HashiCorp Vault v6.6.0, Mar 13 25

HashiCorp Vault v6.6.0 published on Thursday, Mar 13, 2025 by Pulumi

vault.pkiSecret.SecretBackendIssuer

Explore with Pulumi AI

HashiCorp Vault v6.6.0 published on Thursday, Mar 13, 2025 by Pulumi

Example Usage

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const pki = new vault.Mount("pki", {
    path: "pki",
    type: "pki",
    defaultLeaseTtlSeconds: 3600,
    maxLeaseTtlSeconds: 86400,
});
const root = new vault.pkisecret.SecretBackendRootCert("root", {
    backend: pki.path,
    type: "internal",
    commonName: "test",
    ttl: "86400",
});
const example = new vault.pkisecret.SecretBackendIssuer("example", {
    backend: root.backend,
    issuerRef: root.issuerId,
    issuerName: "example-issuer",
});

import pulumi
import pulumi_vault as vault

pki = vault.Mount("pki",
    path="pki",
    type="pki",
    default_lease_ttl_seconds=3600,
    max_lease_ttl_seconds=86400)
root = vault.pki_secret.SecretBackendRootCert("root",
    backend=pki.path,
    type="internal",
    common_name="test",
    ttl="86400")
example = vault.pki_secret.SecretBackendIssuer("example",
    backend=root.backend,
    issuer_ref=root.issuer_id,
    issuer_name="example-issuer")

package main

import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/pkisecret"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pki, err := vault.NewMount(ctx, "pki", &vault.MountArgs{
			Path:                   pulumi.String("pki"),
			Type:                   pulumi.String("pki"),
			DefaultLeaseTtlSeconds: pulumi.Int(3600),
			MaxLeaseTtlSeconds:     pulumi.Int(86400),
		})
		if err != nil {
			return err
		}
		root, err := pkisecret.NewSecretBackendRootCert(ctx, "root", &pkisecret.SecretBackendRootCertArgs{
			Backend:    pki.Path,
			Type:       pulumi.String("internal"),
			CommonName: pulumi.String("test"),
			Ttl:        pulumi.String("86400"),
		})
		if err != nil {
			return err
		}
		_, err = pkisecret.NewSecretBackendIssuer(ctx, "example", &pkisecret.SecretBackendIssuerArgs{
			Backend:    root.Backend,
			IssuerRef:  root.IssuerId,
			IssuerName: pulumi.String("example-issuer"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;

return await Deployment.RunAsync(() => 
{
    var pki = new Vault.Mount("pki", new()
    {
        Path = "pki",
        Type = "pki",
        DefaultLeaseTtlSeconds = 3600,
        MaxLeaseTtlSeconds = 86400,
    });

    var root = new Vault.PkiSecret.SecretBackendRootCert("root", new()
    {
        Backend = pki.Path,
        Type = "internal",
        CommonName = "test",
        Ttl = "86400",
    });

    var example = new Vault.PkiSecret.SecretBackendIssuer("example", new()
    {
        Backend = root.Backend,
        IssuerRef = root.IssuerId,
        IssuerName = "example-issuer",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import com.pulumi.vault.pkiSecret.SecretBackendRootCert;
import com.pulumi.vault.pkiSecret.SecretBackendRootCertArgs;
import com.pulumi.vault.pkiSecret.SecretBackendIssuer;
import com.pulumi.vault.pkiSecret.SecretBackendIssuerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var pki = new Mount("pki", MountArgs.builder()
            .path("pki")
            .type("pki")
            .defaultLeaseTtlSeconds(3600)
            .maxLeaseTtlSeconds(86400)
            .build());

        var root = new SecretBackendRootCert("root", SecretBackendRootCertArgs.builder()
            .backend(pki.path())
            .type("internal")
            .commonName("test")
            .ttl("86400")
            .build());

        var example = new SecretBackendIssuer("example", SecretBackendIssuerArgs.builder()
            .backend(root.backend())
            .issuerRef(root.issuerId())
            .issuerName("example-issuer")
            .build());

