Data Source: azurermKeyVaultCertificate
Use this data source to access information about an existing Key Vault Certificate.
\~> Note: All arguments including the secret value will be stored in the raw state as plain-text. Read more about sensitive data in state.
Example Usage
import * as cdktf from "cdktf";
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const dataAzurermKeyVaultExample =
new azurerm.dataAzurermKeyVault.DataAzurermKeyVault(this, "example", {
name: "examplekv",
resource_group_name: "some-resource-group",
});
const dataAzurermKeyVaultCertificateExample =
new azurerm.dataAzurermKeyVaultCertificate.DataAzurermKeyVaultCertificate(
this,
"example_1",
{
key_vault_id: dataAzurermKeyVaultExample.id,
name: "secret-sauce",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAzurermKeyVaultCertificateExample.overrideLogicalId("example");
new cdktf.TerraformOutput(this, "certificate_thumbprint", {
value: dataAzurermKeyVaultCertificateExample.thumbprint,
});
Argument Reference
The following arguments are supported:
-
name
- Specifies the name of the Key Vault Certificate. -
keyVaultId
- Specifies the ID of the Key Vault instance where the Secret resides, available on theazurermKeyVault
Data Source / Resource. -
version
- (Optional) Specifies the version of the certificate to look up. (Defaults to latest)
NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.
Attributes Reference
The following attributes are exported:
-
id
- The Key Vault Certificate ID. -
name
- Specifies the name of the Key Vault Certificate. -
secretId
- The ID of the associated Key Vault Secret. -
version
- The current version of the Key Vault Certificate. -
versionlessId
- The Base ID of the Key Vault Certificate. -
versionlessSecretId
- The Base ID of the Key Vault Secret. -
certificateData
- The raw Key Vault Certificate data represented as a hexadecimal string. -
certificateDataBase64
- The raw Key Vault Certificate data represented as a base64 string. -
thumbprint
- The X509 Thumbprint of the Key Vault Certificate represented as a hexadecimal string. -
certificatePolicy
- AcertificatePolicy
block as defined below. -
expires
- Expiry date of certificate in RFC3339 format. -
notBefore
- Not Before date of certificate in RFC3339 format. -
tags
- A mapping of tags to assign to the resource.
certificatePolicy
exports the following:
issuerParameters
- AissuerParameters
block as defined below.keyProperties
- AkeyProperties
block as defined below.lifetimeAction
- AlifetimeAction
block as defined below.secretProperties
- AsecretProperties
block as defined below.x509CertificateProperties
- Anx509CertificateProperties
block as defined below.
issuerParameters
exports the following:
name
- The name of the Certificate Issuer.
keyProperties
exports the following:
exportable
- Is this Certificate Exportable?keySize
- The size of the Key used in the Certificate.keyType
- Specifies the Type of Key, for examplersa
.reuseKey
- Is the key reusable?
lifetimeAction
exports the following:
action
- Aaction
block as defined below.trigger
- Atrigger
block as defined below.
action
exports the following:
actionType
- The Type of action to be performed when the lifetime trigger is triggerec.
trigger
exports the following:
daysBeforeExpiry
- The number of days before the Certificate expires that the action associated with this Trigger should run.lifetimePercentage
- The percentage at which during the Certificates Lifetime the action associated with this Trigger should run.
secretProperties
exports the following:
contentType
- The Content-Type of the Certificate, for exampleapplication/xPkcs12
for a PFX orapplication/xPemFile
for a PEM.
x509CertificateProperties
exports the following:
extendedKeyUsage
- A list of Extended/Enhanced Key Usages.keyUsage
- A list of uses associated with this Key.subject
- The Certificate's Subject.subjectAlternativeNames
- AsubjectAlternativeNames
block as defined below.validityInMonths
- The Certificates Validity Period in Months.
subjectAlternativeNames
exports the following:
dnsNames
- A list of alternative DNS names (FQDNs) identified by the Certificate.emails
- A list of email addresses identified by this Certificate.upns
- A list of User Principal Names identified by the Certificate.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
read
- (Defaults to 30 minutes) Used when retrieving the Key Vault Certificate.