HashiCorp Vault v6.6.0, Mar 13 25

HashiCorp Vault v6.6.0 published on Thursday, Mar 13, 2025 by Pulumi

vault.pkiSecret.SecretBackendSign

Explore with Pulumi AI

HashiCorp Vault v6.6.0 published on Thursday, Mar 13, 2025 by Pulumi

Example Usage

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const test = new vault.pkisecret.SecretBackendSign("test", {
    backend: pki.path,
    name: admin.name,
    csr: `-----BEGIN CERTIFICATE REQUEST-----
MIIEqDCCApACAQAwYzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEcMBoGA1UEAwwTY2Vy
dC50ZXN0Lm15LmRvbWFpbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
AJupYCQ8UVCWII1Zof1c6YcSSaM9hEaDU78cfKP5RoSeH10BvrWRfT+mzCONVpNP
CW9Iabtvk6hm0ot6ilnndEyVJbc0g7hdDLBX5BM25D+DGZGJRKUz1V+uBrWmXtIt
Vonj7JTDTe7ViH0GDsB7CvqXFGXO2a2cDYBchLkL6vQiFPshxvUsLtwxuy/qdYgy
X6ya+AUoZcoQGy1XxNjfH6cPtWSWQGEp1oPR6vL9hU3laTZb3C+VV4jZem+he8/0
V+qV6fLG92WTXm2hmf8nrtUqqJ+C7mW/RJod+TviviBadIX0OHXW7k5HVsZood01
te8vMRUNJNiZfa9EMIK5oncbQn0LcM3Wo9VrjpL7jREb/4HCS2gswYGv7hzk9cCS
kVY4rDucchKbApuI3kfzmO7GFOF5eiSkYZpY/czNn7VVM3WCu6dpOX4+3rhgrZQw
kY14L930DaLVRUgve/zKVP2D2GHdEOs+MbV7s96UgigT9pXly/yHPj+1sSYqmnaD
5b7jSeJusmzO/nrwXVGLsnezR87VzHl9Ux9g5s6zh+R+PrZuVxYsLvoUpaasH47O
gIcBzSb/6pSGZKAUizmYsHsR1k88dAvsQ+FsUDaNokdi9VndEB4QPmiFmjyLV+0I
1TFoXop4sW11NPz1YCq+IxnYrEaIN3PyhY0GvBJDFY1/AgMBAAGgADANBgkqhkiG
9w0BAQsFAAOCAgEActuqnqS8Y9UF7e08w7tR3FPzGecWreuvxILrlFEZJxiLPFqL
It7uJvtypCVQvz6UQzKdBYO7tMpRaWViB8DrWzXNZjLMrg+QHcpveg8C0Ett4scG
fnvLk6fTDFYrnGvwHTqiHos5i0y3bFLyS1BGwSpdLAykGtvC+VM8mRyw/Y7CPcKN
77kebY/9xduW1g2uxWLr0x90RuQDv9psPojT+59tRLGSp5Kt0IeD3QtnAZEFE4aN
vt+Pd69eg3BgZ8ZeDgoqAw3yppvOkpAFiE5pw2qPZaM4SRphl4d2Lek2zNIMyZqv
do5zh356HOgXtDaSg0POnRGrN/Ua+LMCRTg6GEPUnx9uQb/zt8Zu0hIexDGyykp1
OGqtWlv/Nc8UYuS38v0BeB6bMPeoqQUjkqs8nHlAEFn0KlgYdtDC+7SdQx6wS4te
dBKRNDfC4lS3jYJgs55jHqonZgkpSi3bamlxpfpW0ukGBcmq91wRe4bOw/4uD/vf
UwqMWOdCYcU3mdYNjTWy22ORW3SGFQxMBwpUEURCSoeqWr6aJeQ7KAYkx1PrB5T8
OTEc13lWf+B0PU9UJuGTsmpIuImPDVd0EVDayr3mT5dDbqTVDbe8ppf2IswABmf0
o3DybUeUmknYjl109rdSf+76nuREICHatxXgN3xCMFuBaN4WLO+ksd6Y1Ys=
-----END CERTIFICATE REQUEST-----
`,
    commonName: "test.my.domain",
}, {
    dependsOn: [admin],
});

