Docs Home
Venafi v1.10.7 published on Wednesday, Apr 9, 2025 by Pulumi
venafi.SshCertificate
Explore with Pulumi AI
Provides access to request and retrieve SSH certificates from Venafi Trust Protection Platform.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as venafi from "@pulumi/venafi";
const sshCert = new venafi.SshCertificate("ssh_cert", {
keyId: "my-first-ssh-certificate",
template: "Sample SSH CA",
publicKeyMethod: "local",
keyPassphrase: "passw0rd",
keySize: 3072,
principals: ["seamus"],
validHours: 24,
});
import pulumi
import pulumi_venafi as venafi
ssh_cert = venafi.SshCertificate("ssh_cert",
key_id="my-first-ssh-certificate",
template="Sample SSH CA",
public_key_method="local",
key_passphrase="passw0rd",
key_size=3072,
principals=["seamus"],
valid_hours=24)
package main
import (
"github.com/pulumi/pulumi-venafi/sdk/go/venafi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := venafi.NewSshCertificate(ctx, "ssh_cert", &venafi.SshCertificateArgs{
KeyId: pulumi.String("my-first-ssh-certificate"),
Template: pulumi.String("Sample SSH CA"),
PublicKeyMethod: pulumi.String("local"),
KeyPassphrase: pulumi.String("passw0rd"),
KeySize: pulumi.Int(3072),
Principals: pulumi.StringArray{
pulumi.String("seamus"),
},
ValidHours: pulumi.Int(24),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Venafi = Pulumi.Venafi;
return await Deployment.RunAsync(() =>
{
var sshCert = new Venafi.SshCertificate("ssh_cert", new()
{
KeyId = "my-first-ssh-certificate",
Template = "Sample SSH CA",
PublicKeyMethod = "local",
KeyPassphrase = "passw0rd",
KeySize = 3072,
Principals = new[]
{
"seamus",
},
ValidHours = 24,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.venafi.SshCertificate;
import com.pulumi.venafi.SshCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var sshCert = new SshCertificate("sshCert", SshCertificateArgs.builder()
.keyId("my-first-ssh-certificate")
.template("Sample SSH CA")
.publicKeyMethod("local")
.keyPassphrase("passw0rd")
.keySize(3072)
.principals("seamus")
.validHours(24)
.build());
}
}
resources:
sshCert:
type: venafi:SshCertificate
name: ssh_cert
properties:
keyId: my-first-ssh-certificate
template: Sample SSH CA
publicKeyMethod: local
keyPassphrase: passw0rd
keySize: 3072
principals:
- seamus
validHours: 24
Create SshCertificate Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SshCertificate(name: string, args: SshCertificateArgs, opts?: CustomResourceOptions);@overload
def SshCertificate(resource_name: str,
args: SshCertificateArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SshCertificate(resource_name: str,
opts: Optional[ResourceOptions] = None,
key_id: Optional[str] = None,
template: Optional[str] = None,
principal: Optional[Sequence[str]] = None,
principals: Optional[Sequence[str]] = None,
folder: Optional[str] = None,
key_passphrase: Optional[str] = None,
key_size: Optional[int] = None,
object_name: Optional[str] = None,
destination_addresses: Optional[Sequence[str]] = None,
force_command: Optional[str] = None,
public_key: Optional[str] = None,
public_key_method: Optional[str] = None,
source_addresses: Optional[Sequence[str]] = None,
extensions: Optional[Sequence[str]] = None,
valid_hours: Optional[int] = None,
windows: Optional[bool] = None)func NewSshCertificate(ctx *Context, name string, args SshCertificateArgs, opts ...ResourceOption) (*SshCertificate, error)public SshCertificate(string name, SshCertificateArgs args, CustomResourceOptions? opts = null)public SshCertificate(String name, SshCertificateArgs args)
public SshCertificate(String name, SshCertificateArgs args, CustomResourceOptions options)
type: venafi:SshCertificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. SshCertificateArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. SshCertificateArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. SshCertificateArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. SshCertificateArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. SshCertificateArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var sshCertificateResource = new Venafi.SshCertificate("sshCertificateResource", new()
{
KeyId = "string",
Template = "string",
Principals = new[]
{
"string",
