{"name":"tls","version":"5.3.0","description":"A Pulumi package to create TLS resources in Pulumi programs.","keywords":["pulumi","tls"],"homepage":"https://pulumi.io","license":"Apache-2.0","attribution":"This Pulumi package is based on the [`tls` Terraform Provider](https://github.com/hashicorp/terraform-provider-tls).","repository":"https://github.com/pulumi/pulumi-tls","meta":{"moduleFormat":"(.*)(?:/[^/]*)"},"language":{"csharp":{"packageReferences":{"Pulumi":"3.*"},"namespaces":{"tls":"Tls"},"compatibility":"tfbridge20","respectSchemaVersion":true},"go":{"importBasePath":"github.com/pulumi/pulumi-tls/sdk/v5/go/tls","generateResourceContainerTypes":true,"generateExtraInputTypes":true,"respectSchemaVersion":true},"nodejs":{"packageDescription":"A Pulumi package to create TLS resources in Pulumi programs.","readme":"\u003e This provider is a derived work of the [Terraform Provider](https://github.com/hashicorp/terraform-provider-tls)\n\u003e distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n\u003e first check the [`pulumi-tls` repo](https://github.com/pulumi/pulumi-tls/issues); however, if that doesn't turn up anything,\n\u003e please consult the source [`terraform-provider-tls` repo](https://github.com/hashicorp/terraform-provider-tls/issues).","devDependencies":{"@types/node":"^10.0.0"},"compatibility":"tfbridge20","disableUnionOutputTypes":true,"respectSchemaVersion":true},"python":{"readme":"\u003e This provider is a derived work of the [Terraform Provider](https://github.com/hashicorp/terraform-provider-tls)\n\u003e distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n\u003e first check the [`pulumi-tls` repo](https://github.com/pulumi/pulumi-tls/issues); however, if that doesn't turn up anything,\n\u003e please consult the source [`terraform-provider-tls` repo](https://github.com/hashicorp/terraform-provider-tls/issues).","compatibility":"tfbridge20","respectSchemaVersion":true,"pyproject":{"enabled":true}}},"config":{"variables":{"proxy":{"$ref":"#/types/tls:config/proxy:proxy","description":"Proxy used by resources and data sources that connect to external endpoints."}}},"types":{"tls:config/proxy:proxy":{"properties":{"fromEnv":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e the provider will discover the proxy configuration from environment variables. This is based upon [`http.ProxyFromEnvironment`](https://pkg.go.dev/net/http#ProxyFromEnvironment) and it supports the same environment variables (default: \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e).\n"},"password":{"type":"string","description":"Password used for Basic authentication against the Proxy.\n","secret":true},"url":{"type":"string","description":"URL used to connect to the Proxy. Accepted schemes are: \u003cspan pulumi-lang-nodejs=\"`http`\" pulumi-lang-dotnet=\"`Http`\" pulumi-lang-go=\"`http`\" pulumi-lang-python=\"`http`\" pulumi-lang-yaml=\"`http`\" pulumi-lang-java=\"`http`\"\u003e`http`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`https`\" pulumi-lang-dotnet=\"`Https`\" pulumi-lang-go=\"`https`\" pulumi-lang-python=\"`https`\" pulumi-lang-yaml=\"`https`\" pulumi-lang-java=\"`https`\"\u003e`https`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`socks5`\" pulumi-lang-dotnet=\"`Socks5`\" pulumi-lang-go=\"`socks5`\" pulumi-lang-python=\"`socks5`\" pulumi-lang-yaml=\"`socks5`\" pulumi-lang-java=\"`socks5`\"\u003e`socks5`\u003c/span\u003e.\n"},"username":{"type":"string","description":"Username (or Token) used for Basic authentication against the Proxy.\n"}},"type":"object"},"tls:index/CertRequestSubject:CertRequestSubject":{"properties":{"commonName":{"type":"string","description":"Distinguished name: `CN`\n"},"country":{"type":"string","description":"Distinguished name: `C`\n"},"emailAddress":{"type":"string","description":"ASN.1 Object Identifier (OID): `1.2.840.113549.1.9.1`\n"},"locality":{"type":"string","description":"Distinguished name: `L`\n"},"organization":{"type":"string","description":"Distinguished name: `O`\n"},"organizationalUnit":{"type":"string","description":"Distinguished name: `OU`\n"},"postalCode":{"type":"string","description":"Distinguished name: `PC`\n"},"province":{"type":"string","description":"Distinguished name: `ST`\n"},"serialNumber":{"type":"string","description":"Distinguished name: `SERIALNUMBER`\n"},"streetAddresses":{"type":"array","items":{"type":"string"},"description":"Distinguished name: `STREET`\n"}},"type":"object"},"tls:index/ProviderProxy:ProviderProxy":{"properties":{"fromEnv":{"type":"boolean","description":"When \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e the provider will discover the proxy configuration from environment variables. This is based upon [`http.ProxyFromEnvironment`](https://pkg.go.dev/net/http#ProxyFromEnvironment) and it supports the same environment variables (default: \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e).\n"},"password":{"type":"string","description":"Password used for Basic authentication against the Proxy.\n","secret":true},"url":{"type":"string","description":"URL used to connect to the Proxy. Accepted schemes are: \u003cspan pulumi-lang-nodejs=\"`http`\" pulumi-lang-dotnet=\"`Http`\" pulumi-lang-go=\"`http`\" pulumi-lang-python=\"`http`\" pulumi-lang-yaml=\"`http`\" pulumi-lang-java=\"`http`\"\u003e`http`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`https`\" pulumi-lang-dotnet=\"`Https`\" pulumi-lang-go=\"`https`\" pulumi-lang-python=\"`https`\" pulumi-lang-yaml=\"`https`\" pulumi-lang-java=\"`https`\"\u003e`https`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`socks5`\" pulumi-lang-dotnet=\"`Socks5`\" pulumi-lang-go=\"`socks5`\" pulumi-lang-python=\"`socks5`\" pulumi-lang-yaml=\"`socks5`\" pulumi-lang-java=\"`socks5`\"\u003e`socks5`\u003c/span\u003e.\n"},"username":{"type":"string","description":"Username (or Token) used for Basic authentication against the Proxy.\n"}},"type":"object"},"tls:index/SelfSignedCertSubject:SelfSignedCertSubject":{"properties":{"commonName":{"type":"string","description":"Distinguished name: `CN`\n"},"country":{"type":"string","description":"Distinguished name: `C`\n"},"emailAddress":{"type":"string","description":"ASN.1 Object Identifier (OID): `1.2.840.113549.1.9.1`\n"},"locality":{"type":"string","description":"Distinguished name: `L`\n"},"organization":{"type":"string","description":"Distinguished name: `O`\n"},"organizationalUnit":{"type":"string","description":"Distinguished name: `OU`\n"},"postalCode":{"type":"string","description":"Distinguished name: `PC`\n"},"province":{"type":"string","description":"Distinguished name: `ST`\n"},"serialNumber":{"type":"string","description":"Distinguished name: `SERIALNUMBER`\n"},"streetAddresses":{"type":"array","items":{"type":"string"},"description":"Distinguished name: `STREET`\n"}},"type":"object"},"tls:index/getCertificateCertificate:getCertificateCertificate":{"properties":{"certPem":{"type":"string","description":"Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n"},"isCa":{"type":"boolean","description":"\u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e if the certificate is of a CA (Certificate Authority).\n"},"issuer":{"type":"string","description":"Who verified and signed the certificate, roughly following [RFC2253](https://tools.ietf.org/html/rfc2253).\n"},"maxPathLength":{"type":"integer","description":"The maximum number of intermediate certificates that can follow this certificate in a valid certification path. If \u003cspan pulumi-lang-nodejs=\"`isCa`\" pulumi-lang-dotnet=\"`IsCa`\" pulumi-lang-go=\"`isCa`\" pulumi-lang-python=\"`is_ca`\" pulumi-lang-yaml=\"`isCa`\" pulumi-lang-java=\"`isCa`\"\u003e`is_ca`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this value is `-1`.\n"},"notAfter":{"type":"string","description":"The time until which the certificate is invalid, as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.\n"},"notBefore":{"type":"string","description":"The time after which the certificate is valid, as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.\n"},"publicKeyAlgorithm":{"type":"string","description":"The key algorithm used to create the certificate.\n"},"serialNumber":{"type":"string","description":"Number that uniquely identifies the certificate with the CA's system.\nThe \u003cspan pulumi-lang-nodejs=\"`format`\" pulumi-lang-dotnet=\"`Format`\" pulumi-lang-go=\"`format`\" pulumi-lang-python=\"`format`\" pulumi-lang-yaml=\"`format`\" pulumi-lang-java=\"`format`\"\u003e`format`\u003c/span\u003e function can be used to convert this *base 10* number into other bases, such as hex.\n"},"sha1Fingerprint":{"type":"string","description":"The SHA1 fingerprint of the public key of the certificate.\n"},"signatureAlgorithm":{"type":"string","description":"The algorithm used to sign the certificate.\n"},"subject":{"type":"string","description":"The entity the certificate belongs to, roughly following [RFC2253](https://tools.ietf.org/html/rfc2253).\n"},"version":{"type":"integer","description":"The version the certificate is in.\n"}},"type":"object","required":["certPem","isCa","issuer","maxPathLength","notAfter","notBefore","publicKeyAlgorithm","serialNumber","sha1Fingerprint","signatureAlgorithm","subject","version"],"language":{"nodejs":{"requiredInputs":[]}}}},"provider":{"description":"The provider type for the tls package. By default, resources use package-wide configuration\nsettings, however an explicit `Provider` instance may be created and passed during resource\nconstruction to achieve fine-grained programmatic control over provider settings. See the\n[documentation](https://www.pulumi.com/docs/reference/programming-model/#providers) for more information.\n","properties":{"proxy":{"$ref":"#/types/tls:index/ProviderProxy:ProviderProxy","description":"Proxy used by resources and data sources that connect to external endpoints."}},"inputProperties":{"proxy":{"$ref":"#/types/tls:index/ProviderProxy:ProviderProxy","description":"Proxy used by resources and data sources that connect to external endpoints."}},"methods":{"terraformConfig":"pulumi:providers:tls/terraformConfig"}},"resources":{"tls:index/certRequest:CertRequest":{"description":"## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as std from \"@pulumi/std\";\nimport * as tls from \"@pulumi/tls\";\n\nconst example = new tls.CertRequest(\"example\", {\n    privateKeyPem: std.file({\n        input: \"private_key.pem\",\n    }).then(invoke =\u003e invoke.result),\n    subject: {\n        commonName: \"example.com\",\n        organization: \"ACME Examples, Inc\",\n    },\n});\n```\n```python\nimport pulumi\nimport pulumi_std as std\nimport pulumi_tls as tls\n\nexample = tls.CertRequest(\"example\",\n    private_key_pem=std.file(input=\"private_key.pem\").result,\n    subject={\n        \"common_name\": \"example.com\",\n        \"organization\": \"ACME Examples, Inc\",\n    })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Std = Pulumi.Std;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var example = new Tls.CertRequest(\"example\", new()\n    {\n        PrivateKeyPem = Std.File.Invoke(new()\n        {\n            Input = \"private_key.pem\",\n        }).Apply(invoke =\u003e invoke.Result),\n        Subject = new Tls.Inputs.CertRequestSubjectArgs\n        {\n            CommonName = \"example.com\",\n            Organization = \"ACME Examples, Inc\",\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi-tls/sdk/v5/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"private_key.pem\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tls.NewCertRequest(ctx, \"example\", \u0026tls.CertRequestArgs{\n\t\t\tPrivateKeyPem: pulumi.String(invokeFile.Result),\n\t\t\tSubject: \u0026tls.CertRequestSubjectArgs{\n\t\t\t\tCommonName:   pulumi.String(\"example.com\"),\n\t\t\t\tOrganization: pulumi.String(\"ACME Examples, Inc\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.tls.CertRequest;\nimport com.pulumi.tls.CertRequestArgs;\nimport com.pulumi.tls.inputs.CertRequestSubjectArgs;\nimport com.pulumi.std.StdFunctions;\nimport com.pulumi.std.inputs.FileArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var example = new CertRequest(\"example\", CertRequestArgs.builder()\n            .privateKeyPem(StdFunctions.file(FileArgs.builder()\n                .input(\"private_key.pem\")\n                .build()).result())\n            .subject(CertRequestSubjectArgs.builder()\n                .commonName(\"example.com\")\n                .organization(\"ACME Examples, Inc\")\n                .