\n\t\t\tAlgorithm: pulumi.String(\"ED25519\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Public key loaded from a terraform-generated private key, using the PEM (RFC 1421) format\n\t\t_ = tls.GetPublicKeyOutput(ctx, tls.GetPublicKeyOutputArgs{\n\t\t\tPrivateKeyPem: ed25519_example.PrivateKeyPem,\n\t\t}, nil)\n\t\t// Public key loaded from filesystem, using the Open SSH (RFC 4716) format\n\t\t_, err = tls.GetPublicKey(ctx, \u0026tls.GetPublicKeyArgs{\n\t\t\tPrivateKeyOpenssh: pulumi.StringRef(std.File(ctx, \u0026std.FileArgs{\n\t\t\t\tInput: \"~/.ssh/id_rsa_rfc4716\",\n\t\t\t}, nil).Result),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.tls.PrivateKey;\nimport com.pulumi.tls.PrivateKeyArgs;\nimport com.pulumi.tls.TlsFunctions;\nimport com.pulumi.tls.inputs.GetPublicKeyArgs;\nimport com.pulumi.std.StdFunctions;\nimport com.pulumi.std.inputs.FileArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var ed25519_example = new PrivateKey(\"ed25519-example\", PrivateKeyArgs.builder()\n .algorithm(\"ED25519\")\n .build());\n\n // Public key loaded from a terraform-generated private key, using the PEM (RFC 1421) format\n final var privateKeyPem-example = TlsFunctions.getPublicKey(GetPublicKeyArgs.builder()\n .privateKeyPem(ed25519_example.privateKeyPem())\n .build());\n\n // Public key loaded from filesystem, using the Open SSH (RFC 4716) format\n final var privateKeyOpenssh-example = TlsFunctions.getPublicKey(GetPublicKeyArgs.builder()\n .privateKeyOpenssh(StdFunctions.file(FileArgs.builder()\n .input(\"~/.ssh/id_rsa_rfc4716\")\n .build()).result())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ed25519-example:\n type: tls:PrivateKey\n properties:\n algorithm: ED25519\nvariables:\n # Public key loaded from a terraform-generated private key, using the PEM (RFC 1421) format\n privateKeyPem-example:\n fn::invoke:\n function: tls:getPublicKey\n arguments:\n privateKeyPem: ${[\"ed25519-example\"].privateKeyPem}\n # Public key loaded from filesystem, using the Open SSH (RFC 4716) format\n privateKeyOpenssh-example:\n fn::invoke:\n function: tls:getPublicKey\n arguments:\n privateKeyOpenssh:\n fn::invoke:\n function: std:file\n arguments:\n input: ~/.ssh/id_rsa_rfc4716\n return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getPublicKey.\n", "properties": { "privateKeyOpenssh": { "type": "string", "description": "The private key (in [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) format) to extract the public key from. This is *mutually exclusive* with \u003cspan pulumi-lang-nodejs=\"`privateKeyPem`\" pulumi-lang-dotnet=\"`PrivateKeyPem`\" pulumi-lang-go=\"`privateKeyPem`\" pulumi-lang-python=\"`private_key_pem`\" pulumi-lang-yaml=\"`privateKeyPem`\" pulumi-lang-java=\"`privateKeyPem`\"\u003e`privateKeyPem`\u003c/span\u003e. Currently-supported algorithms for keys are: `RSA`, `ECDSA`, `ED25519`.\n", "secret": true }, "privateKeyPem": { "type": "string", "description": "The private key (in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format) to extract the public key from. This is *mutually exclusive* with \u003cspan pulumi-lang-nodejs=\"`privateKeyOpenssh`\" pulumi-lang-dotnet=\"`PrivateKeyOpenssh`\" pulumi-lang-go=\"`privateKeyOpenssh`\" pulumi-lang-python=\"`private_key_openssh`\" pulumi-lang-yaml=\"`privateKeyOpenssh`\" pulumi-lang-java=\"`privateKeyOpenssh`\"\u003e`privateKeyOpenssh`\u003c/span\u003e. Currently-supported algorithms for keys are: `RSA`, `ECDSA`, `ED25519`.