import pulumi
import pulumi_vault as vault

test = vault.pki_secret.SecretBackendSign("test",
    backend=pki["path"],
    name=admin["name"],
    csr="""-----BEGIN CERTIFICATE REQUEST-----
MIIEqDCCApACAQAwYzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEcMBoGA1UEAwwTY2Vy
dC50ZXN0Lm15LmRvbWFpbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
AJupYCQ8UVCWII1Zof1c6YcSSaM9hEaDU78cfKP5RoSeH10BvrWRfT+mzCONVpNP
CW9Iabtvk6hm0ot6ilnndEyVJbc0g7hdDLBX5BM25D+DGZGJRKUz1V+uBrWmXtIt
Vonj7JTDTe7ViH0GDsB7CvqXFGXO2a2cDYBchLkL6vQiFPshxvUsLtwxuy/qdYgy
X6ya+AUoZcoQGy1XxNjfH6cPtWSWQGEp1oPR6vL9hU3laTZb3C+VV4jZem+he8/0
V+qV6fLG92WTXm2hmf8nrtUqqJ+C7mW/RJod+TviviBadIX0OHXW7k5HVsZood01
te8vMRUNJNiZfa9EMIK5oncbQn0LcM3Wo9VrjpL7jREb/4HCS2gswYGv7hzk9cCS
kVY4rDucchKbApuI3kfzmO7GFOF5eiSkYZpY/czNn7VVM3WCu6dpOX4+3rhgrZQw
kY14L930DaLVRUgve/zKVP2D2GHdEOs+MbV7s96UgigT9pXly/yHPj+1sSYqmnaD
5b7jSeJusmzO/nrwXVGLsnezR87VzHl9Ux9g5s6zh+R+PrZuVxYsLvoUpaasH47O
gIcBzSb/6pSGZKAUizmYsHsR1k88dAvsQ+FsUDaNokdi9VndEB4QPmiFmjyLV+0I
1TFoXop4sW11NPz1YCq+IxnYrEaIN3PyhY0GvBJDFY1/AgMBAAGgADANBgkqhkiG
9w0BAQsFAAOCAgEActuqnqS8Y9UF7e08w7tR3FPzGecWreuvxILrlFEZJxiLPFqL
It7uJvtypCVQvz6UQzKdBYO7tMpRaWViB8DrWzXNZjLMrg+QHcpveg8C0Ett4scG
fnvLk6fTDFYrnGvwHTqiHos5i0y3bFLyS1BGwSpdLAykGtvC+VM8mRyw/Y7CPcKN
77kebY/9xduW1g2uxWLr0x90RuQDv9psPojT+59tRLGSp5Kt0IeD3QtnAZEFE4aN
vt+Pd69eg3BgZ8ZeDgoqAw3yppvOkpAFiE5pw2qPZaM4SRphl4d2Lek2zNIMyZqv
do5zh356HOgXtDaSg0POnRGrN/Ua+LMCRTg6GEPUnx9uQb/zt8Zu0hIexDGyykp1
OGqtWlv/Nc8UYuS38v0BeB6bMPeoqQUjkqs8nHlAEFn0KlgYdtDC+7SdQx6wS4te
dBKRNDfC4lS3jYJgs55jHqonZgkpSi3bamlxpfpW0ukGBcmq91wRe4bOw/4uD/vf
UwqMWOdCYcU3mdYNjTWy22ORW3SGFQxMBwpUEURCSoeqWr6aJeQ7KAYkx1PrB5T8
OTEc13lWf+B0PU9UJuGTsmpIuImPDVd0EVDayr3mT5dDbqTVDbe8ppf2IswABmf0
o3DybUeUmknYjl109rdSf+76nuREICHatxXgN3xCMFuBaN4WLO+ksd6Y1Ys=
-----END CERTIFICATE REQUEST-----
""",
    common_name="test.my.domain",
    opts = pulumi.ResourceOptions(depends_on=[admin]))

package main

import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/pkisecret"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := pkisecret.NewSecretBackendSign(ctx, "test", &pkisecret.SecretBackendSignArgs{
			Backend: pulumi.Any(pki.Path),
			Name:    pulumi.Any(admin.Name),
			Csr: pulumi.String(`-----BEGIN CERTIFICATE REQUEST-----
MIIEqDCCApACAQAwYzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEcMBoGA1UEAwwTY2Vy
dC50ZXN0Lm15LmRvbWFpbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
AJupYCQ8UVCWII1Zof1c6YcSSaM9hEaDU78cfKP5RoSeH10BvrWRfT+mzCONVpNP
CW9Iabtvk6hm0ot6ilnndEyVJbc0g7hdDLBX5BM25D+DGZGJRKUz1V+uBrWmXtIt
Vonj7JTDTe7ViH0GDsB7CvqXFGXO2a2cDYBchLkL6vQiFPshxvUsLtwxuy/qdYgy
X6ya+AUoZcoQGy1XxNjfH6cPtWSWQGEp1oPR6vL9hU3laTZb3C+VV4jZem+he8/0
V+qV6fLG92WTXm2hmf8nrtUqqJ+C7mW/RJod+TviviBadIX0OHXW7k5HVsZood01
te8vMRUNJNiZfa9EMIK5oncbQn0LcM3Wo9VrjpL7jREb/4HCS2gswYGv7hzk9cCS
kVY4rDucchKbApuI3kfzmO7GFOF5eiSkYZpY/czNn7VVM3WCu6dpOX4+3rhgrZQw
kY14L930DaLVRUgve/zKVP2D2GHdEOs+MbV7s96UgigT9pXly/yHPj+1sSYqmnaD
5b7jSeJusmzO/nrwXVGLsnezR87VzHl9Ux9g5s6zh+R+PrZuVxYsLvoUpaasH47O
gIcBzSb/6pSGZKAUizmYsHsR1k88dAvsQ+FsUDaNokdi9VndEB4QPmiFmjyLV+0I
1TFoXop4sW11NPz1YCq+IxnYrEaIN3PyhY0GvBJDFY1/AgMBAAGgADANBgkqhkiG
9w0BAQsFAAOCAgEActuqnqS8Y9UF7e08w7tR3FPzGecWreuvxILrlFEZJxiLPFqL
It7uJvtypCVQvz6UQzKdBYO7tMpRaWViB8DrWzXNZjLMrg+QHcpveg8C0Ett4scG
fnvLk6fTDFYrnGvwHTqiHos5i0y3bFLyS1BGwSpdLAykGtvC+VM8mRyw/Y7CPcKN
77kebY/9xduW1g2uxWLr0x90RuQDv9psPojT+59tRLGSp5Kt0IeD3QtnAZEFE4aN
vt+Pd69eg3BgZ8ZeDgoqAw3yppvOkpAFiE5pw2qPZaM4SRphl4d2Lek2zNIMyZqv
do5zh356HOgXtDaSg0POnRGrN/Ua+LMCRTg6GEPUnx9uQb/zt8Zu0hIexDGyykp1
OGqtWlv/Nc8UYuS38v0BeB6bMPeoqQUjkqs8nHlAEFn0KlgYdtDC+7SdQx6wS4te
dBKRNDfC4lS3jYJgs55jHqonZgkpSi3bamlxpfpW0ukGBcmq91wRe4bOw/4uD/vf
UwqMWOdCYcU3mdYNjTWy22ORW3SGFQxMBwpUEURCSoeqWr6aJeQ7KAYkx1PrB5T8
OTEc13lWf+B0PU9UJuGTsmpIuImPDVd0EVDayr3mT5dDbqTVDbe8ppf2IswABmf0
o3DybUeUmknYjl109rdSf+76nuREICHatxXgN3xCMFuBaN4WLO+ksd6Y1Ys=
-----END CERTIFICATE REQUEST-----
`),
			CommonName: pulumi.String("test.my.domain"),
		}, pulumi.DependsOn([]pulumi.Resource{
			admin,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;