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  example:\n    type: tls:CertRequest\n    properties:\n      privateKeyPem:\n        fn::invoke:\n          function: std:file\n          arguments:\n            input: private_key.pem\n          return: result\n      subject:\n        commonName: example.com\n        organization: ACME Examples, Inc\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","properties":{"certRequestPem":{"type":"string","description":"The certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n"},"dnsNames":{"type":"array","items":{"type":"string"},"description":"List of DNS names for which a certificate is being requested (i.e. certificate subjects).\n"},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"List of IP addresses for which a certificate is being requested (i.e. certificate subjects).\n"},"keyAlgorithm":{"type":"string","description":"Name of the algorithm used when generating the private key provided in \u003cspan pulumi-lang-nodejs=\"`privateKeyPem`\" pulumi-lang-dotnet=\"`PrivateKeyPem`\" pulumi-lang-go=\"`privateKeyPem`\" pulumi-lang-python=\"`private_key_pem`\" pulumi-lang-yaml=\"`privateKeyPem`\" pulumi-lang-java=\"`privateKeyPem`\"\u003e`private_key_pem`\u003c/span\u003e.\n"},"privateKeyPem":{"type":"string","description":"Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to. This can be read from a separate file using the \u003cspan pulumi-lang-nodejs=\"`file`\" pulumi-lang-dotnet=\"`File`\" pulumi-lang-go=\"`file`\" pulumi-lang-python=\"`file`\" pulumi-lang-yaml=\"`file`\" pulumi-lang-java=\"`file`\"\u003e`file`\u003c/span\u003e interpolation function.\n","secret":true},"subject":{"$ref":"#/types/tls:index/CertRequestSubject:CertRequestSubject","description":"The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.\n"},"uris":{"type":"array","items":{"type":"string"},"description":"List of URIs for which a certificate is being requested (i.e. certificate subjects).\n"}},"required":["certRequestPem","keyAlgorithm","privateKeyPem"],"inputProperties":{"dnsNames":{"type":"array","items":{"type":"string"},"description":"List of DNS names for which a certificate is being requested (i.e. certificate subjects).\n"},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"List of IP addresses for which a certificate is being requested (i.e. certificate subjects).\n"},"privateKeyPem":{"type":"string","description":"Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to. This can be read from a separate file using the \u003cspan pulumi-lang-nodejs=\"`file`\" pulumi-lang-dotnet=\"`File`\" pulumi-lang-go=\"`file`\" pulumi-lang-python=\"`file`\" pulumi-lang-yaml=\"`file`\" pulumi-lang-java=\"`file`\"\u003e`file`\u003c/span\u003e interpolation function.\n","secret":true},"subject":{"$ref":"#/types/tls:index/CertRequestSubject:CertRequestSubject","description":"The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.\n"},"uris":{"type":"array","items":{"type":"string"},"description":"List of URIs for which a certificate is being requested (i.e. certificate subjects).\n"}},"requiredInputs":["privateKeyPem"],"stateInputs":{"description":"Input properties used for looking up and filtering CertRequest resources.\n","properties":{"certRequestPem":{"type":"string","description":"The certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n"},"dnsNames":{"type":"array","items":{"type":"string"},"description":"List of DNS names for which a certificate is being requested (i.e. certificate subjects).\n"},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"List of IP addresses for which a certificate is being requested (i.e. certificate subjects).\n"},"keyAlgorithm":{"type":"string","description":"Name of the algorithm used when generating the private key provided in \u003cspan pulumi-lang-nodejs=\"`privateKeyPem`\" pulumi-lang-dotnet=\"`PrivateKeyPem`\" pulumi-lang-go=\"`privateKeyPem`\" pulumi-lang-python=\"`private_key_pem`\" pulumi-lang-yaml=\"`privateKeyPem`\" pulumi-lang-java=\"`privateKeyPem`\"\u003e`private_key_pem`\u003c/span\u003e.\n"},"privateKeyPem":{"type":"string","description":"Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to. This can be read from a separate file using the \u003cspan pulumi-lang-nodejs=\"`file`\" pulumi-lang-dotnet=\"`File`\" pulumi-lang-go=\"`file`\" pulumi-lang-python=\"`file`\" pulumi-lang-yaml=\"`file`\" pulumi-lang-java=\"`file`\"\u003e`file`\u003c/span\u003e interpolation function.\n","secret":true},"subject":{"$ref":"#/types/tls:index/CertRequestSubject:CertRequestSubject","description":"The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.\n"},"uris":{"type":"array","items":{"type":"string"},"description":"List of URIs for which a certificate is being requested (i.e. certificate subjects).\n"}},"type":"object"}},"tls:index/locallySignedCert:LocallySignedCert":{"properties":{"allowedUses":{"type":"array","items":{"type":"string"},"description":"List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: \u003cspan pulumi-lang-nodejs=\"`anyExtended`\" pulumi-lang-dotnet=\"`AnyExtended`\" pulumi-lang-go=\"`anyExtended`\" pulumi-lang-python=\"`any_extended`\" pulumi-lang-yaml=\"`anyExtended`\" pulumi-lang-java=\"`anyExtended`\"\u003e`any_extended`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`certSigning`\" pulumi-lang-dotnet=\"`CertSigning`\" pulumi-lang-go=\"`certSigning`\" pulumi-lang-python=\"`cert_signing`\" pulumi-lang-yaml=\"`certSigning`\" pulumi-lang-java=\"`certSigning`\"\u003e`cert_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`clientAuth`\" pulumi-lang-dotnet=\"`ClientAuth`\" pulumi-lang-go=\"`clientAuth`\" pulumi-lang-python=\"`client_auth`\" pulumi-lang-yaml=\"`clientAuth`\" pulumi-lang-java=\"`clientAuth`\"\u003e`client_auth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`codeSigning`\" pulumi-lang-dotnet=\"`CodeSigning`\" pulumi-lang-go=\"`codeSigning`\" pulumi-lang-python=\"`code_signing`\" pulumi-lang-yaml=\"`codeSigning`\" pulumi-lang-java=\"`codeSigning`\"\u003e`code_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`contentCommitment`\" pulumi-lang-dotnet=\"`ContentCommitment`\" pulumi-lang-go=\"`contentCommitment`\" pulumi-lang-python=\"`content_commitment`\" pulumi-lang-yaml=\"`contentCommitment`\" pulumi-lang-java=\"`contentCommitment`\"\u003e`content_commitment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`crlSigning`\" pulumi-lang-dotnet=\"`CrlSigning`\" pulumi-lang-go=\"`crlSigning`\" pulumi-lang-python=\"`crl_signing`\" pulumi-lang-yaml=\"`crlSigning`\" pulumi-lang-java=\"`crlSigning`\"\u003e`crl_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`dataEncipherment`\" pulumi-lang-dotnet=\"`DataEncipherment`\" pulumi-lang-go=\"`dataEncipherment`\" pulumi-lang-python=\"`data_encipherment`\" pulumi-lang-yaml=\"`dataEncipherment`\" pulumi-lang-java=\"`dataEncipherment`\"\u003e`data_encipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`decipherOnly`\" pulumi-lang-dotnet=\"`DecipherOnly`\" pulumi-lang-go=\"`decipherOnly`\" pulumi-lang-python=\"`decipher_only`\" pulumi-lang-yaml=\"`decipherOnly`\" pulumi-lang-java=\"`decipherOnly`\"\u003e`decipher_only`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`digitalSignature`\" pulumi-lang-dotnet=\"`DigitalSignature`\" pulumi-lang-go=\"`digitalSignature`\" pulumi-lang-python=\"`digital_signature`\" pulumi-lang-yaml=\"`digitalSignature`\" pulumi-lang-java=\"`digitalSignature`\"\u003e`digital_signature`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`emailProtection`\" pulumi-lang-dotnet=\"`EmailProtection`\" pulumi-lang-go=\"`emailProtection`\" pulumi-lang-python=\"`email_protection`\" pulumi-lang-yaml=\"`emailProtection`\" pulumi-lang-java=\"`emailProtection`\"\u003e`email_protection`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`encipherOnly`\" pulumi-lang-dotnet=\"`EncipherOnly`\" pulumi-lang-go=\"`encipherOnly`\" pulumi-lang-python=\"`encipher_only`\" pulumi-lang-yaml=\"`encipherOnly`\" pulumi-lang-java=\"`encipherOnly`\"\u003e`encipher_only`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecEndSystem`\" pulumi-lang-dotnet=\"`IpsecEndSystem`\" pulumi-lang-go=\"`ipsecEndSystem`\" pulumi-lang-python=\"`ipsec_end_system`\" pulumi-lang-yaml=\"`ipsecEndSystem`\" pulumi-lang-java=\"`ipsecEndSystem`\"\u003e`ipsec_end_system`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecTunnel`\" pulumi-lang-dotnet=\"`IpsecTunnel`\" pulumi-lang-go=\"`ipsecTunnel`\" pulumi-lang-python=\"`ipsec_tunnel`\" pulumi-lang-yaml=\"`ipsecTunnel`\" pulumi-lang-java=\"`ipsecTunnel`\"\u003e`ipsec_tunnel`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecUser`\" pulumi-lang-dotnet=\"`IpsecUser`\" pulumi-lang-go=\"`ipsecUser`\" pulumi-lang-python=\"`ipsec_user`\" pulumi-lang-yaml=\"`ipsecUser`\" pulumi-lang-java=\"`ipsecUser`\"\u003e`ipsec_user`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyAgreement`\" pulumi-lang-dotnet=\"`KeyAgreement`\" pulumi-lang-go=\"`keyAgreement`\" pulumi-lang-python=\"`key_agreement`\" pulumi-lang-yaml=\"`keyAgreement`\" pulumi-lang-java=\"`keyAgreement`\"\u003e`key_agreement`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyEncipherment`\" pulumi-lang-dotnet=\"`KeyEncipherment`\" pulumi-lang-go=\"`keyEncipherment`\" pulumi-lang-python=\"`key_encipherment`\" pulumi-lang-yaml=\"`keyEncipherment`\" pulumi-lang-java=\"`keyEncipherment`\"\u003e`key_encipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftCommercialCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftCommercialCodeSigning`\" pulumi-lang-go=\"`microsoftCommercialCodeSigning`\" pulumi-lang-python=\"`microsoft_commercial_code_signing`\" pulumi-lang-yaml=\"`microsoftCommercialCodeSigning`\" pulumi-lang-java=\"`microsoftCommercialCodeSigning`\"\u003e`microsoft_commercial_code_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftKernelCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftKernelCodeSigning`\" pulumi-lang-go=\"`microsoftKernelCodeSigning`\" pulumi-lang-python=\"`microsoft_kernel_code_signing`\" pulumi-lang-yaml=\"`microsoftKernelCodeSigning`\" pulumi-lang-java=\"`microsoftKernelCodeSigning`\"\u003e`microsoft_kernel_code_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftServerGatedCrypto`\" pulumi-lang-dotnet=\"`MicrosoftServerGatedCrypto`\" pulumi-lang-go=\"`microsoftServerGatedCrypto`\" pulumi-lang-python=\"`microsoft_server_gated_crypto`\" pulumi-lang-yaml=\"`microsoftServerGatedCrypto`\" pulumi-lang-java=\"`microsoftServerGatedCrypto`\"\u003e`microsoft_server_gated_crypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`netscapeServerGatedCrypto`\" pulumi-lang-dotnet=\"`NetscapeServerGatedCrypto`\" pulumi-lang-go=\"`netscapeServerGatedCrypto`\" pulumi-lang-python=\"`netscape_server_gated_crypto`\" pulumi-lang-yaml=\"`netscapeServerGatedCrypto`\" pulumi-lang-java=\"`netscapeServerGatedCrypto`\"\u003e`netscape_server_gated_crypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ocspSigning`\" pulumi-lang-dotnet=\"`OcspSigning`\" pulumi-lang-go=\"`ocspSigning`\" pulumi-lang-python=\"`ocsp_signing`\" pulumi-lang-yaml=\"`ocspSigning`\" pulumi-lang-java=\"`ocspSigning`\"\u003e`ocsp_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`serverAuth`\" pulumi-lang-dotnet=\"`ServerAuth`\" pulumi-lang-go=\"`serverAuth`\" pulumi-lang-python=\"`server_auth`\" pulumi-lang-yaml=\"`serverAuth`\" pulumi-lang-java=\"`serverAuth`\"\u003e`server_auth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`timestamping`\" pulumi-lang-dotnet=\"`Timestamping`\" pulumi-lang-go=\"`timestamping`\" pulumi-lang-python=\"`timestamping`\" pulumi-lang-yaml=\"`timestamping`\" pulumi-lang-java=\"`timestamping`\"\u003e`timestamping`\u003c/span\u003e.