},
Folder = "string",
KeyPassphrase = "string",
KeySize = 0,
ObjectName = "string",
DestinationAddresses = new[]
{
"string",
},
ForceCommand = "string",
PublicKey = "string",
PublicKeyMethod = "string",
SourceAddresses = new[]
{
"string",
},
Extensions = new[]
{
"string",
},
ValidHours = 0,
Windows = false,
});
example, err := venafi.NewSshCertificate(ctx, "sshCertificateResource", &venafi.SshCertificateArgs{
KeyId: pulumi.String("string"),
Template: pulumi.String("string"),
Principals: pulumi.StringArray{
pulumi.String("string"),
},
Folder: pulumi.String("string"),
KeyPassphrase: pulumi.String("string"),
KeySize: pulumi.Int(0),
ObjectName: pulumi.String("string"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("string"),
},
ForceCommand: pulumi.String("string"),
PublicKey: pulumi.String("string"),
PublicKeyMethod: pulumi.String("string"),
SourceAddresses: pulumi.StringArray{
pulumi.String("string"),
},
Extensions: pulumi.StringArray{
pulumi.String("string"),
},
ValidHours: pulumi.Int(0),
Windows: pulumi.Bool(false),
})
var sshCertificateResource = new SshCertificate("sshCertificateResource", SshCertificateArgs.builder()
.keyId("string")
.template("string")
.principals("string")
.folder("string")
.keyPassphrase("string")
.keySize(0)
.objectName("string")
.destinationAddresses("string")
.forceCommand("string")
.publicKey("string")
.publicKeyMethod("string")
.sourceAddresses("string")
.extensions("string")
.validHours(0)
.windows(false)
.build());
ssh_certificate_resource = venafi.SshCertificate("sshCertificateResource",
key_id="string",
template="string",
principals=["string"],
folder="string",
key_passphrase="string",
key_size=0,
object_name="string",
destination_addresses=["string"],
force_command="string",
public_key="string",
public_key_method="string",
source_addresses=["string"],
extensions=["string"],
valid_hours=0,
windows=False)
const sshCertificateResource = new venafi.SshCertificate("sshCertificateResource", {
keyId: "string",
template: "string",
principals: ["string"],
folder: "string",
keyPassphrase: "string",
keySize: 0,
objectName: "string",
destinationAddresses: ["string"],
forceCommand: "string",
publicKey: "string",
publicKeyMethod: "string",
sourceAddresses: ["string"],
extensions: ["string"],
validHours: 0,
windows: false,
});
type: venafi:SshCertificate
properties:
destinationAddresses:
- string
extensions:
- string
folder: string
forceCommand: string
keyId: string
keyPassphrase: string
keySize: 0
objectName: string
principals:
- string
publicKey: string
publicKeyMethod: string
sourceAddresses:
- string
template: string
validHours: 0
windows: false
SshCertificate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SshCertificate resource accepts the following input properties:
- Key
Id stringThis property is required. 
Changes to this property will trigger replacement. - The identifier of the requested SSH certificate.
- Template
string
This property is required. Changes to this property will trigger replacement. - The SSH certificate issuing template.
- Destination
Addresses - A list of one or more valid IP or CIDR destination hosts where the certificate will authenticate.
- Extensions
- A list of key-value pairs that contain certificate extensions from the CA
template for client certificates. Allowed values (case-sensitive):
permit-X11-forwarding,permit-agent-forwarding,permit-port-forwarding,permit-pty,permit-user-rc. - Folder
- The DN of the policy folder where the SSH certificate object will be created.
- Force
Command - A command to run after successful login.
- Key
Passphrase - Passphrase for encrypting the private key.
- Key
Size - Number of bits to use when creating a key pair. (e.g.
3072). - Object
Name - The friendly name of the SSH certificate object. When not specified the
key_idis used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new certificate. - Principal
- [DEPRECATED] - (Optional, set of strings) Use "principals" instead. A list of usernames for whom the requested certificate will be valid.
- Principals
- A list of usernames for whom the requested certificate will be valid.
- Public
Key - The OpenSSH formatted public key that will be used to generate the SSH certificate.