return await Deployment.RunAsync(() => 
{
    var test = new Vault.PkiSecret.SecretBackendSign("test", new()
    {
        Backend = pki.Path,
        Name = admin.Name,
        Csr = @"-----BEGIN CERTIFICATE REQUEST-----
MIIEqDCCApACAQAwYzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEcMBoGA1UEAwwTY2Vy
dC50ZXN0Lm15LmRvbWFpbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
AJupYCQ8UVCWII1Zof1c6YcSSaM9hEaDU78cfKP5RoSeH10BvrWRfT+mzCONVpNP
CW9Iabtvk6hm0ot6ilnndEyVJbc0g7hdDLBX5BM25D+DGZGJRKUz1V+uBrWmXtIt
Vonj7JTDTe7ViH0GDsB7CvqXFGXO2a2cDYBchLkL6vQiFPshxvUsLtwxuy/qdYgy
X6ya+AUoZcoQGy1XxNjfH6cPtWSWQGEp1oPR6vL9hU3laTZb3C+VV4jZem+he8/0
V+qV6fLG92WTXm2hmf8nrtUqqJ+C7mW/RJod+TviviBadIX0OHXW7k5HVsZood01
te8vMRUNJNiZfa9EMIK5oncbQn0LcM3Wo9VrjpL7jREb/4HCS2gswYGv7hzk9cCS
kVY4rDucchKbApuI3kfzmO7GFOF5eiSkYZpY/czNn7VVM3WCu6dpOX4+3rhgrZQw
kY14L930DaLVRUgve/zKVP2D2GHdEOs+MbV7s96UgigT9pXly/yHPj+1sSYqmnaD
5b7jSeJusmzO/nrwXVGLsnezR87VzHl9Ux9g5s6zh+R+PrZuVxYsLvoUpaasH47O
gIcBzSb/6pSGZKAUizmYsHsR1k88dAvsQ+FsUDaNokdi9VndEB4QPmiFmjyLV+0I
1TFoXop4sW11NPz1YCq+IxnYrEaIN3PyhY0GvBJDFY1/AgMBAAGgADANBgkqhkiG
9w0BAQsFAAOCAgEActuqnqS8Y9UF7e08w7tR3FPzGecWreuvxILrlFEZJxiLPFqL
It7uJvtypCVQvz6UQzKdBYO7tMpRaWViB8DrWzXNZjLMrg+QHcpveg8C0Ett4scG
fnvLk6fTDFYrnGvwHTqiHos5i0y3bFLyS1BGwSpdLAykGtvC+VM8mRyw/Y7CPcKN
77kebY/9xduW1g2uxWLr0x90RuQDv9psPojT+59tRLGSp5Kt0IeD3QtnAZEFE4aN
vt+Pd69eg3BgZ8ZeDgoqAw3yppvOkpAFiE5pw2qPZaM4SRphl4d2Lek2zNIMyZqv
do5zh356HOgXtDaSg0POnRGrN/Ua+LMCRTg6GEPUnx9uQb/zt8Zu0hIexDGyykp1
OGqtWlv/Nc8UYuS38v0BeB6bMPeoqQUjkqs8nHlAEFn0KlgYdtDC+7SdQx6wS4te
dBKRNDfC4lS3jYJgs55jHqonZgkpSi3bamlxpfpW0ukGBcmq91wRe4bOw/4uD/vf
UwqMWOdCYcU3mdYNjTWy22ORW3SGFQxMBwpUEURCSoeqWr6aJeQ7KAYkx1PrB5T8
OTEc13lWf+B0PU9UJuGTsmpIuImPDVd0EVDayr3mT5dDbqTVDbe8ppf2IswABmf0
o3DybUeUmknYjl109rdSf+76nuREICHatxXgN3xCMFuBaN4WLO+ksd6Y1Ys=
-----END CERTIFICATE REQUEST-----
",
        CommonName = "test.my.domain",
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            admin,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.pkiSecret.SecretBackendSign;
import com.pulumi.vault.pkiSecret.SecretBackendSignArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test = new SecretBackendSign("test", SecretBackendSignArgs.builder()
            .backend(pki.path())
            .name(admin.name())
            .csr("""
-----BEGIN CERTIFICATE REQUEST-----
MIIEqDCCApACAQAwYzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEcMBoGA1UEAwwTY2Vy
dC50ZXN0Lm15LmRvbWFpbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
AJupYCQ8UVCWII1Zof1c6YcSSaM9hEaDU78cfKP5RoSeH10BvrWRfT+mzCONVpNP
CW9Iabtvk6hm0ot6ilnndEyVJbc0g7hdDLBX5BM25D+DGZGJRKUz1V+uBrWmXtIt
Vonj7JTDTe7ViH0GDsB7CvqXFGXO2a2cDYBchLkL6vQiFPshxvUsLtwxuy/qdYgy
X6ya+AUoZcoQGy1XxNjfH6cPtWSWQGEp1oPR6vL9hU3laTZb3C+VV4jZem+he8/0
V+qV6fLG92WTXm2hmf8nrtUqqJ+C7mW/RJod+TviviBadIX0OHXW7k5HVsZood01
te8vMRUNJNiZfa9EMIK5oncbQn0LcM3Wo9VrjpL7jREb/4HCS2gswYGv7hzk9cCS
kVY4rDucchKbApuI3kfzmO7GFOF5eiSkYZpY/czNn7VVM3WCu6dpOX4+3rhgrZQw
kY14L930DaLVRUgve/zKVP2D2GHdEOs+MbV7s96UgigT9pXly/yHPj+1sSYqmnaD
5b7jSeJusmzO/nrwXVGLsnezR87VzHl9Ux9g5s6zh+R+PrZuVxYsLvoUpaasH47O
gIcBzSb/6pSGZKAUizmYsHsR1k88dAvsQ+FsUDaNokdi9VndEB4QPmiFmjyLV+0I
1TFoXop4sW11NPz1YCq+IxnYrEaIN3PyhY0GvBJDFY1/AgMBAAGgADANBgkqhkiG
9w0BAQsFAAOCAgEActuqnqS8Y9UF7e08w7tR3FPzGecWreuvxILrlFEZJxiLPFqL
It7uJvtypCVQvz6UQzKdBYO7tMpRaWViB8DrWzXNZjLMrg+QHcpveg8C0Ett4scG
fnvLk6fTDFYrnGvwHTqiHos5i0y3bFLyS1BGwSpdLAykGtvC+VM8mRyw/Y7CPcKN
77kebY/9xduW1g2uxWLr0x90RuQDv9psPojT+59tRLGSp5Kt0IeD3QtnAZEFE4aN
vt+Pd69eg3BgZ8ZeDgoqAw3yppvOkpAFiE5pw2qPZaM4SRphl4d2Lek2zNIMyZqv
do5zh356HOgXtDaSg0POnRGrN/Ua+LMCRTg6GEPUnx9uQb/zt8Zu0hIexDGyykp1
OGqtWlv/Nc8UYuS38v0BeB6bMPeoqQUjkqs8nHlAEFn0KlgYdtDC+7SdQx6wS4te
dBKRNDfC4lS3jYJgs55jHqonZgkpSi3bamlxpfpW0ukGBcmq91wRe4bOw/4uD/vf
UwqMWOdCYcU3mdYNjTWy22ORW3SGFQxMBwpUEURCSoeqWr6aJeQ7KAYkx1PrB5T8
OTEc13lWf+B0PU9UJuGTsmpIuImPDVd0EVDayr3mT5dDbqTVDbe8ppf2IswABmf0
o3DybUeUmknYjl109rdSf+76nuREICHatxXgN3xCMFuBaN4WLO+ksd6Y1Ys=
-----END CERTIFICATE REQUEST-----
            """)
            .commonName("test.my.domain")
            .build(), CustomResourceOptions.builder()
                .dependsOn(admin)
                .build());