\n"},"caCertPem":{"type":"string","description":"Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n"},"caKeyAlgorithm":{"type":"string","description":"Name of the algorithm used when generating the private key provided in \u003cspan pulumi-lang-nodejs=\"`caPrivateKeyPem`\" pulumi-lang-dotnet=\"`CaPrivateKeyPem`\" pulumi-lang-go=\"`caPrivateKeyPem`\" pulumi-lang-python=\"`ca_private_key_pem`\" pulumi-lang-yaml=\"`caPrivateKeyPem`\" pulumi-lang-java=\"`caPrivateKeyPem`\"\u003e`ca_private_key_pem`\u003c/span\u003e.\n"},"caPrivateKeyPem":{"type":"string","description":"Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n","secret":true},"certPem":{"type":"string","description":"Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n"},"certRequestPem":{"type":"string","description":"Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n"},"earlyRenewalHours":{"type":"integer"},"isCaCertificate":{"type":"boolean","description":"Is the generated certificate representing a Certificate Authority (CA) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n"},"maxPathLength":{"type":"integer","description":"Maximum number of intermediate certificates that may follow this certificate in a valid certification path. If \u003cspan pulumi-lang-nodejs=\"`isCaCertificate`\" pulumi-lang-dotnet=\"`IsCaCertificate`\" pulumi-lang-go=\"`isCaCertificate`\" pulumi-lang-python=\"`is_ca_certificate`\" pulumi-lang-yaml=\"`isCaCertificate`\" pulumi-lang-java=\"`isCaCertificate`\"\u003e`is_ca_certificate`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this value is ignored.\n"},"readyForRenewal":{"type":"boolean","description":"Is the certificate either expired (i.e. beyond the \u003cspan pulumi-lang-nodejs=\"`validityPeriodHours`\" pulumi-lang-dotnet=\"`ValidityPeriodHours`\" pulumi-lang-go=\"`validityPeriodHours`\" pulumi-lang-python=\"`validity_period_hours`\" pulumi-lang-yaml=\"`validityPeriodHours`\" pulumi-lang-java=\"`validityPeriodHours`\"\u003e`validity_period_hours`\u003c/span\u003e) or ready for an early renewal (i.e. within the \u003cspan pulumi-lang-nodejs=\"`earlyRenewalHours`\" pulumi-lang-dotnet=\"`EarlyRenewalHours`\" pulumi-lang-go=\"`earlyRenewalHours`\" pulumi-lang-python=\"`early_renewal_hours`\" pulumi-lang-yaml=\"`earlyRenewalHours`\" pulumi-lang-java=\"`earlyRenewalHours`\"\u003e`early_renewal_hours`\u003c/span\u003e)?\n"},"setSubjectKeyId":{"type":"boolean","description":"Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n"},"validityEndTime":{"type":"string","description":"The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.\n"},"validityPeriodHours":{"type":"integer","description":"Number of hours, after initial issuing, that the certificate will remain valid for.\n"},"validityStartTime":{"type":"string","description":"The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.\n"}},"required":["allowedUses","caCertPem","caKeyAlgorithm","caPrivateKeyPem","certPem","certRequestPem","earlyRenewalHours","isCaCertificate","maxPathLength","readyForRenewal","setSubjectKeyId","validityEndTime","validityPeriodHours","validityStartTime"],"inputProperties":{"allowedUses":{"type":"array","items":{"type":"string"},"description":"List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: \u003cspan pulumi-lang-nodejs=\"`anyExtended`\" pulumi-lang-dotnet=\"`AnyExtended`\" pulumi-lang-go=\"`anyExtended`\" pulumi-lang-python=\"`any_extended`\" pulumi-lang-yaml=\"`anyExtended`\" pulumi-lang-java=\"`anyExtended`\"\u003e`any_extended`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`certSigning`\" pulumi-lang-dotnet=\"`CertSigning`\" pulumi-lang-go=\"`certSigning`\" pulumi-lang-python=\"`cert_signing`\" pulumi-lang-yaml=\"`certSigning`\" pulumi-lang-java=\"`certSigning`\"\u003e`cert_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`clientAuth`\" pulumi-lang-dotnet=\"`ClientAuth`\" pulumi-lang-go=\"`clientAuth`\" pulumi-lang-python=\"`client_auth`\" pulumi-lang-yaml=\"`clientAuth`\" pulumi-lang-java=\"`clientAuth`\"\u003e`client_auth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`codeSigning`\" pulumi-lang-dotnet=\"`CodeSigning`\" pulumi-lang-go=\"`codeSigning`\" pulumi-lang-python=\"`code_signing`\" pulumi-lang-yaml=\"`codeSigning`\" pulumi-lang-java=\"`codeSigning`\"\u003e`code_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`contentCommitment`\" pulumi-lang-dotnet=\"`ContentCommitment`\" pulumi-lang-go=\"`contentCommitment`\" pulumi-lang-python=\"`content_commitment`\" pulumi-lang-yaml=\"`contentCommitment`\" pulumi-lang-java=\"`contentCommitment`\"\u003e`content_commitment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`crlSigning`\" pulumi-lang-dotnet=\"`CrlSigning`\" pulumi-lang-go=\"`crlSigning`\" pulumi-lang-python=\"`crl_signing`\" pulumi-lang-yaml=\"`crlSigning`\" pulumi-lang-java=\"`crlSigning`\"\u003e`crl_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`dataEncipherment`\" pulumi-lang-dotnet=\"`DataEncipherment`\" pulumi-lang-go=\"`dataEncipherment`\" pulumi-lang-python=\"`data_encipherment`\" pulumi-lang-yaml=\"`dataEncipherment`\" pulumi-lang-java=\"`dataEncipherment`\"\u003e`data_encipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`decipherOnly`\" pulumi-lang-dotnet=\"`DecipherOnly`\" pulumi-lang-go=\"`decipherOnly`\" pulumi-lang-python=\"`decipher_only`\" pulumi-lang-yaml=\"`decipherOnly`\" pulumi-lang-java=\"`decipherOnly`\"\u003e`decipher_only`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`digitalSignature`\" pulumi-lang-dotnet=\"`DigitalSignature`\" pulumi-lang-go=\"`digitalSignature`\" pulumi-lang-python=\"`digital_signature`\" pulumi-lang-yaml=\"`digitalSignature`\" pulumi-lang-java=\"`digitalSignature`\"\u003e`digital_signature`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`emailProtection`\" pulumi-lang-dotnet=\"`EmailProtection`\" pulumi-lang-go=\"`emailProtection`\" pulumi-lang-python=\"`email_protection`\" pulumi-lang-yaml=\"`emailProtection`\" pulumi-lang-java=\"`emailProtection`\"\u003e`email_protection`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`encipherOnly`\" pulumi-lang-dotnet=\"`EncipherOnly`\" pulumi-lang-go=\"`encipherOnly`\" pulumi-lang-python=\"`encipher_only`\" pulumi-lang-yaml=\"`encipherOnly`\" pulumi-lang-java=\"`encipherOnly`\"\u003e`encipher_only`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecEndSystem`\" pulumi-lang-dotnet=\"`IpsecEndSystem`\" pulumi-lang-go=\"`ipsecEndSystem`\" pulumi-lang-python=\"`ipsec_end_system`\" pulumi-lang-yaml=\"`ipsecEndSystem`\" pulumi-lang-java=\"`ipsecEndSystem`\"\u003e`ipsec_end_system`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecTunnel`\" pulumi-lang-dotnet=\"`IpsecTunnel`\" pulumi-lang-go=\"`ipsecTunnel`\" pulumi-lang-python=\"`ipsec_tunnel`\" pulumi-lang-yaml=\"`ipsecTunnel`\" pulumi-lang-java=\"`ipsecTunnel`\"\u003e`ipsec_tunnel`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecUser`\" pulumi-lang-dotnet=\"`IpsecUser`\" pulumi-lang-go=\"`ipsecUser`\" pulumi-lang-python=\"`ipsec_user`\" pulumi-lang-yaml=\"`ipsecUser`\" pulumi-lang-java=\"`ipsecUser`\"\u003e`ipsec_user`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyAgreement`\" pulumi-lang-dotnet=\"`KeyAgreement`\" pulumi-lang-go=\"`keyAgreement`\" pulumi-lang-python=\"`key_agreement`\" pulumi-lang-yaml=\"`keyAgreement`\" pulumi-lang-java=\"`keyAgreement`\"\u003e`key_agreement`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyEncipherment`\" pulumi-lang-dotnet=\"`KeyEncipherment`\" pulumi-lang-go=\"`keyEncipherment`\" pulumi-lang-python=\"`key_encipherment`\" pulumi-lang-yaml=\"`keyEncipherment`\" pulumi-lang-java=\"`keyEncipherment`\"\u003e`key_encipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftCommercialCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftCommercialCodeSigning`\" pulumi-lang-go=\"`microsoftCommercialCodeSigning`\" pulumi-lang-python=\"`microsoft_commercial_code_signing`\" pulumi-lang-yaml=\"`microsoftCommercialCodeSigning`\" pulumi-lang-java=\"`microsoftCommercialCodeSigning`\"\u003e`microsoft_commercial_code_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftKernelCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftKernelCodeSigning`\" pulumi-lang-go=\"`microsoftKernelCodeSigning`\" pulumi-lang-python=\"`microsoft_kernel_code_signing`\" pulumi-lang-yaml=\"`microsoftKernelCodeSigning`\" pulumi-lang-java=\"`microsoftKernelCodeSigning`\"\u003e`microsoft_kernel_code_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftServerGatedCrypto`\" pulumi-lang-dotnet=\"`MicrosoftServerGatedCrypto`\" pulumi-lang-go=\"`microsoftServerGatedCrypto`\" pulumi-lang-python=\"`microsoft_server_gated_crypto`\" pulumi-lang-yaml=\"`microsoftServerGatedCrypto`\" pulumi-lang-java=\"`microsoftServerGatedCrypto`\"\u003e`microsoft_server_gated_crypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`netscapeServerGatedCrypto`\" pulumi-lang-dotnet=\"`NetscapeServerGatedCrypto`\" pulumi-lang-go=\"`netscapeServerGatedCrypto`\" pulumi-lang-python=\"`netscape_server_gated_crypto`\" pulumi-lang-yaml=\"`netscapeServerGatedCrypto`\" pulumi-lang-java=\"`netscapeServerGatedCrypto`\"\u003e`netscape_server_gated_crypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ocspSigning`\" pulumi-lang-dotnet=\"`OcspSigning`\" pulumi-lang-go=\"`ocspSigning`\" pulumi-lang-python=\"`ocsp_signing`\" pulumi-lang-yaml=\"`ocspSigning`\" pulumi-lang-java=\"`ocspSigning`\"\u003e`ocsp_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`serverAuth`\" pulumi-lang-dotnet=\"`ServerAuth`\" pulumi-lang-go=\"`serverAuth`\" pulumi-lang-python=\"`server_auth`\" pulumi-lang-yaml=\"`serverAuth`\" pulumi-lang-java=\"`serverAuth`\"\u003e`server_auth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`timestamping`\" pulumi-lang-dotnet=\"`Timestamping`\" pulumi-lang-go=\"`timestamping`\" pulumi-lang-python=\"`timestamping`\" pulumi-lang-yaml=\"`timestamping`\" pulumi-lang-java=\"`timestamping`\"\u003e`timestamping`\u003c/span\u003e.\n"},"caCertPem":{"type":"string","description":"Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n"},"caPrivateKeyPem":{"type":"string","description":"Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n","secret":true},"certRequestPem":{"type":"string","description":"Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n"},"earlyRenewalHours":{"type":"integer"},"isCaCertificate":{"type":"boolean","description":"Is the generated certificate representing a Certificate Authority (CA) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n"},"maxPathLength":{"type":"integer","description":"Maximum number of intermediate certificates that may follow this certificate in a valid certification path. If \u003cspan pulumi-lang-nodejs=\"`isCaCertificate`\" pulumi-lang-dotnet=\"`IsCaCertificate`\" pulumi-lang-go=\"`isCaCertificate`\" pulumi-lang-python=\"`is_ca_certificate`\" pulumi-lang-yaml=\"`isCaCertificate`\" pulumi-lang-java=\"`isCaCertificate`\"\u003e`is_ca_certificate`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this value is ignored.\n"},"setSubjectKeyId":{"type":"boolean","description":"Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n"},"validityPeriodHours":{"type":"integer","description":"Number of hours, after initial issuing, that the certificate will remain valid for.\n"}},"requiredInputs":["allowedUses","caCertPem","caPrivateKeyPem","certRequestPem","validityPeriodHours"],"stateInputs":{"description":"Input properties used for looking up and filtering LocallySignedCert resources.