- Public
Key Method - Specifies whether the public key will be
local(default),fileorservicegenerated. - Source
Addresses - A list of one or more valid IP or CIDR addresses that can use the SSH certificate.
- Valid
Hours - Desired number of hours for which the certificate will be valid.
- Windows
- Specifies whether the private key will use Windows/DOS style line breaks.
- Key
Id stringThis property is required. Changes to this property will trigger replacement. - The identifier of the requested SSH certificate.
- Template
string
This property is required. Changes to this property will trigger replacement. - The SSH certificate issuing template.
- Destination
Addresses - A list of one or more valid IP or CIDR destination hosts where the certificate will authenticate.
- Extensions
- A list of key-value pairs that contain certificate extensions from the CA
template for client certificates. Allowed values (case-sensitive):
permit-X11-forwarding,permit-agent-forwarding,permit-port-forwarding,permit-pty,permit-user-rc. - Folder
- The DN of the policy folder where the SSH certificate object will be created.
- Force
Command - A command to run after successful login.
- Key
Passphrase - Passphrase for encrypting the private key.
- Key
Size - Number of bits to use when creating a key pair. (e.g.
3072). - Object
Name - The friendly name of the SSH certificate object. When not specified the
key_idis used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new certificate. - Principal
- [DEPRECATED] - (Optional, set of strings) Use "principals" instead. A list of usernames for whom the requested certificate will be valid.
- Principals
- A list of usernames for whom the requested certificate will be valid.
- Public
Key - The OpenSSH formatted public key that will be used to generate the SSH certificate.
- Public
Key Method - Specifies whether the public key will be
local(default),fileorservicegenerated. - Source
Addresses - A list of one or more valid IP or CIDR addresses that can use the SSH certificate.
- Valid
Hours - Desired number of hours for which the certificate will be valid.
- Windows
- Specifies whether the private key will use Windows/DOS style line breaks.
- key
Id StringThis property is required. Changes to this property will trigger replacement. - The identifier of the requested SSH certificate.
- template
String
This property is required. Changes to this property will trigger replacement. - The SSH certificate issuing template.
- destination
Addresses - A list of one or more valid IP or CIDR destination hosts where the certificate will authenticate.
- extensions
- A list of key-value pairs that contain certificate extensions from the CA
template for client certificates. Allowed values (case-sensitive):
permit-X11-forwarding,permit-agent-forwarding,permit-port-forwarding,permit-pty,permit-user-rc. - folder
- The DN of the policy folder where the SSH certificate object will be created.
- force
Command - A command to run after successful login.
- key
Passphrase - Passphrase for encrypting the private key.
- key
Size - Number of bits to use when creating a key pair. (e.g.
3072). - object
Name - The friendly name of the SSH certificate object. When not specified the
key_idis used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new certificate. - principal
- [DEPRECATED] - (Optional, set of strings) Use "principals" instead. A list of usernames for whom the requested certificate will be valid.
- principals
- A list of usernames for whom the requested certificate will be valid.
- public
Key - The OpenSSH formatted public key that will be used to generate the SSH certificate.
- public
Key Method - Specifies whether the public key will be
local(default),fileorservicegenerated. - source
Addresses - A list of one or more valid IP or CIDR addresses that can use the SSH certificate.
- valid
Hours - Desired number of hours for which the certificate will be valid.
- windows
- Specifies whether the private key will use Windows/DOS style line breaks.
- key
Id stringThis property is required. Changes to this property will trigger replacement. - The identifier of the requested SSH certificate.
- template
string
This property is required. Changes to this property will trigger replacement. - The SSH certificate issuing template.
- destination
Addresses - A list of one or more valid IP or CIDR destination hosts where the certificate will authenticate.
- extensions
- A list of key-value pairs that contain certificate extensions from the CA
template for client certificates. Allowed values (case-sensitive):
permit-X11-forwarding,permit-agent-forwarding,permit-port-forwarding,permit-pty,permit-user-rc. - folder
- The DN of the policy folder where the SSH certificate object will be created.
- force
Command - A command to run after successful login.
- key
Passphrase - Passphrase for encrypting the private key.
- key
Size - Number of bits to use when creating a key pair. (e.g.