    }
}

resources:
  test:
    type: vault:pkiSecret:SecretBackendSign
    properties:
      backend: ${pki.path}
      name: ${admin.name}
      csr: |
        -----BEGIN CERTIFICATE REQUEST-----
        MIIEqDCCApACAQAwYzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
        ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEcMBoGA1UEAwwTY2Vy
        dC50ZXN0Lm15LmRvbWFpbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
        AJupYCQ8UVCWII1Zof1c6YcSSaM9hEaDU78cfKP5RoSeH10BvrWRfT+mzCONVpNP
        CW9Iabtvk6hm0ot6ilnndEyVJbc0g7hdDLBX5BM25D+DGZGJRKUz1V+uBrWmXtIt
        Vonj7JTDTe7ViH0GDsB7CvqXFGXO2a2cDYBchLkL6vQiFPshxvUsLtwxuy/qdYgy
        X6ya+AUoZcoQGy1XxNjfH6cPtWSWQGEp1oPR6vL9hU3laTZb3C+VV4jZem+he8/0
        V+qV6fLG92WTXm2hmf8nrtUqqJ+C7mW/RJod+TviviBadIX0OHXW7k5HVsZood01
        te8vMRUNJNiZfa9EMIK5oncbQn0LcM3Wo9VrjpL7jREb/4HCS2gswYGv7hzk9cCS
        kVY4rDucchKbApuI3kfzmO7GFOF5eiSkYZpY/czNn7VVM3WCu6dpOX4+3rhgrZQw
        kY14L930DaLVRUgve/zKVP2D2GHdEOs+MbV7s96UgigT9pXly/yHPj+1sSYqmnaD
        5b7jSeJusmzO/nrwXVGLsnezR87VzHl9Ux9g5s6zh+R+PrZuVxYsLvoUpaasH47O
        gIcBzSb/6pSGZKAUizmYsHsR1k88dAvsQ+FsUDaNokdi9VndEB4QPmiFmjyLV+0I
        1TFoXop4sW11NPz1YCq+IxnYrEaIN3PyhY0GvBJDFY1/AgMBAAGgADANBgkqhkiG
        9w0BAQsFAAOCAgEActuqnqS8Y9UF7e08w7tR3FPzGecWreuvxILrlFEZJxiLPFqL
        It7uJvtypCVQvz6UQzKdBYO7tMpRaWViB8DrWzXNZjLMrg+QHcpveg8C0Ett4scG
        fnvLk6fTDFYrnGvwHTqiHos5i0y3bFLyS1BGwSpdLAykGtvC+VM8mRyw/Y7CPcKN
        77kebY/9xduW1g2uxWLr0x90RuQDv9psPojT+59tRLGSp5Kt0IeD3QtnAZEFE4aN
        vt+Pd69eg3BgZ8ZeDgoqAw3yppvOkpAFiE5pw2qPZaM4SRphl4d2Lek2zNIMyZqv
        do5zh356HOgXtDaSg0POnRGrN/Ua+LMCRTg6GEPUnx9uQb/zt8Zu0hIexDGyykp1
        OGqtWlv/Nc8UYuS38v0BeB6bMPeoqQUjkqs8nHlAEFn0KlgYdtDC+7SdQx6wS4te
        dBKRNDfC4lS3jYJgs55jHqonZgkpSi3bamlxpfpW0ukGBcmq91wRe4bOw/4uD/vf
        UwqMWOdCYcU3mdYNjTWy22ORW3SGFQxMBwpUEURCSoeqWr6aJeQ7KAYkx1PrB5T8
        OTEc13lWf+B0PU9UJuGTsmpIuImPDVd0EVDayr3mT5dDbqTVDbe8ppf2IswABmf0
        o3DybUeUmknYjl109rdSf+76nuREICHatxXgN3xCMFuBaN4WLO+ksd6Y1Ys=
        -----END CERTIFICATE REQUEST-----        
      commonName: test.my.domain
    options:
      dependsOn:
        - ${admin}

