Skip to content

Data Source: azurermKeyVaultCertificateData

Use this data source to access data stored in an existing Key Vault Certificate.

\~> Note: All arguments including the secret value will be stored in the raw state as plain-text. Read more about sensitive data in state.

\~> Note: This data source uses the getSecret function of the Azure API, to get the key of the certificate. Therefore you need secret/get permission

Example Usage

import * as cdktf from "cdktf";
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const dataAzurermKeyVaultExample =
  new azurerm.dataAzurermKeyVault.DataAzurermKeyVault(this, "example", {
    name: "examplekv",
    resource_group_name: "some-resource-group",
  });
const dataAzurermKeyVaultCertificateDataExample =
  new azurerm.dataAzurermKeyVaultCertificateData.DataAzurermKeyVaultCertificateData(
    this,
    "example_1",
    {
      key_vault_id: dataAzurermKeyVaultExample.id,
      name: "secret-sauce",
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAzurermKeyVaultCertificateDataExample.overrideLogicalId("example");
new cdktf.TerraformOutput(this, "example_pem", {
  value: dataAzurermKeyVaultCertificateDataExample.pem,
});

Argument Reference

The following arguments are supported:

  • name - (Required) Specifies the name of the Key Vault Secret.

  • keyVaultId - (Required) Specifies the ID of the Key Vault instance where the Secret resides, available on the azurermKeyVault Data Source / Resource.

  • version - (Optional) Specifies the version of the certificate to look up. (Defaults to latest)

\~> NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.

Attributes Reference

The following attributes are exported:

  • certificatesCount - Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).

  • hex - The raw Key Vault Certificate data represented as a hexadecimal string.

  • pem - The Key Vault Certificate in PEM format.

  • key - The Key Vault Certificate Key.

  • expires - Expiry date of certificate in RFC3339 format.

  • notBefore - Not Before date of certificate in RFC3339 format.

  • tags - A mapping of tags to assign to the resource.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • read - (Defaults to 5 minutes) Used when retrieving the Key Vault Certificate.