    }
}

resources:
  pki:
    type: vault:Mount
    properties:
      path: pki
      type: pki
      defaultLeaseTtlSeconds: 3600
      maxLeaseTtlSeconds: 86400
  root:
    type: vault:pkiSecret:SecretBackendRootCert
    properties:
      backend: ${pki.path}
      type: internal
      commonName: test
      ttl: '86400'
  example:
    type: vault:pkiSecret:SecretBackendIssuer
    properties:
      backend: ${root.backend}
      issuerRef: ${root.issuerId}
      issuerName: example-issuer

Create SecretBackendIssuer Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

new SecretBackendIssuer(name: string, args: SecretBackendIssuerArgs, opts?: CustomResourceOptions);

@overload
def SecretBackendIssuer(resource_name: str,
                        args: SecretBackendIssuerArgs,
                        opts: Optional[ResourceOptions] = None)

@overload
def SecretBackendIssuer(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        backend: Optional[str] = None,
                        issuer_ref: Optional[str] = None,
                        disable_name_constraint_checks: Optional[bool] = None,
                        issuing_certificates: Optional[Sequence[str]] = None,
                        disable_critical_extension_checks: Optional[bool] = None,
                        disable_path_length_checks: Optional[bool] = None,
                        enable_aia_url_templating: Optional[bool] = None,
                        issuer_name: Optional[str] = None,
                        crl_distribution_points: Optional[Sequence[str]] = None,
                        disable_name_checks: Optional[bool] = None,
                        leaf_not_after_behavior: Optional[str] = None,
                        manual_chains: Optional[Sequence[str]] = None,
                        namespace: Optional[str] = None,
                        ocsp_servers: Optional[Sequence[str]] = None,
                        revocation_signature_algorithm: Optional[str] = None,
                        usage: Optional[str] = None)

func NewSecretBackendIssuer(ctx *Context, name string, args SecretBackendIssuerArgs, opts ...ResourceOption) (*SecretBackendIssuer, error)

public SecretBackendIssuer(string name, SecretBackendIssuerArgs args, CustomResourceOptions? opts = null)

public SecretBackendIssuer(String name, SecretBackendIssuerArgs args)
public SecretBackendIssuer(String name, SecretBackendIssuerArgs args, CustomResourceOptions options)

type: vault:pkiSecret:SecretBackendIssuer
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SecretBackendIssuerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecretBackendIssuerArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecretBackendIssuerArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecretBackendIssuerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecretBackendIssuerArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var secretBackendIssuerResource = new Vault.PkiSecret.SecretBackendIssuer("secretBackendIssuerResource", new()
{
    Backend = "string",
    IssuerRef = "string",
    DisableNameConstraintChecks = false,
    IssuingCertificates = new[]
    {
        "string",
    },
    DisableCriticalExtensionChecks = false,
    DisablePathLengthChecks = false,
    EnableAiaUrlTemplating = false,
    IssuerName = "string",
    CrlDistributionPoints = new[]
    {
        "string",
    },
    DisableNameChecks = false,
    LeafNotAfterBehavior = "string",
    ManualChains = new[]
    {
        "string",
    },
    Namespace = "string",
    OcspServers = new[]
    {
        "string",
    },
    RevocationSignatureAlgorithm = "string",
    Usage = "string",
});

example, err := pkiSecret.NewSecretBackendIssuer(ctx, "secretBackendIssuerResource", &pkiSecret.SecretBackendIssuerArgs{
	Backend:                     pulumi.String("string"),
	IssuerRef:                   pulumi.String("string"),
	DisableNameConstraintChecks: pulumi.Bool(false),
	IssuingCertificates: pulumi.StringArray{
		pulumi.String("string"),
	},
	DisableCriticalExtensionChecks: pulumi.Bool(false),
	DisablePathLengthChecks:        pulumi.Bool(false),
	EnableAiaUrlTemplating:         pulumi.Bool(false),
	IssuerName:                     pulumi.String("string"),
	CrlDistributionPoints: pulumi.StringArray{
		pulumi.String("string"),
	},
	DisableNameChecks:    pulumi.Bool(false),
	LeafNotAfterBehavior: pulumi.String("string"),
	ManualChains: pulumi.StringArray{
		pulumi.String("string"),
	},
	Namespace: pulumi.String("string"),
	OcspServers: pulumi.StringArray{
		pulumi.String("string"),
	},
	RevocationSignatureAlgorithm: pulumi.String("string"),
	Usage:                        pulumi.String("string"),
})