\n","properties":{"allowedUses":{"type":"array","items":{"type":"string"},"description":"List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: \u003cspan pulumi-lang-nodejs=\"`anyExtended`\" pulumi-lang-dotnet=\"`AnyExtended`\" pulumi-lang-go=\"`anyExtended`\" pulumi-lang-python=\"`any_extended`\" pulumi-lang-yaml=\"`anyExtended`\" pulumi-lang-java=\"`anyExtended`\"\u003e`any_extended`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`certSigning`\" pulumi-lang-dotnet=\"`CertSigning`\" pulumi-lang-go=\"`certSigning`\" pulumi-lang-python=\"`cert_signing`\" pulumi-lang-yaml=\"`certSigning`\" pulumi-lang-java=\"`certSigning`\"\u003e`cert_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`clientAuth`\" pulumi-lang-dotnet=\"`ClientAuth`\" pulumi-lang-go=\"`clientAuth`\" pulumi-lang-python=\"`client_auth`\" pulumi-lang-yaml=\"`clientAuth`\" pulumi-lang-java=\"`clientAuth`\"\u003e`client_auth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`codeSigning`\" pulumi-lang-dotnet=\"`CodeSigning`\" pulumi-lang-go=\"`codeSigning`\" pulumi-lang-python=\"`code_signing`\" pulumi-lang-yaml=\"`codeSigning`\" pulumi-lang-java=\"`codeSigning`\"\u003e`code_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`contentCommitment`\" pulumi-lang-dotnet=\"`ContentCommitment`\" pulumi-lang-go=\"`contentCommitment`\" pulumi-lang-python=\"`content_commitment`\" pulumi-lang-yaml=\"`contentCommitment`\" pulumi-lang-java=\"`contentCommitment`\"\u003e`content_commitment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`crlSigning`\" pulumi-lang-dotnet=\"`CrlSigning`\" pulumi-lang-go=\"`crlSigning`\" pulumi-lang-python=\"`crl_signing`\" pulumi-lang-yaml=\"`crlSigning`\" pulumi-lang-java=\"`crlSigning`\"\u003e`crl_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`dataEncipherment`\" pulumi-lang-dotnet=\"`DataEncipherment`\" pulumi-lang-go=\"`dataEncipherment`\" pulumi-lang-python=\"`data_encipherment`\" pulumi-lang-yaml=\"`dataEncipherment`\" pulumi-lang-java=\"`dataEncipherment`\"\u003e`data_encipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`decipherOnly`\" pulumi-lang-dotnet=\"`DecipherOnly`\" pulumi-lang-go=\"`decipherOnly`\" pulumi-lang-python=\"`decipher_only`\" pulumi-lang-yaml=\"`decipherOnly`\" pulumi-lang-java=\"`decipherOnly`\"\u003e`decipher_only`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`digitalSignature`\" pulumi-lang-dotnet=\"`DigitalSignature`\" pulumi-lang-go=\"`digitalSignature`\" pulumi-lang-python=\"`digital_signature`\" pulumi-lang-yaml=\"`digitalSignature`\" pulumi-lang-java=\"`digitalSignature`\"\u003e`digital_signature`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`emailProtection`\" pulumi-lang-dotnet=\"`EmailProtection`\" pulumi-lang-go=\"`emailProtection`\" pulumi-lang-python=\"`email_protection`\" pulumi-lang-yaml=\"`emailProtection`\" pulumi-lang-java=\"`emailProtection`\"\u003e`email_protection`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`encipherOnly`\" pulumi-lang-dotnet=\"`EncipherOnly`\" pulumi-lang-go=\"`encipherOnly`\" pulumi-lang-python=\"`encipher_only`\" pulumi-lang-yaml=\"`encipherOnly`\" pulumi-lang-java=\"`encipherOnly`\"\u003e`encipher_only`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecEndSystem`\" pulumi-lang-dotnet=\"`IpsecEndSystem`\" pulumi-lang-go=\"`ipsecEndSystem`\" pulumi-lang-python=\"`ipsec_end_system`\" pulumi-lang-yaml=\"`ipsecEndSystem`\" pulumi-lang-java=\"`ipsecEndSystem`\"\u003e`ipsec_end_system`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecTunnel`\" pulumi-lang-dotnet=\"`IpsecTunnel`\" pulumi-lang-go=\"`ipsecTunnel`\" pulumi-lang-python=\"`ipsec_tunnel`\" pulumi-lang-yaml=\"`ipsecTunnel`\" pulumi-lang-java=\"`ipsecTunnel`\"\u003e`ipsec_tunnel`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecUser`\" pulumi-lang-dotnet=\"`IpsecUser`\" pulumi-lang-go=\"`ipsecUser`\" pulumi-lang-python=\"`ipsec_user`\" pulumi-lang-yaml=\"`ipsecUser`\" pulumi-lang-java=\"`ipsecUser`\"\u003e`ipsec_user`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyAgreement`\" pulumi-lang-dotnet=\"`KeyAgreement`\" pulumi-lang-go=\"`keyAgreement`\" pulumi-lang-python=\"`key_agreement`\" pulumi-lang-yaml=\"`keyAgreement`\" pulumi-lang-java=\"`keyAgreement`\"\u003e`key_agreement`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyEncipherment`\" pulumi-lang-dotnet=\"`KeyEncipherment`\" pulumi-lang-go=\"`keyEncipherment`\" pulumi-lang-python=\"`key_encipherment`\" pulumi-lang-yaml=\"`keyEncipherment`\" pulumi-lang-java=\"`keyEncipherment`\"\u003e`key_encipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftCommercialCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftCommercialCodeSigning`\" pulumi-lang-go=\"`microsoftCommercialCodeSigning`\" pulumi-lang-python=\"`microsoft_commercial_code_signing`\" pulumi-lang-yaml=\"`microsoftCommercialCodeSigning`\" pulumi-lang-java=\"`microsoftCommercialCodeSigning`\"\u003e`microsoft_commercial_code_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftKernelCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftKernelCodeSigning`\" pulumi-lang-go=\"`microsoftKernelCodeSigning`\" pulumi-lang-python=\"`microsoft_kernel_code_signing`\" pulumi-lang-yaml=\"`microsoftKernelCodeSigning`\" pulumi-lang-java=\"`microsoftKernelCodeSigning`\"\u003e`microsoft_kernel_code_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftServerGatedCrypto`\" pulumi-lang-dotnet=\"`MicrosoftServerGatedCrypto`\" pulumi-lang-go=\"`microsoftServerGatedCrypto`\" pulumi-lang-python=\"`microsoft_server_gated_crypto`\" pulumi-lang-yaml=\"`microsoftServerGatedCrypto`\" pulumi-lang-java=\"`microsoftServerGatedCrypto`\"\u003e`microsoft_server_gated_crypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`netscapeServerGatedCrypto`\" pulumi-lang-dotnet=\"`NetscapeServerGatedCrypto`\" pulumi-lang-go=\"`netscapeServerGatedCrypto`\" pulumi-lang-python=\"`netscape_server_gated_crypto`\" pulumi-lang-yaml=\"`netscapeServerGatedCrypto`\" pulumi-lang-java=\"`netscapeServerGatedCrypto`\"\u003e`netscape_server_gated_crypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ocspSigning`\" pulumi-lang-dotnet=\"`OcspSigning`\" pulumi-lang-go=\"`ocspSigning`\" pulumi-lang-python=\"`ocsp_signing`\" pulumi-lang-yaml=\"`ocspSigning`\" pulumi-lang-java=\"`ocspSigning`\"\u003e`ocsp_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`serverAuth`\" pulumi-lang-dotnet=\"`ServerAuth`\" pulumi-lang-go=\"`serverAuth`\" pulumi-lang-python=\"`server_auth`\" pulumi-lang-yaml=\"`serverAuth`\" pulumi-lang-java=\"`serverAuth`\"\u003e`server_auth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`timestamping`\" pulumi-lang-dotnet=\"`Timestamping`\" pulumi-lang-go=\"`timestamping`\" pulumi-lang-python=\"`timestamping`\" pulumi-lang-yaml=\"`timestamping`\" pulumi-lang-java=\"`timestamping`\"\u003e`timestamping`\u003c/span\u003e.\n"},"caCertPem":{"type":"string","description":"Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n"},"caKeyAlgorithm":{"type":"string","description":"Name of the algorithm used when generating the private key provided in \u003cspan pulumi-lang-nodejs=\"`caPrivateKeyPem`\" pulumi-lang-dotnet=\"`CaPrivateKeyPem`\" pulumi-lang-go=\"`caPrivateKeyPem`\" pulumi-lang-python=\"`ca_private_key_pem`\" pulumi-lang-yaml=\"`caPrivateKeyPem`\" pulumi-lang-java=\"`caPrivateKeyPem`\"\u003e`ca_private_key_pem`\u003c/span\u003e.\n"},"caPrivateKeyPem":{"type":"string","description":"Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n","secret":true},"certPem":{"type":"string","description":"Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n"},"certRequestPem":{"type":"string","description":"Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n"},"earlyRenewalHours":{"type":"integer"},"isCaCertificate":{"type":"boolean","description":"Is the generated certificate representing a Certificate Authority (CA) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n"},"maxPathLength":{"type":"integer","description":"Maximum number of intermediate certificates that may follow this certificate in a valid certification path. If \u003cspan pulumi-lang-nodejs=\"`isCaCertificate`\" pulumi-lang-dotnet=\"`IsCaCertificate`\" pulumi-lang-go=\"`isCaCertificate`\" pulumi-lang-python=\"`is_ca_certificate`\" pulumi-lang-yaml=\"`isCaCertificate`\" pulumi-lang-java=\"`isCaCertificate`\"\u003e`is_ca_certificate`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this value is ignored.\n"},"readyForRenewal":{"type":"boolean","description":"Is the certificate either expired (i.e. beyond the \u003cspan pulumi-lang-nodejs=\"`validityPeriodHours`\" pulumi-lang-dotnet=\"`ValidityPeriodHours`\" pulumi-lang-go=\"`validityPeriodHours`\" pulumi-lang-python=\"`validity_period_hours`\" pulumi-lang-yaml=\"`validityPeriodHours`\" pulumi-lang-java=\"`validityPeriodHours`\"\u003e`validity_period_hours`\u003c/span\u003e) or ready for an early renewal (i.e. within the \u003cspan pulumi-lang-nodejs=\"`earlyRenewalHours`\" pulumi-lang-dotnet=\"`EarlyRenewalHours`\" pulumi-lang-go=\"`earlyRenewalHours`\" pulumi-lang-python=\"`early_renewal_hours`\" pulumi-lang-yaml=\"`earlyRenewalHours`\" pulumi-lang-java=\"`earlyRenewalHours`\"\u003e`early_renewal_hours`\u003c/span\u003e)?\n"},"setSubjectKeyId":{"type":"boolean","description":"Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n"},"validityEndTime":{"type":"string","description":"The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.\n"},"validityPeriodHours":{"type":"integer","description":"Number of hours, after initial issuing, that the certificate will remain valid for.\n"},"validityStartTime":{"type":"string","description":"The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.\n"}},"type":"object"}},"tls:index/privateKey:PrivateKey":{"properties":{"algorithm":{"type":"string","description":"Name of the algorithm to use when generating the private key. Currently-supported values are: `RSA`, `ECDSA`, `ED25519`.\n"},"ecdsaCurve":{"type":"string","description":"When \u003cspan pulumi-lang-nodejs=\"`algorithm`\" pulumi-lang-dotnet=\"`Algorithm`\" pulumi-lang-go=\"`algorithm`\" pulumi-lang-python=\"`algorithm`\" pulumi-lang-yaml=\"`algorithm`\" pulumi-lang-java=\"`algorithm`\"\u003e`algorithm`\u003c/span\u003e is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are: `P224`, `P256`, `P384`, `P521`. (default: `P224`).\n"},"privateKeyOpenssh":{"type":"string","description":"Private key data in [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) format.\n","secret":true},"privateKeyPem":{"type":"string","description":"Private key data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n","secret":true},"privateKeyPemPkcs8":{"type":"string","description":"Private key data in [PKCS#8 PEM (RFC 5208)](https://datatracker.ietf.org/doc/html/rfc5208) format.\n","secret":true},"publicKeyFingerprintMd5":{"type":"string","description":"The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. `aa:bb:cc:...`. Only available if the selected private key format is compatible, similarly to \u003cspan pulumi-lang-nodejs=\"`publicKeyOpenssh`\" pulumi-lang-dotnet=\"`PublicKeyOpenssh`\" pulumi-lang-go=\"`publicKeyOpenssh`\" pulumi-lang-python=\"`public_key_openssh`\" pulumi-lang-yaml=\"`publicKeyOpenssh`\" pulumi-lang-java=\"`publicKeyOpenssh`\"\u003e`public_key_openssh`\u003c/span\u003e and the ECDSA P224 limitations.\n"},"publicKeyFingerprintSha256":{"type":"string","description":"The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g. `SHA256:...`. Only available if the selected private key format is compatible, similarly to \u003cspan pulumi-lang-nodejs=\"`publicKeyOpenssh`\" pulumi-lang-dotnet=\"`PublicKeyOpenssh`\" pulumi-lang-go=\"`publicKeyOpenssh`\" pulumi-lang-python=\"`public_key_openssh`\" pulumi-lang-yaml=\"`publicKeyOpenssh`\" pulumi-lang-java=\"`publicKeyOpenssh`\"\u003e`public_key_openssh`\u003c/span\u003e and the ECDSA P224 limitations.