3072). - object
Name - The friendly name of the SSH certificate object. When not specified the
key_idis used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new certificate. - principal
- [DEPRECATED] - (Optional, set of strings) Use "principals" instead. A list of usernames for whom the requested certificate will be valid.
- principals
- A list of usernames for whom the requested certificate will be valid.
- public
Key - The OpenSSH formatted public key that will be used to generate the SSH certificate.
- public
Key Method - Specifies whether the public key will be
local(default),fileorservicegenerated. - source
Addresses - A list of one or more valid IP or CIDR addresses that can use the SSH certificate.
- valid
Hours - Desired number of hours for which the certificate will be valid.
- windows
- Specifies whether the private key will use Windows/DOS style line breaks.
- key_
id strThis property is required. Changes to this property will trigger replacement. - The identifier of the requested SSH certificate.
- template
str
This property is required. Changes to this property will trigger replacement. - The SSH certificate issuing template.
- destination_
addresses - A list of one or more valid IP or CIDR destination hosts where the certificate will authenticate.
- extensions
- A list of key-value pairs that contain certificate extensions from the CA
template for client certificates. Allowed values (case-sensitive):
permit-X11-forwarding,permit-agent-forwarding,permit-port-forwarding,permit-pty,permit-user-rc. - folder
- The DN of the policy folder where the SSH certificate object will be created.
- force_
command - A command to run after successful login.
- key_
passphrase - Passphrase for encrypting the private key.
- key_
size - Number of bits to use when creating a key pair. (e.g.
3072). - object_
name - The friendly name of the SSH certificate object. When not specified the
key_idis used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new certificate. - principal
- [DEPRECATED] - (Optional, set of strings) Use "principals" instead. A list of usernames for whom the requested certificate will be valid.
- principals
- A list of usernames for whom the requested certificate will be valid.
- public_
key - The OpenSSH formatted public key that will be used to generate the SSH certificate.
- public_
key_ method - Specifies whether the public key will be
local(default),fileorservicegenerated. - source_
addresses - A list of one or more valid IP or CIDR addresses that can use the SSH certificate.
- valid_
hours - Desired number of hours for which the certificate will be valid.
- windows
- Specifies whether the private key will use Windows/DOS style line breaks.
- key
Id StringThis property is required. Changes to this property will trigger replacement. - The identifier of the requested SSH certificate.
- template
String
This property is required. Changes to this property will trigger replacement. - The SSH certificate issuing template.
- destination
Addresses - A list of one or more valid IP or CIDR destination hosts where the certificate will authenticate.
- extensions
- A list of key-value pairs that contain certificate extensions from the CA
template for client certificates. Allowed values (case-sensitive):
permit-X11-forwarding,permit-agent-forwarding,permit-port-forwarding,permit-pty,permit-user-rc. - folder
- The DN of the policy folder where the SSH certificate object will be created.
- force
Command - A command to run after successful login.
- key
Passphrase - Passphrase for encrypting the private key.
- key
Size - Number of bits to use when creating a key pair. (e.g.
3072). - object
Name - The friendly name of the SSH certificate object. When not specified the
key_idis used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new certificate. - principal
- [DEPRECATED] - (Optional, set of strings) Use "principals" instead. A list of usernames for whom the requested certificate will be valid.
- principals
- A list of usernames for whom the requested certificate will be valid.
- public
Key - The OpenSSH formatted public key that will be used to generate the SSH certificate.
- public
Key Method - Specifies whether the public key will be
local(default),fileorservicegenerated. - source
Addresses - A list of one or more valid IP or CIDR addresses that can use the SSH certificate.
- valid
Hours - Desired number of hours for which the certificate will be valid.
- windows
- Specifies whether the private key will use Windows/DOS style line breaks.
Outputs
All input properties are implicitly available as output properties. Additionally, the SshCertificate resource produces the following output properties:
- Certificate string
- The issued SSH certificate.
- Certificate
Type string - Indicates whether the SSH certificate is for client or server authentication.
- Id string
- The provider-assigned unique ID for this managed resource.
- Private
Key string - The private key for the SSH certificate if generated by Venafi.
- Public
Key stringFingerprint - The SHA256 fingerprint of the SSH certificate's public key.