var secretBackendIssuerResource = new SecretBackendIssuer("secretBackendIssuerResource", SecretBackendIssuerArgs.builder()
    .backend("string")
    .issuerRef("string")
    .disableNameConstraintChecks(false)
    .issuingCertificates("string")
    .disableCriticalExtensionChecks(false)
    .disablePathLengthChecks(false)
    .enableAiaUrlTemplating(false)
    .issuerName("string")
    .crlDistributionPoints("string")
    .disableNameChecks(false)
    .leafNotAfterBehavior("string")
    .manualChains("string")
    .namespace("string")
    .ocspServers("string")
    .revocationSignatureAlgorithm("string")
    .usage("string")
    .build());

secret_backend_issuer_resource = vault.pki_secret.SecretBackendIssuer("secretBackendIssuerResource",
    backend="string",
    issuer_ref="string",
    disable_name_constraint_checks=False,
    issuing_certificates=["string"],
    disable_critical_extension_checks=False,
    disable_path_length_checks=False,
    enable_aia_url_templating=False,
    issuer_name="string",
    crl_distribution_points=["string"],
    disable_name_checks=False,
    leaf_not_after_behavior="string",
    manual_chains=["string"],
    namespace="string",
    ocsp_servers=["string"],
    revocation_signature_algorithm="string",
    usage="string")

const secretBackendIssuerResource = new vault.pkisecret.SecretBackendIssuer("secretBackendIssuerResource", {
    backend: "string",
    issuerRef: "string",
    disableNameConstraintChecks: false,
    issuingCertificates: ["string"],
    disableCriticalExtensionChecks: false,
    disablePathLengthChecks: false,
    enableAiaUrlTemplating: false,
    issuerName: "string",
    crlDistributionPoints: ["string"],
    disableNameChecks: false,
    leafNotAfterBehavior: "string",
    manualChains: ["string"],
    namespace: "string",
    ocspServers: ["string"],
    revocationSignatureAlgorithm: "string",
    usage: "string",
});

type: vault:pkiSecret:SecretBackendIssuer
properties:
    backend: string
    crlDistributionPoints:
        - string
    disableCriticalExtensionChecks: false
    disableNameChecks: false
    disableNameConstraintChecks: false
    disablePathLengthChecks: false
    enableAiaUrlTemplating: false
    issuerName: string
    issuerRef: string
    issuingCertificates:
        - string
    leafNotAfterBehavior: string
    manualChains:
        - string
    namespace: string
    ocspServers:
        - string
    revocationSignatureAlgorithm: string
    usage: string

SecretBackendIssuer Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SecretBackendIssuer resource accepts the following input properties:

Backend string: The path the PKI secret backend is mounted at, with no leading or trailing /s.
IssuerRef string: Reference to an existing issuer.
CrlDistributionPoints List<string>: Specifies the URL values for the CRL Distribution Points field.
DisableCriticalExtensionChecks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the issued certificate) contain critical extensions not processed by Vault.
DisableNameChecks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) contains a link in which the subject of the issuing certificate does not match the named issuer of the certificate it signed.
DisableNameConstraintChecks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) violates the name constraints critical extension of one of the issuer certificates in the chain.
DisablePathLengthChecks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) is longer than allowed by a certificate authority in that chain.
EnableAiaUrlTemplating bool: Specifies that the AIA URL values should be templated.
IssuerName string: Name of the issuer.
IssuingCertificates List<string>: Specifies the URL values for the Issuing Certificate field.
LeafNotAfterBehavior string: Behavior of a leaf's NotAfter field during issuance.
ManualChains List<string>: Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
OcspServers List<string>: Specifies the URL values for the OCSP Servers field.
RevocationSignatureAlgorithm string: Which signature algorithm to use when building CRLs.
Usage string: Allowed usages for this issuer.

