Skip to content

azurermKeyVaultCertificateIssuer

Manages a Key Vault Certificate Issuer.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.keyVaultCertificateIssuer.KeyVaultCertificateIssuer(
  this,
  "example",
  {
    account_id: "0000",
    key_vault_id: "${data.azurerm_key_vault.example.id}",
    name: "example-issuer",
    org_id: "ExampleOrgName",
    password: "example-password",
    provider_name: "DigiCert",
  }
);
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example_1",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermResourceGroupExample.overrideLogicalId("example");
const dataAzurermClientConfigCurrent =
  new azurerm.dataAzurermClientConfig.DataAzurermClientConfig(
    this,
    "current",
    {}
  );
const azurermKeyVaultExample = new azurerm.keyVault.KeyVault(
  this,
  "example_3",
  {
    location: azurermResourceGroupExample.location,
    name: "examplekeyvault",
    resource_group_name: azurermResourceGroupExample.name,
    sku_name: "standard",
    tenant_id: dataAzurermClientConfigCurrent.tenantId,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermKeyVaultExample.overrideLogicalId("example");

Arguments Reference

The following arguments are supported:

  • keyVaultId - (Required) The ID of the Key Vault in which to create the Certificate Issuer. Changing this forces a new resource to be created.

  • name - (Required) The name which should be used for this Key Vault Certificate Issuer. Changing this forces a new Key Vault Certificate Issuer to be created.

  • providerName - (Required) The name of the third-party Certificate Issuer. Possible values are: digiCert, globalSign, oneCertV2PrivateCa, oneCertV2PublicCa and sslAdminV2.

  • orgId - (Optional) The ID of the organization as provided to the issuer.

  • accountId - (Optional) The account number with the third-party Certificate Issuer.

  • admin - (Optional) One or more admin blocks as defined below.

  • password - (Optional) The password associated with the account and organization ID at the third-party Certificate Issuer. If not specified, will not overwrite any previous value.

An admin block supports the following:

  • emailAddress - (Required) E-mail address of the admin.

  • firstName - (Optional) First name of the admin.

  • lastName - (Optional) Last name of the admin.

  • phone - (Optional) Phone number of the admin.

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the Key Vault Certificate Issuer.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • read - (Defaults to 5 minutes) Used when retrieving the Key Vault Certificate Issuer.
  • create - (Defaults to 30 minutes) Used when creating the Key Vault Certificate Issuer.
  • update - (Defaults to 30 minutes) Used when updating the Key Vault Certificate Issuer.
  • delete - (Defaults to 30 minutes) Used when deleting the Key Vault Certificate Issuer.

Import

Key Vault Certificate Issuers can be imported using the resourceId, e.g.

terraform import azurerm_key_vault_certificate_issuer.example "https://key-vault-name.vault.azure.net/certificates/issuers/example"