\n", "secret": true } }, "type": "object" }, "outputs": { "description": "A collection of values returned by getPublicKey.\n", "properties": { "algorithm": { "description": "The name of the algorithm used by the given private key. Possible values are: `RSA`, `ECDSA`, `ED25519`.\n", "type": "string" }, "id": { "description": "Unique identifier for this data source: hexadecimal representation of the SHA1 checksum of the data source.\n", "type": "string" }, "privateKeyOpenssh": { "description": "The private key (in [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) format) to extract the public key from. This is *mutually exclusive* with \u003cspan pulumi-lang-nodejs=\"`privateKeyPem`\" pulumi-lang-dotnet=\"`PrivateKeyPem`\" pulumi-lang-go=\"`privateKeyPem`\" pulumi-lang-python=\"`private_key_pem`\" pulumi-lang-yaml=\"`privateKeyPem`\" pulumi-lang-java=\"`privateKeyPem`\"\u003e`privateKeyPem`\u003c/span\u003e. Currently-supported algorithms for keys are: `RSA`, `ECDSA`, `ED25519`.\n", "secret": true, "type": "string" }, "privateKeyPem": { "description": "The private key (in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format) to extract the public key from. This is *mutually exclusive* with \u003cspan pulumi-lang-nodejs=\"`privateKeyOpenssh`\" pulumi-lang-dotnet=\"`PrivateKeyOpenssh`\" pulumi-lang-go=\"`privateKeyOpenssh`\" pulumi-lang-python=\"`private_key_openssh`\" pulumi-lang-yaml=\"`privateKeyOpenssh`\" pulumi-lang-java=\"`privateKeyOpenssh`\"\u003e`privateKeyOpenssh`\u003c/span\u003e. Currently-supported algorithms for keys are: `RSA`, `ECDSA`, `ED25519`.\n", "secret": true, "type": "string" }, "publicKeyFingerprintMd5": { "description": "The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. `aa:bb:cc:...`. Only available if the selected private key format is compatible, as per the rules for \u003cspan pulumi-lang-nodejs=\"`publicKeyOpenssh`\" pulumi-lang-dotnet=\"`PublicKeyOpenssh`\" pulumi-lang-go=\"`publicKeyOpenssh`\" pulumi-lang-python=\"`public_key_openssh`\" pulumi-lang-yaml=\"`publicKeyOpenssh`\" pulumi-lang-java=\"`publicKeyOpenssh`\"\u003e`publicKeyOpenssh`\u003c/span\u003e and ECDSA P224 limitations.\n", "type": "string" }, "publicKeyFingerprintSha256": { "description": "The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g. `SHA256:...`. Only available if the selected private key format is compatible, as per the rules for \u003cspan pulumi-lang-nodejs=\"`publicKeyOpenssh`\" pulumi-lang-dotnet=\"`PublicKeyOpenssh`\" pulumi-lang-go=\"`publicKeyOpenssh`\" pulumi-lang-python=\"`public_key_openssh`\" pulumi-lang-yaml=\"`publicKeyOpenssh`\" pulumi-lang-java=\"`publicKeyOpenssh`\"\u003e`publicKeyOpenssh`\u003c/span\u003e and ECDSA P224 limitations.\n", "type": "string" }, "publicKeyOpenssh": { "description": "The public key, in [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) format. This is also known as ['Authorized Keys'](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file) format. This is not populated for `ECDSA` with curve `P224`, as it is not supported. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n", "type": "string" }, "publicKeyPem": { "description": "The public key, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n", "type": "string" } }, "required": [ "algorithm", "id", "publicKeyFingerprintMd5", "publicKeyFingerprintSha256", "publicKeyOpenssh", "publicKeyPem" ], "type": "object" } } } }