\n"},"publicKeyOpenssh":{"type":"string","description":"The public key data in [\"Authorized Keys\"](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file) format. This is not populated for `ECDSA` with curve `P224`, as it is not supported. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n"},"publicKeyPem":{"type":"string","description":"Public key data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n"},"rsaBits":{"type":"integer","description":"When \u003cspan pulumi-lang-nodejs=\"`algorithm`\" pulumi-lang-dotnet=\"`Algorithm`\" pulumi-lang-go=\"`algorithm`\" pulumi-lang-python=\"`algorithm`\" pulumi-lang-yaml=\"`algorithm`\" pulumi-lang-java=\"`algorithm`\"\u003e`algorithm`\u003c/span\u003e is `RSA`, the size of the generated RSA key, in bits (default: \u003cspan pulumi-lang-nodejs=\"`2048`\" pulumi-lang-dotnet=\"`2048`\" pulumi-lang-go=\"`2048`\" pulumi-lang-python=\"`2048`\" pulumi-lang-yaml=\"`2048`\" pulumi-lang-java=\"`2048`\"\u003e`2048`\u003c/span\u003e).\n"}},"required":["algorithm","ecdsaCurve","privateKeyOpenssh","privateKeyPem","privateKeyPemPkcs8","publicKeyFingerprintMd5","publicKeyFingerprintSha256","publicKeyOpenssh","publicKeyPem","rsaBits"],"inputProperties":{"algorithm":{"type":"string","description":"Name of the algorithm to use when generating the private key. Currently-supported values are: `RSA`, `ECDSA`, `ED25519`.\n"},"ecdsaCurve":{"type":"string","description":"When \u003cspan pulumi-lang-nodejs=\"`algorithm`\" pulumi-lang-dotnet=\"`Algorithm`\" pulumi-lang-go=\"`algorithm`\" pulumi-lang-python=\"`algorithm`\" pulumi-lang-yaml=\"`algorithm`\" pulumi-lang-java=\"`algorithm`\"\u003e`algorithm`\u003c/span\u003e is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are: `P224`, `P256`, `P384`, `P521`. (default: `P224`).\n"},"rsaBits":{"type":"integer","description":"When \u003cspan pulumi-lang-nodejs=\"`algorithm`\" pulumi-lang-dotnet=\"`Algorithm`\" pulumi-lang-go=\"`algorithm`\" pulumi-lang-python=\"`algorithm`\" pulumi-lang-yaml=\"`algorithm`\" pulumi-lang-java=\"`algorithm`\"\u003e`algorithm`\u003c/span\u003e is `RSA`, the size of the generated RSA key, in bits (default: \u003cspan pulumi-lang-nodejs=\"`2048`\" pulumi-lang-dotnet=\"`2048`\" pulumi-lang-go=\"`2048`\" pulumi-lang-python=\"`2048`\" pulumi-lang-yaml=\"`2048`\" pulumi-lang-java=\"`2048`\"\u003e`2048`\u003c/span\u003e).\n"}},"requiredInputs":["algorithm"],"stateInputs":{"description":"Input properties used for looking up and filtering PrivateKey resources.\n","properties":{"algorithm":{"type":"string","description":"Name of the algorithm to use when generating the private key. Currently-supported values are: `RSA`, `ECDSA`, `ED25519`.\n"},"ecdsaCurve":{"type":"string","description":"When \u003cspan pulumi-lang-nodejs=\"`algorithm`\" pulumi-lang-dotnet=\"`Algorithm`\" pulumi-lang-go=\"`algorithm`\" pulumi-lang-python=\"`algorithm`\" pulumi-lang-yaml=\"`algorithm`\" pulumi-lang-java=\"`algorithm`\"\u003e`algorithm`\u003c/span\u003e is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are: `P224`, `P256`, `P384`, `P521`. (default: `P224`).\n"},"privateKeyOpenssh":{"type":"string","description":"Private key data in [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) format.\n","secret":true},"privateKeyPem":{"type":"string","description":"Private key data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.\n","secret":true},"privateKeyPemPkcs8":{"type":"string","description":"Private key data in [PKCS#8 PEM (RFC 5208)](https://datatracker.ietf.org/doc/html/rfc5208) format.\n","secret":true},"publicKeyFingerprintMd5":{"type":"string","description":"The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. `aa:bb:cc:...`. Only available if the selected private key format is compatible, similarly to \u003cspan pulumi-lang-nodejs=\"`publicKeyOpenssh`\" pulumi-lang-dotnet=\"`PublicKeyOpenssh`\" pulumi-lang-go=\"`publicKeyOpenssh`\" pulumi-lang-python=\"`public_key_openssh`\" pulumi-lang-yaml=\"`publicKeyOpenssh`\" pulumi-lang-java=\"`publicKeyOpenssh`\"\u003e`public_key_openssh`\u003c/span\u003e and the ECDSA P224 limitations.\n"},"publicKeyFingerprintSha256":{"type":"string","description":"The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g. `SHA256:...`. Only available if the selected private key format is compatible, similarly to \u003cspan pulumi-lang-nodejs=\"`publicKeyOpenssh`\" pulumi-lang-dotnet=\"`PublicKeyOpenssh`\" pulumi-lang-go=\"`publicKeyOpenssh`\" pulumi-lang-python=\"`public_key_openssh`\" pulumi-lang-yaml=\"`publicKeyOpenssh`\" pulumi-lang-java=\"`publicKeyOpenssh`\"\u003e`public_key_openssh`\u003c/span\u003e and the ECDSA P224 limitations.\n"},"publicKeyOpenssh":{"type":"string","description":"The public key data in [\"Authorized Keys\"](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file) format. This is not populated for `ECDSA` with curve `P224`, as it is not supported. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n"},"publicKeyPem":{"type":"string","description":"Public key data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n"},"rsaBits":{"type":"integer","description":"When \u003cspan pulumi-lang-nodejs=\"`algorithm`\" pulumi-lang-dotnet=\"`Algorithm`\" pulumi-lang-go=\"`algorithm`\" pulumi-lang-python=\"`algorithm`\" pulumi-lang-yaml=\"`algorithm`\" pulumi-lang-java=\"`algorithm`\"\u003e`algorithm`\u003c/span\u003e is `RSA`, the size of the generated RSA key, in bits (default: \u003cspan pulumi-lang-nodejs=\"`2048`\" pulumi-lang-dotnet=\"`2048`\" pulumi-lang-go=\"`2048`\" pulumi-lang-python=\"`2048`\" pulumi-lang-yaml=\"`2048`\" pulumi-lang-java=\"`2048`\"\u003e`2048`\u003c/span\u003e).\n"}},"type":"object"}},"tls:index/selfSignedCert:SelfSignedCert":{"properties":{"allowedUses":{"type":"array","items":{"type":"string"},"description":"List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: \u003cspan pulumi-lang-nodejs=\"`anyExtended`\" pulumi-lang-dotnet=\"`AnyExtended`\" pulumi-lang-go=\"`anyExtended`\" pulumi-lang-python=\"`any_extended`\" pulumi-lang-yaml=\"`anyExtended`\" pulumi-lang-java=\"`anyExtended`\"\u003e`any_extended`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`certSigning`\" pulumi-lang-dotnet=\"`CertSigning`\" pulumi-lang-go=\"`certSigning`\" pulumi-lang-python=\"`cert_signing`\" pulumi-lang-yaml=\"`certSigning`\" pulumi-lang-java=\"`certSigning`\"\u003e`cert_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`clientAuth`\" pulumi-lang-dotnet=\"`ClientAuth`\" pulumi-lang-go=\"`clientAuth`\" pulumi-lang-python=\"`client_auth`\" pulumi-lang-yaml=\"`clientAuth`\" pulumi-lang-java=\"`clientAuth`\"\u003e`client_auth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`codeSigning`\" pulumi-lang-dotnet=\"`CodeSigning`\" pulumi-lang-go=\"`codeSigning`\" pulumi-lang-python=\"`code_signing`\" pulumi-lang-yaml=\"`codeSigning`\" pulumi-lang-java=\"`codeSigning`\"\u003e`code_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`contentCommitment`\" pulumi-lang-dotnet=\"`ContentCommitment`\" pulumi-lang-go=\"`contentCommitment`\" pulumi-lang-python=\"`content_commitment`\" pulumi-lang-yaml=\"`contentCommitment`\" pulumi-lang-java=\"`contentCommitment`\"\u003e`content_commitment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`crlSigning`\" pulumi-lang-dotnet=\"`CrlSigning`\" pulumi-lang-go=\"`crlSigning`\" pulumi-lang-python=\"`crl_signing`\" pulumi-lang-yaml=\"`crlSigning`\" pulumi-lang-java=\"`crlSigning`\"\u003e`crl_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`dataEncipherment`\" pulumi-lang-dotnet=\"`DataEncipherment`\" pulumi-lang-go=\"`dataEncipherment`\" pulumi-lang-python=\"`data_encipherment`\" pulumi-lang-yaml=\"`dataEncipherment`\" pulumi-lang-java=\"`dataEncipherment`\"\u003e`data_encipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`decipherOnly`\" pulumi-lang-dotnet=\"`DecipherOnly`\" pulumi-lang-go=\"`decipherOnly`\" pulumi-lang-python=\"`decipher_only`\" pulumi-lang-yaml=\"`decipherOnly`\" pulumi-lang-java=\"`decipherOnly`\"\u003e`decipher_only`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`digitalSignature`\" pulumi-lang-dotnet=\"`DigitalSignature`\" pulumi-lang-go=\"`digitalSignature`\" pulumi-lang-python=\"`digital_signature`\" pulumi-lang-yaml=\"`digitalSignature`\" pulumi-lang-java=\"`digitalSignature`\"\u003e`digital_signature`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`emailProtection`\" pulumi-lang-dotnet=\"`EmailProtection`\" pulumi-lang-go=\"`emailProtection`\" pulumi-lang-python=\"`email_protection`\" pulumi-lang-yaml=\"`emailProtection`\" pulumi-lang-java=\"`emailProtection`\"\u003e`email_protection`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`encipherOnly`\" pulumi-lang-dotnet=\"`EncipherOnly`\" pulumi-lang-go=\"`encipherOnly`\" pulumi-lang-python=\"`encipher_only`\" pulumi-lang-yaml=\"`encipherOnly`\" pulumi-lang-java=\"`encipherOnly`\"\u003e`encipher_only`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecEndSystem`\" pulumi-lang-dotnet=\"`IpsecEndSystem`\" pulumi-lang-go=\"`ipsecEndSystem`\" pulumi-lang-python=\"`ipsec_end_system`\" pulumi-lang-yaml=\"`ipsecEndSystem`\" pulumi-lang-java=\"`ipsecEndSystem`\"\u003e`ipsec_end_system`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecTunnel`\" pulumi-lang-dotnet=\"`IpsecTunnel`\" pulumi-lang-go=\"`ipsecTunnel`\" pulumi-lang-python=\"`ipsec_tunnel`\" pulumi-lang-yaml=\"`ipsecTunnel`\" pulumi-lang-java=\"`ipsecTunnel`\"\u003e`ipsec_tunnel`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecUser`\" pulumi-lang-dotnet=\"`IpsecUser`\" pulumi-lang-go=\"`ipsecUser`\" pulumi-lang-python=\"`ipsec_user`\" pulumi-lang-yaml=\"`ipsecUser`\" pulumi-lang-java=\"`ipsecUser`\"\u003e`ipsec_user`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyAgreement`\" pulumi-lang-dotnet=\"`KeyAgreement`\" pulumi-lang-go=\"`keyAgreement`\" pulumi-lang-python=\"`key_agreement`\" pulumi-lang-yaml=\"`keyAgreement`\" pulumi-lang-java=\"`keyAgreement`\"\u003e`key_agreement`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyEncipherment`\" pulumi-lang-dotnet=\"`KeyEncipherment`\" pulumi-lang-go=\"`keyEncipherment`\" pulumi-lang-python=\"`key_encipherment`\" pulumi-lang-yaml=\"`keyEncipherment`\" pulumi-lang-java=\"`keyEncipherment`\"\u003e`key_encipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftCommercialCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftCommercialCodeSigning`\" pulumi-lang-go=\"`microsoftCommercialCodeSigning`\" pulumi-lang-python=\"`microsoft_commercial_code_signing`\" pulumi-lang-yaml=\"`microsoftCommercialCodeSigning`\" pulumi-lang-java=\"`microsoftCommercialCodeSigning`\"\u003e`microsoft_commercial_code_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftKernelCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftKernelCodeSigning`\" pulumi-lang-go=\"`microsoftKernelCodeSigning`\" pulumi-lang-python=\"`microsoft_kernel_code_signing`\" pulumi-lang-yaml=\"`microsoftKernelCodeSigning`\" pulumi-lang-java=\"`microsoftKernelCodeSigning`\"\u003e`microsoft_kernel_code_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftServerGatedCrypto`\" pulumi-lang-dotnet=\"`MicrosoftServerGatedCrypto`\" pulumi-lang-go=\"`microsoftServerGatedCrypto`\" pulumi-lang-python=\"`microsoft_server_gated_crypto`\" pulumi-lang-yaml=\"`microsoftServerGatedCrypto`\" pulumi-lang-java=\"`microsoftServerGatedCrypto`\"\u003e`microsoft_server_gated_crypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`netscapeServerGatedCrypto`\" pulumi-lang-dotnet=\"`NetscapeServerGatedCrypto`\" pulumi-lang-go=\"`netscapeServerGatedCrypto`\" pulumi-lang-python=\"`netscape_server_gated_crypto`\" pulumi-lang-yaml=\"`netscapeServerGatedCrypto`\" pulumi-lang-java=\"`netscapeServerGatedCrypto`\"\u003e`netscape_server_gated_crypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ocspSigning`\" pulumi-lang-dotnet=\"`OcspSigning`\" pulumi-lang-go=\"`ocspSigning`\" pulumi-lang-python=\"`ocsp_signing`\" pulumi-lang-yaml=\"`ocspSigning`\" pulumi-lang-java=\"`ocspSigning`\"\u003e`ocsp_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`serverAuth`\" pulumi-lang-dotnet=\"`ServerAuth`\" pulumi-lang-go=\"`serverAuth`\" pulumi-lang-python=\"`server_auth`\" pulumi-lang-yaml=\"`serverAuth`\" pulumi-lang-java=\"`serverAuth`\"\u003e`server_auth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`timestamping`\" pulumi-lang-dotnet=\"`Timestamping`\" pulumi-lang-go=\"`timestamping`\" pulumi-lang-python=\"`timestamping`\" pulumi-lang-yaml=\"`timestamping`\" pulumi-lang-java=\"`timestamping`\"\u003e`timestamping`\u003c/span\u003e.