Backend string: The path the PKI secret backend is mounted at, with no leading or trailing /s.
IssuerRef string: Reference to an existing issuer.
CrlDistributionPoints []string: Specifies the URL values for the CRL Distribution Points field.
DisableCriticalExtensionChecks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the issued certificate) contain critical extensions not processed by Vault.
DisableNameChecks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) contains a link in which the subject of the issuing certificate does not match the named issuer of the certificate it signed.
DisableNameConstraintChecks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) violates the name constraints critical extension of one of the issuer certificates in the chain.
DisablePathLengthChecks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) is longer than allowed by a certificate authority in that chain.
EnableAiaUrlTemplating bool: Specifies that the AIA URL values should be templated.
IssuerName string: Name of the issuer.
IssuingCertificates []string: Specifies the URL values for the Issuing Certificate field.
LeafNotAfterBehavior string: Behavior of a leaf's NotAfter field during issuance.
ManualChains []string: Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
OcspServers []string: Specifies the URL values for the OCSP Servers field.
RevocationSignatureAlgorithm string: Which signature algorithm to use when building CRLs.
Usage string: Allowed usages for this issuer.

backend String: The path the PKI secret backend is mounted at, with no leading or trailing /s.
issuerRef String: Reference to an existing issuer.
crlDistributionPoints List<String>: Specifies the URL values for the CRL Distribution Points field.
disableCriticalExtensionChecks Boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the issued certificate) contain critical extensions not processed by Vault.
disableNameChecks Boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) contains a link in which the subject of the issuing certificate does not match the named issuer of the certificate it signed.
disableNameConstraintChecks Boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) violates the name constraints critical extension of one of the issuer certificates in the chain.
disablePathLengthChecks Boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) is longer than allowed by a certificate authority in that chain.
enableAiaUrlTemplating Boolean: Specifies that the AIA URL values should be templated.
issuerName String: Name of the issuer.
issuingCertificates List<String>: Specifies the URL values for the Issuing Certificate field.
leafNotAfterBehavior String: Behavior of a leaf's NotAfter field during issuance.
manualChains List<String>: Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
ocspServers List<String>: Specifies the URL values for the OCSP Servers field.
revocationSignatureAlgorithm String: Which signature algorithm to use when building CRLs.
usage String: Allowed usages for this issuer.

backend string: The path the PKI secret backend is mounted at, with no leading or trailing /s.
issuerRef string: Reference to an existing issuer.
crlDistributionPoints string[]: Specifies the URL values for the CRL Distribution Points field.
disableCriticalExtensionChecks boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the issued certificate) contain critical extensions not processed by Vault.
disableNameChecks boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) contains a link in which the subject of the issuing certificate does not match the named issuer of the certificate it signed.
disableNameConstraintChecks boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) violates the name constraints critical extension of one of the issuer certificates in the chain.
disablePathLengthChecks boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) is longer than allowed by a certificate authority in that chain.
enableAiaUrlTemplating boolean: Specifies that the AIA URL values should be templated.
issuerName string: Name of the issuer.
issuingCertificates string[]: Specifies the URL values for the Issuing Certificate field.
leafNotAfterBehavior string: Behavior of a leaf's NotAfter field during issuance.
manualChains string[]: Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
ocspServers string[]: Specifies the URL values for the OCSP Servers field.
revocationSignatureAlgorithm string: Which signature algorithm to use when building CRLs.
usage string: Allowed usages for this issuer.