- Serial string
- The serial number of the SSH certificate.
- Signing
Ca string - The SHA256 fingerprint of the CA that signed the SSH certificate.
- Valid
From string - The date the SSH certificate was issued.
- Valid
To string - The date the SSH certificate will expire.
- Certificate string
- The issued SSH certificate.
- Certificate
Type string - Indicates whether the SSH certificate is for client or server authentication.
- Id string
- The provider-assigned unique ID for this managed resource.
- Private
Key string - The private key for the SSH certificate if generated by Venafi.
- Public
Key stringFingerprint - The SHA256 fingerprint of the SSH certificate's public key.
- Serial string
- The serial number of the SSH certificate.
- Signing
Ca string - The SHA256 fingerprint of the CA that signed the SSH certificate.
- Valid
From string - The date the SSH certificate was issued.
- Valid
To string - The date the SSH certificate will expire.
- certificate String
- The issued SSH certificate.
- certificate
Type String - Indicates whether the SSH certificate is for client or server authentication.
- id String
- The provider-assigned unique ID for this managed resource.
- private
Key String - The private key for the SSH certificate if generated by Venafi.
- public
Key StringFingerprint - The SHA256 fingerprint of the SSH certificate's public key.
- serial String
- The serial number of the SSH certificate.
- signing
Ca String - The SHA256 fingerprint of the CA that signed the SSH certificate.
- valid
From String - The date the SSH certificate was issued.
- valid
To String - The date the SSH certificate will expire.
- certificate string
- The issued SSH certificate.
- certificate
Type string - Indicates whether the SSH certificate is for client or server authentication.
- id string
- The provider-assigned unique ID for this managed resource.
- private
Key string - The private key for the SSH certificate if generated by Venafi.
- public
Key stringFingerprint - The SHA256 fingerprint of the SSH certificate's public key.
- serial string
- The serial number of the SSH certificate.
- signing
Ca string - The SHA256 fingerprint of the CA that signed the SSH certificate.
- valid
From string - The date the SSH certificate was issued.
- valid
To string - The date the SSH certificate will expire.
- certificate str
- The issued SSH certificate.
- certificate_
type str - Indicates whether the SSH certificate is for client or server authentication.
- id str
- The provider-assigned unique ID for this managed resource.
- private_
key str - The private key for the SSH certificate if generated by Venafi.
- public_
key_ strfingerprint - The SHA256 fingerprint of the SSH certificate's public key.
- serial str
- The serial number of the SSH certificate.
- signing_
ca str - The SHA256 fingerprint of the CA that signed the SSH certificate.
- valid_
from str - The date the SSH certificate was issued.
- valid_
to str - The date the SSH certificate will expire.
- certificate String
- The issued SSH certificate.
- certificate
Type String - Indicates whether the SSH certificate is for client or server authentication.
- id String
- The provider-assigned unique ID for this managed resource.
- private
Key String - The private key for the SSH certificate if generated by Venafi.
- public
Key StringFingerprint - The SHA256 fingerprint of the SSH certificate's public key.
- serial String
- The serial number of the SSH certificate.
- signing
Ca String - The SHA256 fingerprint of the CA that signed the SSH certificate.
- valid
From String - The date the SSH certificate was issued.
- valid
To String - The date the SSH certificate will expire.
Look up Existing SshCertificate Resource
Get an existing SshCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SshCertificateState, opts?: CustomResourceOptions): SshCertificate@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
certificate: Optional[str] = None,
certificate_type: Optional[str] = None,
destination_addresses: Optional[Sequence[str]] = None,
extensions: Optional[Sequence[str]] = None,
folder: Optional[str] = None,
force_command: Optional[str] = None,
key_id: Optional[str] = None,
key_passphrase: Optional[str] = None,
key_size: Optional[int] = None,
object_name: Optional[str] = None,
principal: Optional[Sequence[str]] = None,
principals: Optional[Sequence[str]] = None,
private_key: Optional[str] = None,
public_key: Optional[str] = None,
public_key_fingerprint: Optional[str] = None,
public_key_method: Optional[str] = None,
serial: Optional[str] = None,
signing_ca: Optional[str] = None,
source_addresses: Optional[Sequence[str]] = None,
template: Optional[str] = None,
valid_from: Optional[str] = None,
valid_hours: Optional[int] = None,
valid_to: Optional[str] = None,
windows: Optional[bool] = None) -> SshCertificatefunc GetSshCertificate(ctx *Context, name string, id IDInput, state *SshCertificateState, opts ...ResourceOption) (*SshCertificate, error)public static SshCertificate Get(string name, Input<string> id, SshCertificateState? state, CustomResourceOptions? opts = null)public static SshCertificate get(String name, Output<String> id, SshCertificateState state, CustomResourceOptions options)resources: _: type: venafi:SshCertificate get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Certificate string
- The issued SSH certificate.