\n"},"certPem":{"type":"string","description":"Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n"},"dnsNames":{"type":"array","items":{"type":"string"},"description":"List of DNS names for which a certificate is being requested (i.e. certificate subjects).\n"},"earlyRenewalHours":{"type":"integer"},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"List of IP addresses for which a certificate is being requested (i.e. certificate subjects).\n"},"isCaCertificate":{"type":"boolean","description":"Is the generated certificate representing a Certificate Authority (CA) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n"},"keyAlgorithm":{"type":"string","description":"Name of the algorithm used when generating the private key provided in \u003cspan pulumi-lang-nodejs=\"`privateKeyPem`\" pulumi-lang-dotnet=\"`PrivateKeyPem`\" pulumi-lang-go=\"`privateKeyPem`\" pulumi-lang-python=\"`private_key_pem`\" pulumi-lang-yaml=\"`privateKeyPem`\" pulumi-lang-java=\"`privateKeyPem`\"\u003e`private_key_pem`\u003c/span\u003e.\n"},"maxPathLength":{"type":"integer","description":"Maximum number of intermediate certificates that may follow this certificate in a valid certification path. If \u003cspan pulumi-lang-nodejs=\"`isCaCertificate`\" pulumi-lang-dotnet=\"`IsCaCertificate`\" pulumi-lang-go=\"`isCaCertificate`\" pulumi-lang-python=\"`is_ca_certificate`\" pulumi-lang-yaml=\"`isCaCertificate`\" pulumi-lang-java=\"`isCaCertificate`\"\u003e`is_ca_certificate`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this value is ignored.\n"},"privateKeyPem":{"type":"string","description":"Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to.\n","secret":true},"readyForRenewal":{"type":"boolean","description":"Is the certificate either expired (i.e. beyond the \u003cspan pulumi-lang-nodejs=\"`validityPeriodHours`\" pulumi-lang-dotnet=\"`ValidityPeriodHours`\" pulumi-lang-go=\"`validityPeriodHours`\" pulumi-lang-python=\"`validity_period_hours`\" pulumi-lang-yaml=\"`validityPeriodHours`\" pulumi-lang-java=\"`validityPeriodHours`\"\u003e`validity_period_hours`\u003c/span\u003e) or ready for an early renewal (i.e. within the \u003cspan pulumi-lang-nodejs=\"`earlyRenewalHours`\" pulumi-lang-dotnet=\"`EarlyRenewalHours`\" pulumi-lang-go=\"`earlyRenewalHours`\" pulumi-lang-python=\"`early_renewal_hours`\" pulumi-lang-yaml=\"`earlyRenewalHours`\" pulumi-lang-java=\"`earlyRenewalHours`\"\u003e`early_renewal_hours`\u003c/span\u003e)?\n"},"setAuthorityKeyId":{"type":"boolean","description":"Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n"},"setSubjectKeyId":{"type":"boolean","description":"Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n"},"subject":{"$ref":"#/types/tls:index/SelfSignedCertSubject:SelfSignedCertSubject","description":"The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.\n"},"uris":{"type":"array","items":{"type":"string"},"description":"List of URIs for which a certificate is being requested (i.e. certificate subjects).\n"},"validityEndTime":{"type":"string","description":"The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.\n"},"validityPeriodHours":{"type":"integer","description":"Number of hours, after initial issuing, that the certificate will remain valid for.\n"},"validityStartTime":{"type":"string","description":"The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.\n"}},"required":["allowedUses","certPem","earlyRenewalHours","isCaCertificate","keyAlgorithm","maxPathLength","privateKeyPem","readyForRenewal","setAuthorityKeyId","setSubjectKeyId","validityEndTime","validityPeriodHours","validityStartTime"],"inputProperties":{"allowedUses":{"type":"array","items":{"type":"string"},"description":"List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: \u003cspan pulumi-lang-nodejs=\"`anyExtended`\" pulumi-lang-dotnet=\"`AnyExtended`\" pulumi-lang-go=\"`anyExtended`\" pulumi-lang-python=\"`any_extended`\" pulumi-lang-yaml=\"`anyExtended`\" pulumi-lang-java=\"`anyExtended`\"\u003e`any_extended`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`certSigning`\" pulumi-lang-dotnet=\"`CertSigning`\" pulumi-lang-go=\"`certSigning`\" pulumi-lang-python=\"`cert_signing`\" pulumi-lang-yaml=\"`certSigning`\" pulumi-lang-java=\"`certSigning`\"\u003e`cert_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`clientAuth`\" pulumi-lang-dotnet=\"`ClientAuth`\" pulumi-lang-go=\"`clientAuth`\" pulumi-lang-python=\"`client_auth`\" pulumi-lang-yaml=\"`clientAuth`\" pulumi-lang-java=\"`clientAuth`\"\u003e`client_auth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`codeSigning`\" pulumi-lang-dotnet=\"`CodeSigning`\" pulumi-lang-go=\"`codeSigning`\" pulumi-lang-python=\"`code_signing`\" pulumi-lang-yaml=\"`codeSigning`\" pulumi-lang-java=\"`codeSigning`\"\u003e`code_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`contentCommitment`\" pulumi-lang-dotnet=\"`ContentCommitment`\" pulumi-lang-go=\"`contentCommitment`\" pulumi-lang-python=\"`content_commitment`\" pulumi-lang-yaml=\"`contentCommitment`\" pulumi-lang-java=\"`contentCommitment`\"\u003e`content_commitment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`crlSigning`\" pulumi-lang-dotnet=\"`CrlSigning`\" pulumi-lang-go=\"`crlSigning`\" pulumi-lang-python=\"`crl_signing`\" pulumi-lang-yaml=\"`crlSigning`\" pulumi-lang-java=\"`crlSigning`\"\u003e`crl_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`dataEncipherment`\" pulumi-lang-dotnet=\"`DataEncipherment`\" pulumi-lang-go=\"`dataEncipherment`\" pulumi-lang-python=\"`data_encipherment`\" pulumi-lang-yaml=\"`dataEncipherment`\" pulumi-lang-java=\"`dataEncipherment`\"\u003e`data_encipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`decipherOnly`\" pulumi-lang-dotnet=\"`DecipherOnly`\" pulumi-lang-go=\"`decipherOnly`\" pulumi-lang-python=\"`decipher_only`\" pulumi-lang-yaml=\"`decipherOnly`\" pulumi-lang-java=\"`decipherOnly`\"\u003e`decipher_only`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`digitalSignature`\" pulumi-lang-dotnet=\"`DigitalSignature`\" pulumi-lang-go=\"`digitalSignature`\" pulumi-lang-python=\"`digital_signature`\" pulumi-lang-yaml=\"`digitalSignature`\" pulumi-lang-java=\"`digitalSignature`\"\u003e`digital_signature`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`emailProtection`\" pulumi-lang-dotnet=\"`EmailProtection`\" pulumi-lang-go=\"`emailProtection`\" pulumi-lang-python=\"`email_protection`\" pulumi-lang-yaml=\"`emailProtection`\" pulumi-lang-java=\"`emailProtection`\"\u003e`email_protection`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`encipherOnly`\" pulumi-lang-dotnet=\"`EncipherOnly`\" pulumi-lang-go=\"`encipherOnly`\" pulumi-lang-python=\"`encipher_only`\" pulumi-lang-yaml=\"`encipherOnly`\" pulumi-lang-java=\"`encipherOnly`\"\u003e`encipher_only`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecEndSystem`\" pulumi-lang-dotnet=\"`IpsecEndSystem`\" pulumi-lang-go=\"`ipsecEndSystem`\" pulumi-lang-python=\"`ipsec_end_system`\" pulumi-lang-yaml=\"`ipsecEndSystem`\" pulumi-lang-java=\"`ipsecEndSystem`\"\u003e`ipsec_end_system`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecTunnel`\" pulumi-lang-dotnet=\"`IpsecTunnel`\" pulumi-lang-go=\"`ipsecTunnel`\" pulumi-lang-python=\"`ipsec_tunnel`\" pulumi-lang-yaml=\"`ipsecTunnel`\" pulumi-lang-java=\"`ipsecTunnel`\"\u003e`ipsec_tunnel`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecUser`\" pulumi-lang-dotnet=\"`IpsecUser`\" pulumi-lang-go=\"`ipsecUser`\" pulumi-lang-python=\"`ipsec_user`\" pulumi-lang-yaml=\"`ipsecUser`\" pulumi-lang-java=\"`ipsecUser`\"\u003e`ipsec_user`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyAgreement`\" pulumi-lang-dotnet=\"`KeyAgreement`\" pulumi-lang-go=\"`keyAgreement`\" pulumi-lang-python=\"`key_agreement`\" pulumi-lang-yaml=\"`keyAgreement`\" pulumi-lang-java=\"`keyAgreement`\"\u003e`key_agreement`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyEncipherment`\" pulumi-lang-dotnet=\"`KeyEncipherment`\" pulumi-lang-go=\"`keyEncipherment`\" pulumi-lang-python=\"`key_encipherment`\" pulumi-lang-yaml=\"`keyEncipherment`\" pulumi-lang-java=\"`keyEncipherment`\"\u003e`key_encipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftCommercialCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftCommercialCodeSigning`\" pulumi-lang-go=\"`microsoftCommercialCodeSigning`\" pulumi-lang-python=\"`microsoft_commercial_code_signing`\" pulumi-lang-yaml=\"`microsoftCommercialCodeSigning`\" pulumi-lang-java=\"`microsoftCommercialCodeSigning`\"\u003e`microsoft_commercial_code_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftKernelCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftKernelCodeSigning`\" pulumi-lang-go=\"`microsoftKernelCodeSigning`\" pulumi-lang-python=\"`microsoft_kernel_code_signing`\" pulumi-lang-yaml=\"`microsoftKernelCodeSigning`\" pulumi-lang-java=\"`microsoftKernelCodeSigning`\"\u003e`microsoft_kernel_code_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftServerGatedCrypto`\" pulumi-lang-dotnet=\"`MicrosoftServerGatedCrypto`\" pulumi-lang-go=\"`microsoftServerGatedCrypto`\" pulumi-lang-python=\"`microsoft_server_gated_crypto`\" pulumi-lang-yaml=\"`microsoftServerGatedCrypto`\" pulumi-lang-java=\"`microsoftServerGatedCrypto`\"\u003e`microsoft_server_gated_crypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`netscapeServerGatedCrypto`\" pulumi-lang-dotnet=\"`NetscapeServerGatedCrypto`\" pulumi-lang-go=\"`netscapeServerGatedCrypto`\" pulumi-lang-python=\"`netscape_server_gated_crypto`\" pulumi-lang-yaml=\"`netscapeServerGatedCrypto`\" pulumi-lang-java=\"`netscapeServerGatedCrypto`\"\u003e`netscape_server_gated_crypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ocspSigning`\" pulumi-lang-dotnet=\"`OcspSigning`\" pulumi-lang-go=\"`ocspSigning`\" pulumi-lang-python=\"`ocsp_signing`\" pulumi-lang-yaml=\"`ocspSigning`\" pulumi-lang-java=\"`ocspSigning`\"\u003e`ocsp_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`serverAuth`\" pulumi-lang-dotnet=\"`ServerAuth`\" pulumi-lang-go=\"`serverAuth`\" pulumi-lang-python=\"`server_auth`\" pulumi-lang-yaml=\"`serverAuth`\" pulumi-lang-java=\"`serverAuth`\"\u003e`server_auth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`timestamping`\" pulumi-lang-dotnet=\"`Timestamping`\" pulumi-lang-go=\"`timestamping`\" pulumi-lang-python=\"`timestamping`\" pulumi-lang-yaml=\"`timestamping`\" pulumi-lang-java=\"`timestamping`\"\u003e`timestamping`\u003c/span\u003e.\n"},"dnsNames":{"type":"array","items":{"type":"string"},"description":"List of DNS names for which a certificate is being requested (i.e. certificate subjects).\n"},"earlyRenewalHours":{"type":"integer"},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"List of IP addresses for which a certificate is being requested (i.e. certificate subjects).