Create SecretBackendSign Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

new SecretBackendSign(name: string, args: SecretBackendSignArgs, opts?: CustomResourceOptions);

@overload
def SecretBackendSign(resource_name: str,
                      args: SecretBackendSignArgs,
                      opts: Optional[ResourceOptions] = None)

@overload
def SecretBackendSign(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      common_name: Optional[str] = None,
                      csr: Optional[str] = None,
                      backend: Optional[str] = None,
                      ip_sans: Optional[Sequence[str]] = None,
                      min_seconds_remaining: Optional[int] = None,
                      auto_renew: Optional[bool] = None,
                      exclude_cn_from_sans: Optional[bool] = None,
                      format: Optional[str] = None,
                      alt_names: Optional[Sequence[str]] = None,
                      issuer_ref: Optional[str] = None,
                      cert_metadata: Optional[str] = None,
                      name: Optional[str] = None,
                      namespace: Optional[str] = None,
                      not_after: Optional[str] = None,
                      other_sans: Optional[Sequence[str]] = None,
                      ttl: Optional[str] = None,
                      uri_sans: Optional[Sequence[str]] = None)

func NewSecretBackendSign(ctx *Context, name string, args SecretBackendSignArgs, opts ...ResourceOption) (*SecretBackendSign, error)

public SecretBackendSign(string name, SecretBackendSignArgs args, CustomResourceOptions? opts = null)

public SecretBackendSign(String name, SecretBackendSignArgs args)
public SecretBackendSign(String name, SecretBackendSignArgs args, CustomResourceOptions options)

type: vault:pkiSecret:SecretBackendSign
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SecretBackendSignArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecretBackendSignArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecretBackendSignArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecretBackendSignArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecretBackendSignArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var secretBackendSignResource = new Vault.PkiSecret.SecretBackendSign("secretBackendSignResource", new()
{
    CommonName = "string",
    Csr = "string",
    Backend = "string",
    IpSans = new[]
    {
        "string",
    },
    MinSecondsRemaining = 0,
    AutoRenew = false,
    ExcludeCnFromSans = false,
    Format = "string",
    AltNames = new[]
    {
        "string",
    },
    IssuerRef = "string",
    CertMetadata = "string",
    Name = "string",
    Namespace = "string",
    NotAfter = "string",
    OtherSans = new[]
    {
        "string",
    },
    Ttl = "string",
    UriSans = new[]
    {
        "string",
    },
});

example, err := pkiSecret.NewSecretBackendSign(ctx, "secretBackendSignResource", &pkiSecret.SecretBackendSignArgs{
	CommonName: pulumi.String("string"),
	Csr:        pulumi.String("string"),
	Backend:    pulumi.String("string"),
	IpSans: pulumi.StringArray{
		pulumi.String("string"),
	},
	MinSecondsRemaining: pulumi.Int(0),
	AutoRenew:           pulumi.Bool(false),
	ExcludeCnFromSans:   pulumi.Bool(false),
	Format:              pulumi.String("string"),
	AltNames: pulumi.StringArray{
		pulumi.String("string"),
	},
	IssuerRef:    pulumi.String("string"),
	CertMetadata: pulumi.String("string"),
	Name:         pulumi.String("string"),
	Namespace:    pulumi.String("string"),
	NotAfter:     pulumi.String("string"),
	OtherSans: pulumi.StringArray{
		pulumi.String("string"),
	},
	Ttl: pulumi.String("string"),
	UriSans: pulumi.StringArray{
		pulumi.String("string"),
	},
})

var secretBackendSignResource = new SecretBackendSign("secretBackendSignResource", SecretBackendSignArgs.builder()
    .commonName("string")
    .csr("string")
    .backend("string")
    .ipSans("string")
    .minSecondsRemaining(0)
    .autoRenew(false)
    .excludeCnFromSans(false)
    .format("string")
    .altNames("string")
    .issuerRef("string")
    .certMetadata("string")
    .name("string")
    .namespace("string")
    .notAfter("string")
    .otherSans("string")
    .ttl("string")
    .uriSans("string")
    .build());

