azure::key-vault-certificate¶

Creates a key vault certificate.

Example¶

azure::key-vault-certificate vault-certificate-example
    name: "certificate-example"
    vault: $(azure::key-vault vault-example)

    policy
        key-properties
            exportable: false
            reuse-key: false
            size: 2048
            type: "RSA"
        end

        lifetime-action
            action
                type: "EmailContacts"
            end

            trigger
                lifetime-percentage: 90
            end
        end

        secret-properties
            content-type: "application/x-pkcs12"
        end

        x509-properties
            key-usage: ["digitalSignature", "keyEncipherment"]
            subject: "CN=a1.com"
            validity-in-months:  2
            ekus: ["1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2"]
        end

        attribute
            "enabled" : true
            "expires" : "2020-04-03T15:54:12.000Z"
        end

        issuer-parameter
            name: "Self"
        end
    end
end

Attributes¶

Attribute	Description
name	The name of the certificate. (Required)
vault	The key vault under which the certificate is going to be created. (Required)
policy subresource	The policy config for the certificate. (Required) content-type The type of certificate to generate. Valid values are `application/x-pem-file` or `application/x-pkcs12`. (Required) subject The x.500 distinguished name. (Required) key-type The key type. key-curve-name The key curve name. Valid values are `P-256`, `P-384`, `P-521` or `P-256K`. enabled Enable or Disable the certificate for use. transparent Enable or Disable transparency of the certificate. exportable When set to `true` allows the certificates private key to be exportable. (Required) key-reusable When set to `true` allows the certificate key to be reused or renewed. (Required) validity-in-months Validation of the certificate in months. Valid values are between `1` to `12`. (Required) key-size The key size. Valid values are `256.0`, `384.0` or ``521.0`. subject-alternative-name subresource Alternate name config for the certificate. emails list A list of emails as part of the certificate. dns-names list A list of DNS names to be associated with the certificate. (Required) upns list A list of user principal name values. key-usage list A list of key usage flags. Valid values are `digitalSignature`, `nonRepudiation`, `keyEncipherment`, `dataEncipherment`, `keyAgreement`, `keyCertSign`, `cRLSign`, `encipherOnly` and `decipherOnly`. enhanced-key-usage list A list of enhanced key usage flags. lifetime-action list subresource Lifetime config for the certificate policy. Maximum allowed items are `1`. (Required) action The lifetime action type. Valid values are `EmailContacts` or `AutoRenew`. (Required) days-before-expiry Days before certificate expires of lifetime at which to trigger. Minimum allowed value is `0`. lifetime-percentage Percentage of lifetime at which to trigger. Value should be between `1` and `99`. Valid values are between `1` to `99`. (Required)
tags map	Tags for the certificate.
enabled	Enable or Disable the certificate for use.

Outputs¶

Attribute	Description
version	The version of the certificate.
id	The Id of the certificate.
secret-id	The secret ID of the certificate.