backend str: The path the PKI secret backend is mounted at, with no leading or trailing /s.
issuer_ref str: Reference to an existing issuer.
crl_distribution_points Sequence[str]: Specifies the URL values for the CRL Distribution Points field.
disable_critical_extension_checks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the issued certificate) contain critical extensions not processed by Vault.
disable_name_checks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) contains a link in which the subject of the issuing certificate does not match the named issuer of the certificate it signed.
disable_name_constraint_checks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) violates the name constraints critical extension of one of the issuer certificates in the chain.
disable_path_length_checks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) is longer than allowed by a certificate authority in that chain.
enable_aia_url_templating bool: Specifies that the AIA URL values should be templated.
issuer_name str: Name of the issuer.
issuing_certificates Sequence[str]: Specifies the URL values for the Issuing Certificate field.
leaf_not_after_behavior str: Behavior of a leaf's NotAfter field during issuance.
manual_chains Sequence[str]: Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
namespace str: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
ocsp_servers Sequence[str]: Specifies the URL values for the OCSP Servers field.
revocation_signature_algorithm str: Which signature algorithm to use when building CRLs.
usage str: Allowed usages for this issuer.

backend String: The path the PKI secret backend is mounted at, with no leading or trailing /s.
issuerRef String: Reference to an existing issuer.
crlDistributionPoints List<String>: Specifies the URL values for the CRL Distribution Points field.
disableCriticalExtensionChecks Boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the issued certificate) contain critical extensions not processed by Vault.
disableNameChecks Boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) contains a link in which the subject of the issuing certificate does not match the named issuer of the certificate it signed.
disableNameConstraintChecks Boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) violates the name constraints critical extension of one of the issuer certificates in the chain.
disablePathLengthChecks Boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) is longer than allowed by a certificate authority in that chain.
enableAiaUrlTemplating Boolean: Specifies that the AIA URL values should be templated.
issuerName String: Name of the issuer.
issuingCertificates List<String>: Specifies the URL values for the Issuing Certificate field.
leafNotAfterBehavior String: Behavior of a leaf's NotAfter field during issuance.
manualChains List<String>: Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
ocspServers List<String>: Specifies the URL values for the OCSP Servers field.
revocationSignatureAlgorithm String: Which signature algorithm to use when building CRLs.
usage String: Allowed usages for this issuer.

Outputs

All input properties are implicitly available as output properties. Additionally, the SecretBackendIssuer resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
IssuerId string: ID of the issuer.

Id string: The provider-assigned unique ID for this managed resource.
IssuerId string: ID of the issuer.

id String: The provider-assigned unique ID for this managed resource.
issuerId String: ID of the issuer.

id string: The provider-assigned unique ID for this managed resource.
issuerId string: ID of the issuer.

id str: The provider-assigned unique ID for this managed resource.
issuer_id str: ID of the issuer.

id String: The provider-assigned unique ID for this managed resource.
issuerId String: ID of the issuer.

Look up Existing SecretBackendIssuer Resource

Get an existing SecretBackendIssuer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: SecretBackendIssuerState, opts?: CustomResourceOptions): SecretBackendIssuer

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        backend: Optional[str] = None,
        crl_distribution_points: Optional[Sequence[str]] = None,
        disable_critical_extension_checks: Optional[bool] = None,
        disable_name_checks: Optional[bool] = None,
        disable_name_constraint_checks: Optional[bool] = None,
        disable_path_length_checks: Optional[bool] = None,
        enable_aia_url_templating: Optional[bool] = None,
        issuer_id: Optional[str] = None,
        issuer_name: Optional[str] = None,
        issuer_ref: Optional[str] = None,
        issuing_certificates: Optional[Sequence[str]] = None,
        leaf_not_after_behavior: Optional[str] = None,
        manual_chains: Optional[Sequence[str]] = None,
        namespace: Optional[str] = None,
        ocsp_servers: Optional[Sequence[str]] = None,
        revocation_signature_algorithm: Optional[str] = None,
        usage: Optional[str] = None) -> SecretBackendIssuer

func GetSecretBackendIssuer(ctx *Context, name string, id IDInput, state *SecretBackendIssuerState, opts ...ResourceOption) (*SecretBackendIssuer, error)

public static SecretBackendIssuer Get(string name, Input<string> id, SecretBackendIssuerState? state, CustomResourceOptions? opts = null)

public static SecretBackendIssuer get(String name, Output<String> id, SecretBackendIssuerState state, CustomResourceOptions options)