- Certificate
Type string - Indicates whether the SSH certificate is for client or server authentication.
- Destination
Addresses - A list of one or more valid IP or CIDR destination hosts where the certificate will authenticate.
- Extensions
- A list of key-value pairs that contain certificate extensions from the CA
template for client certificates. Allowed values (case-sensitive):
permit-X11-forwarding,permit-agent-forwarding,permit-port-forwarding,permit-pty,permit-user-rc. - Folder
- The DN of the policy folder where the SSH certificate object will be created.
- Force
Command - A command to run after successful login.
- Key
Id - The identifier of the requested SSH certificate.
- Key
Passphrase - Passphrase for encrypting the private key.
- Key
Size - Number of bits to use when creating a key pair. (e.g.
3072). - Object
Name - The friendly name of the SSH certificate object. When not specified the
key_idis used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new certificate. - Principal
- [DEPRECATED] - (Optional, set of strings) Use "principals" instead. A list of usernames for whom the requested certificate will be valid.
- Principals
- A list of usernames for whom the requested certificate will be valid.
- Private
Key string - The private key for the SSH certificate if generated by Venafi.
- Public
Key - The OpenSSH formatted public key that will be used to generate the SSH certificate.
- Public
Key stringFingerprint - The SHA256 fingerprint of the SSH certificate's public key.
- Public
Key Method - Specifies whether the public key will be
local(default),fileorservicegenerated. - Serial string
- The serial number of the SSH certificate.
- Signing
Ca string - The SHA256 fingerprint of the CA that signed the SSH certificate.
- Source
Addresses - A list of one or more valid IP or CIDR addresses that can use the SSH certificate.
- Template
- The SSH certificate issuing template.
- Valid
From string - The date the SSH certificate was issued.
- Valid
Hours - Desired number of hours for which the certificate will be valid.
- Valid
To string - The date the SSH certificate will expire.
- Windows
- Specifies whether the private key will use Windows/DOS style line breaks.
- Certificate string
- The issued SSH certificate.
- Certificate
Type string - Indicates whether the SSH certificate is for client or server authentication.
- Destination
Addresses - A list of one or more valid IP or CIDR destination hosts where the certificate will authenticate.
- Extensions
- A list of key-value pairs that contain certificate extensions from the CA
template for client certificates. Allowed values (case-sensitive):
permit-X11-forwarding,permit-agent-forwarding,permit-port-forwarding,permit-pty,permit-user-rc. - Folder
- The DN of the policy folder where the SSH certificate object will be created.
- Force
Command - A command to run after successful login.
- Key
Id - The identifier of the requested SSH certificate.
- Key
Passphrase - Passphrase for encrypting the private key.
- Key
Size - Number of bits to use when creating a key pair. (e.g.
3072). - Object
Name - The friendly name of the SSH certificate object. When not specified the
key_idis used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new certificate. - Principal
- [DEPRECATED] - (Optional, set of strings) Use "principals" instead. A list of usernames for whom the requested certificate will be valid.
- Principals
- A list of usernames for whom the requested certificate will be valid.
- Private
Key string - The private key for the SSH certificate if generated by Venafi.
- Public
Key - The OpenSSH formatted public key that will be used to generate the SSH certificate.
- Public
Key stringFingerprint - The SHA256 fingerprint of the SSH certificate's public key.
- Public
Key Method - Specifies whether the public key will be
local(default),fileorservicegenerated. - Serial string
- The serial number of the SSH certificate.