\n"},"isCaCertificate":{"type":"boolean","description":"Is the generated certificate representing a Certificate Authority (CA) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n"},"maxPathLength":{"type":"integer","description":"Maximum number of intermediate certificates that may follow this certificate in a valid certification path. If \u003cspan pulumi-lang-nodejs=\"`isCaCertificate`\" pulumi-lang-dotnet=\"`IsCaCertificate`\" pulumi-lang-go=\"`isCaCertificate`\" pulumi-lang-python=\"`is_ca_certificate`\" pulumi-lang-yaml=\"`isCaCertificate`\" pulumi-lang-java=\"`isCaCertificate`\"\u003e`is_ca_certificate`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this value is ignored.\n"},"privateKeyPem":{"type":"string","description":"Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to.\n","secret":true},"setAuthorityKeyId":{"type":"boolean","description":"Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n"},"setSubjectKeyId":{"type":"boolean","description":"Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n"},"subject":{"$ref":"#/types/tls:index/SelfSignedCertSubject:SelfSignedCertSubject","description":"The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.\n"},"uris":{"type":"array","items":{"type":"string"},"description":"List of URIs for which a certificate is being requested (i.e. certificate subjects).\n"},"validityPeriodHours":{"type":"integer","description":"Number of hours, after initial issuing, that the certificate will remain valid for.\n"}},"requiredInputs":["allowedUses","privateKeyPem","validityPeriodHours"],"stateInputs":{"description":"Input properties used for looking up and filtering SelfSignedCert resources.\n","properties":{"allowedUses":{"type":"array","items":{"type":"string"},"description":"List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: \u003cspan pulumi-lang-nodejs=\"`anyExtended`\" pulumi-lang-dotnet=\"`AnyExtended`\" pulumi-lang-go=\"`anyExtended`\" pulumi-lang-python=\"`any_extended`\" pulumi-lang-yaml=\"`anyExtended`\" pulumi-lang-java=\"`anyExtended`\"\u003e`any_extended`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`certSigning`\" pulumi-lang-dotnet=\"`CertSigning`\" pulumi-lang-go=\"`certSigning`\" pulumi-lang-python=\"`cert_signing`\" pulumi-lang-yaml=\"`certSigning`\" pulumi-lang-java=\"`certSigning`\"\u003e`cert_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`clientAuth`\" pulumi-lang-dotnet=\"`ClientAuth`\" pulumi-lang-go=\"`clientAuth`\" pulumi-lang-python=\"`client_auth`\" pulumi-lang-yaml=\"`clientAuth`\" pulumi-lang-java=\"`clientAuth`\"\u003e`client_auth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`codeSigning`\" pulumi-lang-dotnet=\"`CodeSigning`\" pulumi-lang-go=\"`codeSigning`\" pulumi-lang-python=\"`code_signing`\" pulumi-lang-yaml=\"`codeSigning`\" pulumi-lang-java=\"`codeSigning`\"\u003e`code_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`contentCommitment`\" pulumi-lang-dotnet=\"`ContentCommitment`\" pulumi-lang-go=\"`contentCommitment`\" pulumi-lang-python=\"`content_commitment`\" pulumi-lang-yaml=\"`contentCommitment`\" pulumi-lang-java=\"`contentCommitment`\"\u003e`content_commitment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`crlSigning`\" pulumi-lang-dotnet=\"`CrlSigning`\" pulumi-lang-go=\"`crlSigning`\" pulumi-lang-python=\"`crl_signing`\" pulumi-lang-yaml=\"`crlSigning`\" pulumi-lang-java=\"`crlSigning`\"\u003e`crl_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`dataEncipherment`\" pulumi-lang-dotnet=\"`DataEncipherment`\" pulumi-lang-go=\"`dataEncipherment`\" pulumi-lang-python=\"`data_encipherment`\" pulumi-lang-yaml=\"`dataEncipherment`\" pulumi-lang-java=\"`dataEncipherment`\"\u003e`data_encipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`decipherOnly`\" pulumi-lang-dotnet=\"`DecipherOnly`\" pulumi-lang-go=\"`decipherOnly`\" pulumi-lang-python=\"`decipher_only`\" pulumi-lang-yaml=\"`decipherOnly`\" pulumi-lang-java=\"`decipherOnly`\"\u003e`decipher_only`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`digitalSignature`\" pulumi-lang-dotnet=\"`DigitalSignature`\" pulumi-lang-go=\"`digitalSignature`\" pulumi-lang-python=\"`digital_signature`\" pulumi-lang-yaml=\"`digitalSignature`\" pulumi-lang-java=\"`digitalSignature`\"\u003e`digital_signature`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`emailProtection`\" pulumi-lang-dotnet=\"`EmailProtection`\" pulumi-lang-go=\"`emailProtection`\" pulumi-lang-python=\"`email_protection`\" pulumi-lang-yaml=\"`emailProtection`\" pulumi-lang-java=\"`emailProtection`\"\u003e`email_protection`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`encipherOnly`\" pulumi-lang-dotnet=\"`EncipherOnly`\" pulumi-lang-go=\"`encipherOnly`\" pulumi-lang-python=\"`encipher_only`\" pulumi-lang-yaml=\"`encipherOnly`\" pulumi-lang-java=\"`encipherOnly`\"\u003e`encipher_only`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecEndSystem`\" pulumi-lang-dotnet=\"`IpsecEndSystem`\" pulumi-lang-go=\"`ipsecEndSystem`\" pulumi-lang-python=\"`ipsec_end_system`\" pulumi-lang-yaml=\"`ipsecEndSystem`\" pulumi-lang-java=\"`ipsecEndSystem`\"\u003e`ipsec_end_system`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecTunnel`\" pulumi-lang-dotnet=\"`IpsecTunnel`\" pulumi-lang-go=\"`ipsecTunnel`\" pulumi-lang-python=\"`ipsec_tunnel`\" pulumi-lang-yaml=\"`ipsecTunnel`\" pulumi-lang-java=\"`ipsecTunnel`\"\u003e`ipsec_tunnel`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ipsecUser`\" pulumi-lang-dotnet=\"`IpsecUser`\" pulumi-lang-go=\"`ipsecUser`\" pulumi-lang-python=\"`ipsec_user`\" pulumi-lang-yaml=\"`ipsecUser`\" pulumi-lang-java=\"`ipsecUser`\"\u003e`ipsec_user`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyAgreement`\" pulumi-lang-dotnet=\"`KeyAgreement`\" pulumi-lang-go=\"`keyAgreement`\" pulumi-lang-python=\"`key_agreement`\" pulumi-lang-yaml=\"`keyAgreement`\" pulumi-lang-java=\"`keyAgreement`\"\u003e`key_agreement`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`keyEncipherment`\" pulumi-lang-dotnet=\"`KeyEncipherment`\" pulumi-lang-go=\"`keyEncipherment`\" pulumi-lang-python=\"`key_encipherment`\" pulumi-lang-yaml=\"`keyEncipherment`\" pulumi-lang-java=\"`keyEncipherment`\"\u003e`key_encipherment`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftCommercialCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftCommercialCodeSigning`\" pulumi-lang-go=\"`microsoftCommercialCodeSigning`\" pulumi-lang-python=\"`microsoft_commercial_code_signing`\" pulumi-lang-yaml=\"`microsoftCommercialCodeSigning`\" pulumi-lang-java=\"`microsoftCommercialCodeSigning`\"\u003e`microsoft_commercial_code_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftKernelCodeSigning`\" pulumi-lang-dotnet=\"`MicrosoftKernelCodeSigning`\" pulumi-lang-go=\"`microsoftKernelCodeSigning`\" pulumi-lang-python=\"`microsoft_kernel_code_signing`\" pulumi-lang-yaml=\"`microsoftKernelCodeSigning`\" pulumi-lang-java=\"`microsoftKernelCodeSigning`\"\u003e`microsoft_kernel_code_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`microsoftServerGatedCrypto`\" pulumi-lang-dotnet=\"`MicrosoftServerGatedCrypto`\" pulumi-lang-go=\"`microsoftServerGatedCrypto`\" pulumi-lang-python=\"`microsoft_server_gated_crypto`\" pulumi-lang-yaml=\"`microsoftServerGatedCrypto`\" pulumi-lang-java=\"`microsoftServerGatedCrypto`\"\u003e`microsoft_server_gated_crypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`netscapeServerGatedCrypto`\" pulumi-lang-dotnet=\"`NetscapeServerGatedCrypto`\" pulumi-lang-go=\"`netscapeServerGatedCrypto`\" pulumi-lang-python=\"`netscape_server_gated_crypto`\" pulumi-lang-yaml=\"`netscapeServerGatedCrypto`\" pulumi-lang-java=\"`netscapeServerGatedCrypto`\"\u003e`netscape_server_gated_crypto`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`ocspSigning`\" pulumi-lang-dotnet=\"`OcspSigning`\" pulumi-lang-go=\"`ocspSigning`\" pulumi-lang-python=\"`ocsp_signing`\" pulumi-lang-yaml=\"`ocspSigning`\" pulumi-lang-java=\"`ocspSigning`\"\u003e`ocsp_signing`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`serverAuth`\" pulumi-lang-dotnet=\"`ServerAuth`\" pulumi-lang-go=\"`serverAuth`\" pulumi-lang-python=\"`server_auth`\" pulumi-lang-yaml=\"`serverAuth`\" pulumi-lang-java=\"`serverAuth`\"\u003e`server_auth`\u003c/span\u003e, \u003cspan pulumi-lang-nodejs=\"`timestamping`\" pulumi-lang-dotnet=\"`Timestamping`\" pulumi-lang-go=\"`timestamping`\" pulumi-lang-python=\"`timestamping`\" pulumi-lang-yaml=\"`timestamping`\" pulumi-lang-java=\"`timestamping`\"\u003e`timestamping`\u003c/span\u003e.\n"},"certPem":{"type":"string","description":"Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n"},"dnsNames":{"type":"array","items":{"type":"string"},"description":"List of DNS names for which a certificate is being requested (i.e. certificate subjects).\n"},"earlyRenewalHours":{"type":"integer"},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"List of IP addresses for which a certificate is being requested (i.e. certificate subjects).\n"},"isCaCertificate":{"type":"boolean","description":"Is the generated certificate representing a Certificate Authority (CA) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n"},"keyAlgorithm":{"type":"string","description":"Name of the algorithm used when generating the private key provided in \u003cspan pulumi-lang-nodejs=\"`privateKeyPem`\" pulumi-lang-dotnet=\"`PrivateKeyPem`\" pulumi-lang-go=\"`privateKeyPem`\" pulumi-lang-python=\"`private_key_pem`\" pulumi-lang-yaml=\"`privateKeyPem`\" pulumi-lang-java=\"`privateKeyPem`\"\u003e`private_key_pem`\u003c/span\u003e.\n"},"maxPathLength":{"type":"integer","description":"Maximum number of intermediate certificates that may follow this certificate in a valid certification path. If \u003cspan pulumi-lang-nodejs=\"`isCaCertificate`\" pulumi-lang-dotnet=\"`IsCaCertificate`\" pulumi-lang-go=\"`isCaCertificate`\" pulumi-lang-python=\"`is_ca_certificate`\" pulumi-lang-yaml=\"`isCaCertificate`\" pulumi-lang-java=\"`isCaCertificate`\"\u003e`is_ca_certificate`\u003c/span\u003e is \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e, this value is ignored.\n"},"privateKeyPem":{"type":"string","description":"Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to.\n","secret":true},"readyForRenewal":{"type":"boolean","description":"Is the certificate either expired (i.e. beyond the \u003cspan pulumi-lang-nodejs=\"`validityPeriodHours`\" pulumi-lang-dotnet=\"`ValidityPeriodHours`\" pulumi-lang-go=\"`validityPeriodHours`\" pulumi-lang-python=\"`validity_period_hours`\" pulumi-lang-yaml=\"`validityPeriodHours`\" pulumi-lang-java=\"`validityPeriodHours`\"\u003e`validity_period_hours`\u003c/span\u003e) or ready for an early renewal (i.e. within the \u003cspan pulumi-lang-nodejs=\"`earlyRenewalHours`\" pulumi-lang-dotnet=\"`EarlyRenewalHours`\" pulumi-lang-go=\"`earlyRenewalHours`\" pulumi-lang-python=\"`early_renewal_hours`\" pulumi-lang-yaml=\"`earlyRenewalHours`\" pulumi-lang-java=\"`earlyRenewalHours`\"\u003e`early_renewal_hours`\u003c/span\u003e)?\n"},"setAuthorityKeyId":{"type":"boolean","description":"Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n"},"setSubjectKeyId":{"type":"boolean","description":"Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: \u003cspan pulumi-lang-nodejs=\"`false`\" pulumi-lang-dotnet=\"`False`\" pulumi-lang-go=\"`false`\" pulumi-lang-python=\"`false`\" pulumi-lang-yaml=\"`false`\" pulumi-lang-java=\"`false`\"\u003e`false`\u003c/span\u003e).\n"},"subject":{"$ref":"#/types/tls:index/SelfSignedCertSubject:SelfSignedCertSubject","description":"The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.\n"},"uris":{"type":"array","items":{"type":"string"},"description":"List of URIs for which a certificate is being requested (i.e. certificate subjects).\n"},"validityEndTime":{"type":"string","description":"The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.\n"},"validityPeriodHours":{"type":"integer","description":"Number of hours, after initial issuing, that the certificate will remain valid for.\n"},"validityStartTime":{"type":"string","description":"The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.