resources:  _:    type: vault:pkiSecret:SecretBackendIssuer    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Backend string: The path the PKI secret backend is mounted at, with no leading or trailing /s.
CrlDistributionPoints List<string>: Specifies the URL values for the CRL Distribution Points field.
DisableCriticalExtensionChecks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the issued certificate) contain critical extensions not processed by Vault.
DisableNameChecks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) contains a link in which the subject of the issuing certificate does not match the named issuer of the certificate it signed.
DisableNameConstraintChecks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) violates the name constraints critical extension of one of the issuer certificates in the chain.
DisablePathLengthChecks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) is longer than allowed by a certificate authority in that chain.
EnableAiaUrlTemplating bool: Specifies that the AIA URL values should be templated.
IssuerId string: ID of the issuer.
IssuerName string: Name of the issuer.
IssuerRef string: Reference to an existing issuer.
IssuingCertificates List<string>: Specifies the URL values for the Issuing Certificate field.
LeafNotAfterBehavior string: Behavior of a leaf's NotAfter field during issuance.
ManualChains List<string>: Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
OcspServers List<string>: Specifies the URL values for the OCSP Servers field.
RevocationSignatureAlgorithm string: Which signature algorithm to use when building CRLs.
Usage string: Allowed usages for this issuer.

Backend string: The path the PKI secret backend is mounted at, with no leading or trailing /s.
CrlDistributionPoints []string: Specifies the URL values for the CRL Distribution Points field.
DisableCriticalExtensionChecks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the issued certificate) contain critical extensions not processed by Vault.
DisableNameChecks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) contains a link in which the subject of the issuing certificate does not match the named issuer of the certificate it signed.
DisableNameConstraintChecks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) violates the name constraints critical extension of one of the issuer certificates in the chain.
DisablePathLengthChecks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) is longer than allowed by a certificate authority in that chain.
EnableAiaUrlTemplating bool: Specifies that the AIA URL values should be templated.
IssuerId string: ID of the issuer.
IssuerName string: Name of the issuer.
IssuerRef string: Reference to an existing issuer.
IssuingCertificates []string: Specifies the URL values for the Issuing Certificate field.
LeafNotAfterBehavior string: Behavior of a leaf's NotAfter field during issuance.
ManualChains []string: Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
Namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
OcspServers []string: Specifies the URL values for the OCSP Servers field.
RevocationSignatureAlgorithm string: Which signature algorithm to use when building CRLs.
Usage string: Allowed usages for this issuer.

backend String: The path the PKI secret backend is mounted at, with no leading or trailing /s.
crlDistributionPoints List<String>: Specifies the URL values for the CRL Distribution Points field.
disableCriticalExtensionChecks Boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the issued certificate) contain critical extensions not processed by Vault.
disableNameChecks Boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) contains a link in which the subject of the issuing certificate does not match the named issuer of the certificate it signed.
disableNameConstraintChecks Boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) violates the name constraints critical extension of one of the issuer certificates in the chain.
disablePathLengthChecks Boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) is longer than allowed by a certificate authority in that chain.
enableAiaUrlTemplating Boolean: Specifies that the AIA URL values should be templated.
issuerId String: ID of the issuer.
issuerName String: Name of the issuer.
issuerRef String: Reference to an existing issuer.
issuingCertificates List<String>: Specifies the URL values for the Issuing Certificate field.
leafNotAfterBehavior String: Behavior of a leaf's NotAfter field during issuance.
manualChains List<String>: Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
ocspServers List<String>: Specifies the URL values for the OCSP Servers field.
revocationSignatureAlgorithm String: Which signature algorithm to use when building CRLs.
usage String: Allowed usages for this issuer.

