Query

azure::key-vault-certificate

Creates a key vault certificate.

Example

azure::key-vault-certificate vault-certificate-example
    name: "certificate-example"
    vault: $(azure::key-vault vault-example)

    policy
        key-properties
            exportable: false
            reuse-key: false
            size: 2048
            type: "RSA"
        end

        lifetime-action
            action
                type: "EmailContacts"
            end

            trigger
                lifetime-percentage: 90
            end
        end

        secret-properties
            content-type: "application/x-pkcs12"
        end

        x509-properties
            key-usage: ["digitalSignature", "keyEncipherment"]
            subject: "CN=a1.com"
            validity-in-months:  2
            ekus: ["1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2"]
        end

        attribute
            "enabled" : true
            "expires" : "2020-04-03T15:54:12.000Z"
        end

        issuer-parameter
            name: "Self"
        end
    end
end

Attributes

Attribute	Description
name	The name of the certificate. (Required)
vault	The key vault under which the certificate is going to be created. (Required)
policy subresource	The policy config for the certificate. (Required) issuer-parameter subresource Issuer parameter config for the certificate policy. (Required) name The name of the issuer of the certificate. Valid values are Self, Unknown or any issuer already present in your azure account as a valid CA. (Required) type Type of certificate being issued. key-properties subresource The key properties for the certificate policy. (Required) exportable When set to true allows the certificates private key to be exportable. (Required) reuse-key When set to true allows the certificate key to be reused or renewed. (Required) size The key size. Valid values are 2048.0, 3072.0 or ``4096.0`. type The key type. Currently only supported value is RSA. Currently the only supported value is RSA. lifetime-action list subresource Lifetime config for the certificate policy. Maximum allowed items are 1. (Required) action subresource Lifetime action config for the certificate policy. (Required) type The lifetime action type. Valid values are EmailContacts or AutoRenew. (Required) trigger subresource Lifetime trigger config for the certificate policy. days-before-expiry Days before certificate expires of lifetime at which to trigger. Minimum allowed value is 0. lifetime-percentage Percentage of lifetime at which to trigger. Value should be between 1 and 99. Valid values are between 1 to 99. (Required) secret-properties subresource Secrets config for the certificate policy. (Required) content-type The type of certificate to generate. Valid values are application/x-pem-file or application/x-pkcs12. (Required) x509-properties subresource X509 properties for the certificate policy. (Required) key-usage list A list of key usage flags. subject The x.500 distinguished name. (Required) subject-alternative-name subresource Alternate name config for the certificate. emails list A list of emails as part of the certificate. dns-names list A list of DNS names to be associated with the certificate. (Required) upns list A list of UPNS values. validity-in-months Validation of the certificate in months. Value should be between 1 to 12. Valid values are between 1 to 12. (Required) ekus list A list of x.660 OID. attribute subresource Additional attributes for the certificate policy. enabled Enable or Disable the certificate for use. expires A date time value value in UTC specifying when the certificate expires. Format YYYY-MM-DDTHH:MM:SS.sssZ. Example 2020-04-03T15:54:12.000Z. not-before A date time value value in UTC specifying the not before time. Format YYYY-MM-DDTHH:MM:SS.sssZ. Example 2020-04-03T15:54:12.000Z.
tags map	Tags for the certificate.

Outputs

Attribute	Description
version	The version of the certificate.
id	The Id of the certificate.
sid	The SID of the certificate.
secret-id	The secret ID of the certificate.
kid	The KID of the certificate.
key-id	The key ID of the certificate.