secret_backend_sign_resource = vault.pki_secret.SecretBackendSign("secretBackendSignResource",
    common_name="string",
    csr="string",
    backend="string",
    ip_sans=["string"],
    min_seconds_remaining=0,
    auto_renew=False,
    exclude_cn_from_sans=False,
    format="string",
    alt_names=["string"],
    issuer_ref="string",
    cert_metadata="string",
    name="string",
    namespace="string",
    not_after="string",
    other_sans=["string"],
    ttl="string",
    uri_sans=["string"])

const secretBackendSignResource = new vault.pkisecret.SecretBackendSign("secretBackendSignResource", {
    commonName: "string",
    csr: "string",
    backend: "string",
    ipSans: ["string"],
    minSecondsRemaining: 0,
    autoRenew: false,
    excludeCnFromSans: false,
    format: "string",
    altNames: ["string"],
    issuerRef: "string",
    certMetadata: "string",
    name: "string",
    namespace: "string",
    notAfter: "string",
    otherSans: ["string"],
    ttl: "string",
    uriSans: ["string"],
});

type: vault:pkiSecret:SecretBackendSign
properties:
    altNames:
        - string
    autoRenew: false
    backend: string
    certMetadata: string
    commonName: string
    csr: string
    excludeCnFromSans: false
    format: string
    ipSans:
        - string
    issuerRef: string
    minSecondsRemaining: 0
    name: string
    namespace: string
    notAfter: string
    otherSans:
        - string
    ttl: string
    uriSans:
        - string

SecretBackendSign Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SecretBackendSign resource accepts the following input properties:

Backend string: The PKI secret backend the resource belongs to.
CommonName string: CN of certificate to create
Csr string: The CSR
AltNames List<string>: List of alternative names
AutoRenew bool: If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
CertMetadata string: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
ExcludeCnFromSans bool: Flag to exclude CN from SANs
Format string: The format of data
IpSans List<string>: List of alternative IPs
IssuerRef string: Specifies the default issuer of this request. Can be the value default, a name, or an issuer ID. Use ACLs to prevent access to the /pki/issuer/:issuer_ref/{issue,sign}/:name paths to prevent users overriding the role's issuer_ref value.
MinSecondsRemaining int: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
Name string: Name of the role to create the certificate against
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
NotAfter string: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
OtherSans List<string>: List of other SANs
Ttl string: Time to live
UriSans List<string>: List of alternative URIs

Backend string: The PKI secret backend the resource belongs to.
CommonName string: CN of certificate to create
Csr string: The CSR
AltNames []string: List of alternative names
AutoRenew bool: If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
CertMetadata string: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
ExcludeCnFromSans bool: Flag to exclude CN from SANs
Format string: The format of data
IpSans []string: List of alternative IPs
IssuerRef string: Specifies the default issuer of this request. Can be the value default, a name, or an issuer ID. Use ACLs to prevent access to the /pki/issuer/:issuer_ref/{issue,sign}/:name paths to prevent users overriding the role's issuer_ref value.
MinSecondsRemaining int: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
Name string: Name of the role to create the certificate against
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
NotAfter string: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
OtherSans []string: List of other SANs
Ttl string: Time to live
UriSans []string: List of alternative URIs

backend String: The PKI secret backend the resource belongs to.
commonName String: CN of certificate to create
csr String: The CSR
altNames List<String>: List of alternative names
autoRenew Boolean: If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
certMetadata String: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
excludeCnFromSans Boolean: Flag to exclude CN from SANs
format String: The format of data
ipSans List<String>: List of alternative IPs
issuerRef String: Specifies the default issuer of this request. Can be the value default, a name, or an issuer ID. Use ACLs to prevent access to the /pki/issuer/:issuer_ref/{issue,sign}/:name paths to prevent users overriding the role's issuer_ref value.
minSecondsRemaining Integer: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
name String: Name of the role to create the certificate against
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
notAfter String: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
otherSans List<String>: List of other SANs
ttl String: Time to live
uriSans List<String>: List of alternative URIs

backend string: The PKI secret backend the resource belongs to.
commonName string: CN of certificate to create
csr string: The CSR
altNames string[]: List of alternative names
autoRenew boolean: If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
certMetadata string: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
excludeCnFromSans boolean: Flag to exclude CN from SANs
format string: The format of data
ipSans string[]: List of alternative IPs
issuerRef string: Specifies the default issuer of this request. Can be the value default, a name, or an issuer ID. Use ACLs to prevent access to the /pki/issuer/:issuer_ref/{issue,sign}/:name paths to prevent users overriding the role's issuer_ref value.
minSecondsRemaining number: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
name string: Name of the role to create the certificate against
namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
notAfter string: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
otherSans string[]: List of other SANs
ttl string: Time to live
uriSans string[]: List of alternative URIs

backend str: The PKI secret backend the resource belongs to.
common_name str: CN of certificate to create
csr str: The CSR
alt_names Sequence[str]: List of alternative names
auto_renew bool: If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
cert_metadata str: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
exclude_cn_from_sans bool: Flag to exclude CN from SANs
format str: The format of data
ip_sans Sequence[str]: List of alternative IPs
issuer_ref str: Specifies the default issuer of this request. Can be the value default, a name, or an issuer ID. Use ACLs to prevent access to the /pki/issuer/:issuer_ref/{issue,sign}/:name paths to prevent users overriding the role's issuer_ref value.
min_seconds_remaining int: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
name str: Name of the role to create the certificate against
namespace str: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
not_after str: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
other_sans Sequence[str]: List of other SANs
ttl str: Time to live
uri_sans Sequence[str]: List of alternative URIs

backend String: The PKI secret backend the resource belongs to.
commonName String: CN of certificate to create
csr String: The CSR
altNames List<String>: List of alternative names
autoRenew Boolean: If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
certMetadata String: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
excludeCnFromSans Boolean: Flag to exclude CN from SANs
format String: The format of data
ipSans List<String>: List of alternative IPs
issuerRef String: Specifies the default issuer of this request. Can be the value default, a name, or an issuer ID. Use ACLs to prevent access to the /pki/issuer/:issuer_ref/{issue,sign}/:name paths to prevent users overriding the role's issuer_ref value.
minSecondsRemaining Number: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
name String: Name of the role to create the certificate against
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
notAfter String: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
otherSans List<String>: List of other SANs
ttl String: Time to live
uriSans List<String>: List of alternative URIs