- Signing
Ca string - The SHA256 fingerprint of the CA that signed the SSH certificate.
- Source
Addresses - A list of one or more valid IP or CIDR addresses that can use the SSH certificate.
- Template
- The SSH certificate issuing template.
- Valid
From string - The date the SSH certificate was issued.
- Valid
Hours - Desired number of hours for which the certificate will be valid.
- Valid
To string - The date the SSH certificate will expire.
- Windows
- Specifies whether the private key will use Windows/DOS style line breaks.
- certificate String
- The issued SSH certificate.
- certificate
Type String - Indicates whether the SSH certificate is for client or server authentication.
- destination
Addresses - A list of one or more valid IP or CIDR destination hosts where the certificate will authenticate.
- extensions
- A list of key-value pairs that contain certificate extensions from the CA
template for client certificates. Allowed values (case-sensitive):
permit-X11-forwarding,permit-agent-forwarding,permit-port-forwarding,permit-pty,permit-user-rc. - folder
- The DN of the policy folder where the SSH certificate object will be created.
- force
Command - A command to run after successful login.
- key
Id - The identifier of the requested SSH certificate.
- key
Passphrase - Passphrase for encrypting the private key.
- key
Size - Number of bits to use when creating a key pair. (e.g.
3072). - object
Name - The friendly name of the SSH certificate object. When not specified the
key_idis used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new certificate. - principal
- [DEPRECATED] - (Optional, set of strings) Use "principals" instead. A list of usernames for whom the requested certificate will be valid.
- principals
- A list of usernames for whom the requested certificate will be valid.
- private
Key String - The private key for the SSH certificate if generated by Venafi.
- public
Key - The OpenSSH formatted public key that will be used to generate the SSH certificate.
- public
Key StringFingerprint - The SHA256 fingerprint of the SSH certificate's public key.
- public
Key Method - Specifies whether the public key will be
local(default),fileorservicegenerated. - serial String
- The serial number of the SSH certificate.
- signing
Ca String - The SHA256 fingerprint of the CA that signed the SSH certificate.
- source
Addresses - A list of one or more valid IP or CIDR addresses that can use the SSH certificate.
- template
- The SSH certificate issuing template.
- valid
From String - The date the SSH certificate was issued.
- valid
Hours - Desired number of hours for which the certificate will be valid.
- valid
To String - The date the SSH certificate will expire.
- windows
- Specifies whether the private key will use Windows/DOS style line breaks.
- certificate string
- The issued SSH certificate.
- certificate
Type string - Indicates whether the SSH certificate is for client or server authentication.
- destination
Addresses - A list of one or more valid IP or CIDR destination hosts where the certificate will authenticate.
- extensions
- A list of key-value pairs that contain certificate extensions from the CA
template for client certificates. Allowed values (case-sensitive):
permit-X11-forwarding,permit-agent-forwarding,permit-port-forwarding,permit-pty,permit-user-rc. - folder
- The DN of the policy folder where the SSH certificate object will be created.
- force
Command - A command to run after successful login.
- key
Id - The identifier of the requested SSH certificate.
- key
Passphrase - Passphrase for encrypting the private key.
- key
Size - Number of bits to use when creating a key pair. (e.g.
3072). - object
Name - The friendly name of the SSH certificate object. When not specified the
key_idis used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new certificate. - principal
- [DEPRECATED] - (Optional, set of strings) Use "principals" instead. A list of usernames for whom the requested certificate will be valid.
- principals
- A list of usernames for whom the requested certificate will be valid.
- private
Key string - The private key for the SSH certificate if generated by Venafi.
- public
Key - The OpenSSH formatted public key that will be used to generate the SSH certificate.
- public
Key stringFingerprint - The SHA256 fingerprint of the SSH certificate's public key.
- public
Key Method - Specifies whether the public key will be
local(default),fileorservicegenerated. - serial string
- The serial number of the SSH certificate.
- signing
Ca string - The SHA256 fingerprint of the CA that signed the SSH certificate.
- source
Addresses - A list of one or more valid IP or CIDR addresses that can use the SSH certificate.
- template
- The SSH certificate issuing template.
- valid
From string - The date the SSH certificate was issued.