backend string: The path the PKI secret backend is mounted at, with no leading or trailing /s.
crlDistributionPoints string[]: Specifies the URL values for the CRL Distribution Points field.
disableCriticalExtensionChecks boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the issued certificate) contain critical extensions not processed by Vault.
disableNameChecks boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) contains a link in which the subject of the issuing certificate does not match the named issuer of the certificate it signed.
disableNameConstraintChecks boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) violates the name constraints critical extension of one of the issuer certificates in the chain.
disablePathLengthChecks boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) is longer than allowed by a certificate authority in that chain.
enableAiaUrlTemplating boolean: Specifies that the AIA URL values should be templated.
issuerId string: ID of the issuer.
issuerName string: Name of the issuer.
issuerRef string: Reference to an existing issuer.
issuingCertificates string[]: Specifies the URL values for the Issuing Certificate field.
leafNotAfterBehavior string: Behavior of a leaf's NotAfter field during issuance.
manualChains string[]: Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
namespace string: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
ocspServers string[]: Specifies the URL values for the OCSP Servers field.
revocationSignatureAlgorithm string: Which signature algorithm to use when building CRLs.
usage string: Allowed usages for this issuer.

backend str: The path the PKI secret backend is mounted at, with no leading or trailing /s.
crl_distribution_points Sequence[str]: Specifies the URL values for the CRL Distribution Points field.
disable_critical_extension_checks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the issued certificate) contain critical extensions not processed by Vault.
disable_name_checks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) contains a link in which the subject of the issuing certificate does not match the named issuer of the certificate it signed.
disable_name_constraint_checks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) violates the name constraints critical extension of one of the issuer certificates in the chain.
disable_path_length_checks bool: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) is longer than allowed by a certificate authority in that chain.
enable_aia_url_templating bool: Specifies that the AIA URL values should be templated.
issuer_id str: ID of the issuer.
issuer_name str: Name of the issuer.
issuer_ref str: Reference to an existing issuer.
issuing_certificates Sequence[str]: Specifies the URL values for the Issuing Certificate field.
leaf_not_after_behavior str: Behavior of a leaf's NotAfter field during issuance.
manual_chains Sequence[str]: Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
namespace str: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
ocsp_servers Sequence[str]: Specifies the URL values for the OCSP Servers field.
revocation_signature_algorithm str: Which signature algorithm to use when building CRLs.
usage str: Allowed usages for this issuer.

backend String: The path the PKI secret backend is mounted at, with no leading or trailing /s.
crlDistributionPoints List<String>: Specifies the URL values for the CRL Distribution Points field.
disableCriticalExtensionChecks Boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the issued certificate) contain critical extensions not processed by Vault.
disableNameChecks Boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) contains a link in which the subject of the issuing certificate does not match the named issuer of the certificate it signed.
disableNameConstraintChecks Boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) violates the name constraints critical extension of one of the issuer certificates in the chain.
disablePathLengthChecks Boolean: This determines whether this issuer is able to issue certificates where the chain of trust (including the final issued certificate) is longer than allowed by a certificate authority in that chain.
enableAiaUrlTemplating Boolean: Specifies that the AIA URL values should be templated.
issuerId String: ID of the issuer.
issuerName String: Name of the issuer.
issuerRef String: Reference to an existing issuer.
issuingCertificates List<String>: Specifies the URL values for the Issuing Certificate field.
leafNotAfterBehavior String: Behavior of a leaf's NotAfter field during issuance.
manualChains List<String>: Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.
namespace String: The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
ocspServers List<String>: Specifies the URL values for the OCSP Servers field.
revocationSignatureAlgorithm String: Which signature algorithm to use when building CRLs.
usage String: Allowed usages for this issuer.

Import

PKI secret backend issuer can be imported using the id, e.g.

$ pulumi import vault:pkiSecret/secretBackendIssuer:SecretBackendIssuer example pki/issuer/bf9b0d48-d0dd-652c-30be-77d04fc7e94d

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Vault pulumi/pulumi-vault
License: Apache-2.0
Notes: This Pulumi package is based on the vault Terraform Provider.

HashiCorp Vault v6.6.0 published on Thursday, Mar 13, 2025 by Pulumi

pulumi/pulumi-vault

vault.pkiSecret.SecretBackendIssuer

On this page

On this page

Example Usage

Create SecretBackendIssuer Resource

Constructor syntax

Parameters

Constructor example

SecretBackendIssuer Resource Properties

Inputs

Outputs

Look up Existing SecretBackendIssuer Resource

Import

Package Details

On this page

On this page