Outputs

All input properties are implicitly available as output properties. Additionally, the SecretBackendSign resource produces the following output properties:

CaChains List<string>: The CA chain
Certificate string: The certificate
Expiration int: The expiration date of the certificate in unix epoch format
Id string: The provider-assigned unique ID for this managed resource.
IssuingCa string: The issuing CA
RenewPending bool: true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
SerialNumber string: The certificate's serial number, hex formatted.

CaChains []string: The CA chain
Certificate string: The certificate
Expiration int: The expiration date of the certificate in unix epoch format
Id string: The provider-assigned unique ID for this managed resource.
IssuingCa string: The issuing CA
RenewPending bool: true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
SerialNumber string: The certificate's serial number, hex formatted.

caChains List<String>: The CA chain
certificate String: The certificate
expiration Integer: The expiration date of the certificate in unix epoch format
id String: The provider-assigned unique ID for this managed resource.
issuingCa String: The issuing CA
renewPending Boolean: true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
serialNumber String: The certificate's serial number, hex formatted.

caChains string[]: The CA chain
certificate string: The certificate
expiration number: The expiration date of the certificate in unix epoch format
id string: The provider-assigned unique ID for this managed resource.
issuingCa string: The issuing CA
renewPending boolean: true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
serialNumber string: The certificate's serial number, hex formatted.

ca_chains Sequence[str]: The CA chain
certificate str: The certificate
expiration int: The expiration date of the certificate in unix epoch format
id str: The provider-assigned unique ID for this managed resource.
issuing_ca str: The issuing CA
renew_pending bool: true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
serial_number str: The certificate's serial number, hex formatted.

caChains List<String>: The CA chain
certificate String: The certificate
expiration Number: The expiration date of the certificate in unix epoch format
id String: The provider-assigned unique ID for this managed resource.
issuingCa String: The issuing CA
renewPending Boolean: true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
serialNumber String: The certificate's serial number, hex formatted.

Look up Existing SecretBackendSign Resource

Get an existing SecretBackendSign resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: SecretBackendSignState, opts?: CustomResourceOptions): SecretBackendSign

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        alt_names: Optional[Sequence[str]] = None,
        auto_renew: Optional[bool] = None,
        backend: Optional[str] = None,
        ca_chains: Optional[Sequence[str]] = None,
        cert_metadata: Optional[str] = None,
        certificate: Optional[str] = None,
        common_name: Optional[str] = None,
        csr: Optional[str] = None,
        exclude_cn_from_sans: Optional[bool] = None,
        expiration: Optional[int] = None,
        format: Optional[str] = None,
        ip_sans: Optional[Sequence[str]] = None,
        issuer_ref: Optional[str] = None,
        issuing_ca: Optional[str] = None,
        min_seconds_remaining: Optional[int] = None,
        name: Optional[str] = None,
        namespace: Optional[str] = None,
        not_after: Optional[str] = None,
        other_sans: Optional[Sequence[str]] = None,
        renew_pending: Optional[bool] = None,
        serial_number: Optional[str] = None,
        ttl: Optional[str] = None,
        uri_sans: Optional[Sequence[str]] = None) -> SecretBackendSign

func GetSecretBackendSign(ctx *Context, name string, id IDInput, state *SecretBackendSignState, opts ...ResourceOption) (*SecretBackendSign, error)

public static SecretBackendSign Get(string name, Input<string> id, SecretBackendSignState? state, CustomResourceOptions? opts = null)

public static SecretBackendSign get(String name, Output<String> id, SecretBackendSignState state, CustomResourceOptions options)

resources:  _:    type: vault:pkiSecret:SecretBackendSign    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AltNames List<string>: List of alternative names
AutoRenew bool: If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
Backend string: The PKI secret backend the resource belongs to.
CaChains List<string>: The CA chain
CertMetadata string: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
Certificate string: The certificate
CommonName string: CN of certificate to create
Csr string: The CSR
ExcludeCnFromSans bool: Flag to exclude CN from SANs
Expiration int: The expiration date of the certificate in unix epoch format
Format string: The format of data
IpSans List<string>: List of alternative IPs
IssuerRef string: Specifies the default issuer of this request. Can be the value default, a name, or an issuer ID. Use ACLs to prevent access to the /pki/issuer/:issuer_ref/{issue,sign}/:name paths to prevent users overriding the role's issuer_ref value.
IssuingCa string: The issuing CA
MinSecondsRemaining int: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
Name string: Name of the role to create the certificate against
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
NotAfter string: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
OtherSans List<string>: List of other SANs
RenewPending bool: true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
SerialNumber string: The certificate's serial number, hex formatted.
Ttl string: Time to live
UriSans List<string>: List of alternative URIs