- valid
Hours - Desired number of hours for which the certificate will be valid.
- valid
To string - The date the SSH certificate will expire.
- windows
- Specifies whether the private key will use Windows/DOS style line breaks.
- certificate str
- The issued SSH certificate.
- certificate_
type str - Indicates whether the SSH certificate is for client or server authentication.
- destination_
addresses - A list of one or more valid IP or CIDR destination hosts where the certificate will authenticate.
- extensions
- A list of key-value pairs that contain certificate extensions from the CA
template for client certificates. Allowed values (case-sensitive):
permit-X11-forwarding,permit-agent-forwarding,permit-port-forwarding,permit-pty,permit-user-rc. - folder
- The DN of the policy folder where the SSH certificate object will be created.
- force_
command - A command to run after successful login.
- key_
id - The identifier of the requested SSH certificate.
- key_
passphrase - Passphrase for encrypting the private key.
- key_
size - Number of bits to use when creating a key pair. (e.g.
3072). - object_
name - The friendly name of the SSH certificate object. When not specified the
key_idis used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new certificate. - principal
- [DEPRECATED] - (Optional, set of strings) Use "principals" instead. A list of usernames for whom the requested certificate will be valid.
- principals
- A list of usernames for whom the requested certificate will be valid.
- private_
key str - The private key for the SSH certificate if generated by Venafi.
- public_
key - The OpenSSH formatted public key that will be used to generate the SSH certificate.
- public_
key_ strfingerprint - The SHA256 fingerprint of the SSH certificate's public key.
- public_
key_ method - Specifies whether the public key will be
local(default),fileorservicegenerated. - serial str
- The serial number of the SSH certificate.
- signing_
ca str - The SHA256 fingerprint of the CA that signed the SSH certificate.
- source_
addresses - A list of one or more valid IP or CIDR addresses that can use the SSH certificate.
- template
- The SSH certificate issuing template.
- valid_
from str - The date the SSH certificate was issued.
- valid_
hours - Desired number of hours for which the certificate will be valid.
- valid_
to str - The date the SSH certificate will expire.
- windows
- Specifies whether the private key will use Windows/DOS style line breaks.
- certificate String
- The issued SSH certificate.
- certificate
Type String - Indicates whether the SSH certificate is for client or server authentication.
- destination
Addresses - A list of one or more valid IP or CIDR destination hosts where the certificate will authenticate.
- extensions
- A list of key-value pairs that contain certificate extensions from the CA
template for client certificates. Allowed values (case-sensitive):
permit-X11-forwarding,permit-agent-forwarding,permit-port-forwarding,permit-pty,permit-user-rc. - folder
- The DN of the policy folder where the SSH certificate object will be created.
- force
Command - A command to run after successful login.
- key
Id - The identifier of the requested SSH certificate.
- key
Passphrase - Passphrase for encrypting the private key.
- key
Size - Number of bits to use when creating a key pair. (e.g.
3072). - object
Name - The friendly name of the SSH certificate object. When not specified the
key_idis used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new certificate. - principal
- [DEPRECATED] - (Optional, set of strings) Use "principals" instead. A list of usernames for whom the requested certificate will be valid.
- principals
- A list of usernames for whom the requested certificate will be valid.
- private
Key String - The private key for the SSH certificate if generated by Venafi.
- public
Key - The OpenSSH formatted public key that will be used to generate the SSH certificate.
- public
Key StringFingerprint - The SHA256 fingerprint of the SSH certificate's public key.
- public
Key Method - Specifies whether the public key will be
local(default),fileorservicegenerated. - serial String
- The serial number of the SSH certificate.
- signing
Ca String - The SHA256 fingerprint of the CA that signed the SSH certificate.
- source
Addresses - A list of one or more valid IP or CIDR addresses that can use the SSH certificate.
- template
- The SSH certificate issuing template.
- valid
From String - The date the SSH certificate was issued.
- valid
Hours - Desired number of hours for which the certificate will be valid.
- valid
To String - The date the SSH certificate will expire.
- windows
- Specifies whether the private key will use Windows/DOS style line breaks.
Package Details
- Repository
- Venafi pulumi/pulumi-venafi
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
venafiTerraform Provider.