AltNames []string: List of alternative names
AutoRenew bool: If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
Backend string: The PKI secret backend the resource belongs to.
CaChains []string: The CA chain
CertMetadata string: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
Certificate string: The certificate
CommonName string: CN of certificate to create
Csr string: The CSR
ExcludeCnFromSans bool: Flag to exclude CN from SANs
Expiration int: The expiration date of the certificate in unix epoch format
Format string: The format of data
IpSans []string: List of alternative IPs
IssuerRef string: Specifies the default issuer of this request. Can be the value default, a name, or an issuer ID. Use ACLs to prevent access to the /pki/issuer/:issuer_ref/{issue,sign}/:name paths to prevent users overriding the role's issuer_ref value.
IssuingCa string: The issuing CA
MinSecondsRemaining int: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
Name string: Name of the role to create the certificate against
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
NotAfter string: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
OtherSans []string: List of other SANs
RenewPending bool: true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
SerialNumber string: The certificate's serial number, hex formatted.
Ttl string: Time to live
UriSans []string: List of alternative URIs

altNames List<String>: List of alternative names
autoRenew Boolean: If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
backend String: The PKI secret backend the resource belongs to.
caChains List<String>: The CA chain
certMetadata String: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
certificate String: The certificate
commonName String: CN of certificate to create
csr String: The CSR
excludeCnFromSans Boolean: Flag to exclude CN from SANs
expiration Integer: The expiration date of the certificate in unix epoch format
format String: The format of data
ipSans List<String>: List of alternative IPs
issuerRef String: Specifies the default issuer of this request. Can be the value default, a name, or an issuer ID. Use ACLs to prevent access to the /pki/issuer/:issuer_ref/{issue,sign}/:name paths to prevent users overriding the role's issuer_ref value.
issuingCa String: The issuing CA
minSecondsRemaining Integer: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
name String: Name of the role to create the certificate against
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
notAfter String: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
otherSans List<String>: List of other SANs
renewPending Boolean: true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
serialNumber String: The certificate's serial number, hex formatted.
ttl String: Time to live
uriSans List<String>: List of alternative URIs

altNames string[]: List of alternative names
autoRenew boolean: If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
backend string: The PKI secret backend the resource belongs to.
caChains string[]: The CA chain
certMetadata string: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
certificate string: The certificate
commonName string: CN of certificate to create
csr string: The CSR
excludeCnFromSans boolean: Flag to exclude CN from SANs
expiration number: The expiration date of the certificate in unix epoch format
format string: The format of data
ipSans string[]: List of alternative IPs
issuerRef string: Specifies the default issuer of this request. Can be the value default, a name, or an issuer ID. Use ACLs to prevent access to the /pki/issuer/:issuer_ref/{issue,sign}/:name paths to prevent users overriding the role's issuer_ref value.
issuingCa string: The issuing CA
minSecondsRemaining number: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
name string: Name of the role to create the certificate against
namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
notAfter string: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
otherSans string[]: List of other SANs
renewPending boolean: true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
serialNumber string: The certificate's serial number, hex formatted.
ttl string: Time to live
uriSans string[]: List of alternative URIs

alt_names Sequence[str]: List of alternative names
auto_renew bool: If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
backend str: The PKI secret backend the resource belongs to.
ca_chains Sequence[str]: The CA chain
cert_metadata str: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
certificate str: The certificate
common_name str: CN of certificate to create
csr str: The CSR
exclude_cn_from_sans bool: Flag to exclude CN from SANs
expiration int: The expiration date of the certificate in unix epoch format
format str: The format of data
ip_sans Sequence[str]: List of alternative IPs
issuer_ref str: Specifies the default issuer of this request. Can be the value default, a name, or an issuer ID. Use ACLs to prevent access to the /pki/issuer/:issuer_ref/{issue,sign}/:name paths to prevent users overriding the role's issuer_ref value.
issuing_ca str: The issuing CA
min_seconds_remaining int: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
name str: Name of the role to create the certificate against
namespace str: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
not_after str: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
other_sans Sequence[str]: List of other SANs
renew_pending bool: true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
serial_number str: The certificate's serial number, hex formatted.
ttl str: Time to live
uri_sans Sequence[str]: List of alternative URIs

altNames List<String>: List of alternative names
autoRenew Boolean: If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false
backend String: The PKI secret backend the resource belongs to.
caChains List<String>: The CA chain
certMetadata String: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
certificate String: The certificate
commonName String: CN of certificate to create
csr String: The CSR
excludeCnFromSans Boolean: Flag to exclude CN from SANs
expiration Number: The expiration date of the certificate in unix epoch format
format String: The format of data
ipSans List<String>: List of alternative IPs
issuerRef String: Specifies the default issuer of this request. Can be the value default, a name, or an issuer ID. Use ACLs to prevent access to the /pki/issuer/:issuer_ref/{issue,sign}/:name paths to prevent users overriding the role's issuer_ref value.
issuingCa String: The issuing CA
minSecondsRemaining Number: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
name String: Name of the role to create the certificate against
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
notAfter String: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
otherSans List<String>: List of other SANs
renewPending Boolean: true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending.
serialNumber String: The certificate's serial number, hex formatted.
ttl String: Time to live
uriSans List<String>: List of alternative URIs

Package Details

Repository: Vault pulumi/pulumi-vault
License: Apache-2.0
Notes: This Pulumi package is based on the vault Terraform Provider.

HashiCorp Vault v6.6.0 published on Thursday, Mar 13, 2025 by Pulumi

pulumi/pulumi-vault

vault.pkiSecret.SecretBackendSign

On this page

On this page

Example Usage

Create SecretBackendSign Resource

Constructor syntax

Parameters

Constructor example

SecretBackendSign Resource Properties

Inputs

Outputs

Look up Existing SecretBackendSign Resource

Package Details

On this page

On this page