\n"}},"type":"object"}}},"functions":{"pulumi:providers:tls/terraformConfig":{"description":"This function returns a Terraform config object with terraform-namecased keys,to be used with the Terraform Module Provider.","inputs":{"properties":{"__self__":{"type":"ref","$ref":"#/provider"}},"type":"pulumi:providers:tls/terraformConfig","required":["__self__"]},"outputs":{"properties":{"result":{"additionalProperties":{"$ref":"pulumi.json#/Any"},"type":"object"}},"required":["result"],"type":"object"}},"tls:index/getCertificate:getCertificate":{"inputs":{"description":"A collection of arguments for invoking getCertificate.\n","properties":{"content":{"type":"string","description":"The content of the certificate in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. Cannot be used with \u003cspan pulumi-lang-nodejs=\"`url`\" pulumi-lang-dotnet=\"`Url`\" pulumi-lang-go=\"`url`\" pulumi-lang-python=\"`url`\" pulumi-lang-yaml=\"`url`\" pulumi-lang-java=\"`url`\"\u003e`url`\u003c/span\u003e.\n"},"url":{"type":"string","description":"The URL of the website to get the certificates from. Cannot be used with \u003cspan pulumi-lang-nodejs=\"`content`\" pulumi-lang-dotnet=\"`Content`\" pulumi-lang-go=\"`content`\" pulumi-lang-python=\"`content`\" pulumi-lang-yaml=\"`content`\" pulumi-lang-java=\"`content`\"\u003e`content`\u003c/span\u003e.\n"},"verifyChain":{"type":"boolean","description":"Whether to verify the certificate chain while parsing it or not (default: \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e). Cannot be used with \u003cspan pulumi-lang-nodejs=\"`content`\" pulumi-lang-dotnet=\"`Content`\" pulumi-lang-go=\"`content`\" pulumi-lang-python=\"`content`\" pulumi-lang-yaml=\"`content`\" pulumi-lang-java=\"`content`\"\u003e`content`\u003c/span\u003e.\n"}},"type":"object"},"outputs":{"description":"A collection of values returned by getCertificate.\n","properties":{"certificates":{"description":"The certificates protecting the site, with the root of the chain first.\n","items":{"$ref":"#/types/tls:index/getCertificateCertificate:getCertificateCertificate"},"type":"array"},"content":{"description":"The content of the certificate in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. Cannot be used with \u003cspan pulumi-lang-nodejs=\"`url`\" pulumi-lang-dotnet=\"`Url`\" pulumi-lang-go=\"`url`\" pulumi-lang-python=\"`url`\" pulumi-lang-yaml=\"`url`\" pulumi-lang-java=\"`url`\"\u003e`url`\u003c/span\u003e.\n","type":"string"},"id":{"description":"Unique identifier of this data source: hashing of the certificates in the chain.\n","type":"string"},"url":{"description":"The URL of the website to get the certificates from. Cannot be used with \u003cspan pulumi-lang-nodejs=\"`content`\" pulumi-lang-dotnet=\"`Content`\" pulumi-lang-go=\"`content`\" pulumi-lang-python=\"`content`\" pulumi-lang-yaml=\"`content`\" pulumi-lang-java=\"`content`\"\u003e`content`\u003c/span\u003e.\n","type":"string"},"verifyChain":{"description":"Whether to verify the certificate chain while parsing it or not (default: \u003cspan pulumi-lang-nodejs=\"`true`\" pulumi-lang-dotnet=\"`True`\" pulumi-lang-go=\"`true`\" pulumi-lang-python=\"`true`\" pulumi-lang-yaml=\"`true`\" pulumi-lang-java=\"`true`\"\u003e`true`\u003c/span\u003e). Cannot be used with \u003cspan pulumi-lang-nodejs=\"`content`\" pulumi-lang-dotnet=\"`Content`\" pulumi-lang-go=\"`content`\" pulumi-lang-python=\"`content`\" pulumi-lang-yaml=\"`content`\" pulumi-lang-java=\"`content`\"\u003e`content`\u003c/span\u003e.\n","type":"boolean"}},"required":["certificates","id"],"type":"object"}},"tls:index/getPublicKey:getPublicKey":{"description":"Get a public key from a PEM-encoded private key.\n\nUse this data source to get the public key from a [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) or [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) formatted private key, for use in other resources.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as std from \"@pulumi/std\";\nimport * as tls from \"@pulumi/tls\";\n\nconst ed25519_example = new tls.PrivateKey(\"ed25519-example\", {algorithm: \"ED25519\"});\n// Public key loaded from a terraform-generated private key, using the PEM (RFC 1421) format\nconst privateKeyPem_example = tls.getPublicKeyOutput({\n    privateKeyPem: ed25519_example.privateKeyPem,\n});\n// Public key loaded from filesystem, using the Open SSH (RFC 4716) format\nconst privateKeyOpenssh_example = std.file({\n    input: \"~/.ssh/id_rsa_rfc4716\",\n}).then(invoke =\u003e tls.getPublicKey({\n    privateKeyOpenssh: invoke.result,\n}));\n```\n```python\nimport pulumi\nimport pulumi_std as std\nimport pulumi_tls as tls\n\ned25519_example = tls.PrivateKey(\"ed25519-example\", algorithm=\"ED25519\")\n# Public key loaded from a terraform-generated private key, using the PEM (RFC 1421) format\nprivate_key_pem_example = tls.get_public_key_output(private_key_pem=ed25519_example.private_key_pem)\n# Public key loaded from filesystem, using the Open SSH (RFC 4716) format\nprivate_key_openssh_example = tls.get_public_key(private_key_openssh=std.file(input=\"~/.ssh/id_rsa_rfc4716\").result)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Std = Pulumi.Std;\nusing Tls = Pulumi.Tls;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n    var ed25519_example = new Tls.PrivateKey(\"ed25519-example\", new()\n    {\n        Algorithm = \"ED25519\",\n    });\n\n    // Public key loaded from a terraform-generated private key, using the PEM (RFC 1421) format\n    var privateKeyPem_example = Tls.GetPublicKey.Invoke(new()\n    {\n        PrivateKeyPem = ed25519_example.PrivateKeyPem,\n    });\n\n    // Public key loaded from filesystem, using the Open SSH (RFC 4716) format\n    var privateKeyOpenssh_example = Tls.GetPublicKey.Invoke(new()\n    {\n        PrivateKeyOpenssh = Std.File.Invoke(new()\n        {\n            Input = \"~/.ssh/id_rsa_rfc4716\",\n        }).Result,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi-tls/sdk/v5/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ted25519_example, err := tls.NewPrivateKey(ctx, \"ed25519-example\", \u0026tls.PrivateKeyArgs{\n\t\t\tAlgorithm: pulumi.String(\"ED25519\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Public key loaded from a terraform-generated private key, using the PEM (RFC 1421) format\n\t\t_ = tls.GetPublicKeyOutput(ctx, tls.GetPublicKeyOutputArgs{\n\t\t\tPrivateKeyPem: ed25519_example.PrivateKeyPem,\n\t\t}, nil)\n\t\t// Public key loaded from filesystem, using the Open SSH (RFC 4716) format\n\t\t_, err = tls.GetPublicKey(ctx, \u0026tls.GetPublicKeyArgs{\n\t\t\tPrivateKeyOpenssh: pulumi.StringRef(std.File(ctx, \u0026std.FileArgs{\n\t\t\t\tInput: \"~/.ssh/id_rsa_rfc4716\",\n\t\t\t}, nil).Result),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.tls.PrivateKey;\nimport com.pulumi.tls.PrivateKeyArgs;\nimport com.pulumi.tls.TlsFunctions;\nimport com.pulumi.tls.inputs.GetPublicKeyArgs;\nimport com.pulumi.std.StdFunctions;\nimport com.pulumi.std.inputs.FileArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var ed25519_example = new PrivateKey(\"ed25519-example\", PrivateKeyArgs.builder()\n            .algorithm(\"ED25519\")\n            .build());\n\n        // Public key loaded from a terraform-generated private key, using the PEM (RFC 1421) format\n        final var privateKeyPem-example = TlsFunctions.getPublicKey(GetPublicKeyArgs.builder()\n            .privateKeyPem(ed25519_example.privateKeyPem())\n            .build());\n\n        // Public key loaded from filesystem, using the Open SSH (RFC 4716) format\n        final var privateKeyOpenssh-example = TlsFunctions.getPublicKey(GetPublicKeyArgs.builder()\n            .privateKeyOpenssh(StdFunctions.file(FileArgs.builder()\n                .input(\"~/.ssh/id_rsa_rfc4716\")\n                .build()).result())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  ed25519-example:\n    type: tls:PrivateKey\n    properties:\n      algorithm: ED25519\nvariables:\n  # Public key loaded from a terraform-generated private key, using the PEM (RFC 1421) format\n  privateKeyPem-example:\n    fn::invoke:\n      function: tls:getPublicKey\n      arguments:\n        privateKeyPem: ${[\"ed25519-example\"].privateKeyPem}\n  # Public key loaded from filesystem, using the Open SSH (RFC 4716) format\n  privateKeyOpenssh-example:\n    fn::invoke:\n      function: tls:getPublicKey\n      arguments:\n        privateKeyOpenssh:\n          fn::invoke:\n            function: std:file\n            arguments:\n              input: ~/.ssh/id_rsa_rfc4716\n            return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n","inputs":{"description":"A collection of arguments for invoking getPublicKey.\n","properties":{"privateKeyOpenssh":{"type":"string","description":"The private key (in  [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) format) to extract the public key from. This is *mutually exclusive* with \u003cspan pulumi-lang-nodejs=\"`privateKeyPem`\" pulumi-lang-dotnet=\"`PrivateKeyPem`\" pulumi-lang-go=\"`privateKeyPem`\" pulumi-lang-python=\"`private_key_pem`\" pulumi-lang-yaml=\"`privateKeyPem`\" pulumi-lang-java=\"`privateKeyPem`\"\u003e`private_key_pem`\u003c/span\u003e. Currently-supported algorithms for keys are: `RSA`, `ECDSA`, `ED25519`.\n","secret":true},"privateKeyPem":{"type":"string","description":"The private key (in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format) to extract the public key from. This is *mutually exclusive* with \u003cspan pulumi-lang-nodejs=\"`privateKeyOpenssh`\" pulumi-lang-dotnet=\"`PrivateKeyOpenssh`\" pulumi-lang-go=\"`privateKeyOpenssh`\" pulumi-lang-python=\"`private_key_openssh`\" pulumi-lang-yaml=\"`privateKeyOpenssh`\" pulumi-lang-java=\"`privateKeyOpenssh`\"\u003e`private_key_openssh`\u003c/span\u003e. Currently-supported algorithms for keys are: `RSA`, `ECDSA`, `ED25519`.\n","secret":true}},"type":"object"},"outputs":{"description":"A collection of values returned by getPublicKey.\n","properties":{"algorithm":{"description":"The name of the algorithm used by the given private key. Possible values are: `RSA`, `ECDSA`, `ED25519`.\n","type":"string"},"id":{"description":"Unique identifier for this data source: hexadecimal representation of the SHA1 checksum of the data source.\n","type":"string"},"privateKeyOpenssh":{"description":"The private key (in  [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) format) to extract the public key from. This is *mutually exclusive* with \u003cspan pulumi-lang-nodejs=\"`privateKeyPem`\" pulumi-lang-dotnet=\"`PrivateKeyPem`\" pulumi-lang-go=\"`privateKeyPem`\" pulumi-lang-python=\"`private_key_pem`\" pulumi-lang-yaml=\"`privateKeyPem`\" pulumi-lang-java=\"`privateKeyPem`\"\u003e`private_key_pem`\u003c/span\u003e. Currently-supported algorithms for keys are: `RSA`, `ECDSA`, `ED25519`.\n","secret":true,"type":"string"},"privateKeyPem":{"description":"The private key (in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format) to extract the public key from. This is *mutually exclusive* with \u003cspan pulumi-lang-nodejs=\"`privateKeyOpenssh`\" pulumi-lang-dotnet=\"`PrivateKeyOpenssh`\" pulumi-lang-go=\"`privateKeyOpenssh`\" pulumi-lang-python=\"`private_key_openssh`\" pulumi-lang-yaml=\"`privateKeyOpenssh`\" pulumi-lang-java=\"`privateKeyOpenssh`\"\u003e`private_key_openssh`\u003c/span\u003e. Currently-supported algorithms for keys are: `RSA`, `ECDSA`, `ED25519`.\n","secret":true,"type":"string"},"publicKeyFingerprintMd5":{"description":"The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. `aa:bb:cc:...`. Only available if the selected private key format is compatible, as per the rules for \u003cspan pulumi-lang-nodejs=\"`publicKeyOpenssh`\" pulumi-lang-dotnet=\"`PublicKeyOpenssh`\" pulumi-lang-go=\"`publicKeyOpenssh`\" pulumi-lang-python=\"`public_key_openssh`\" pulumi-lang-yaml=\"`publicKeyOpenssh`\" pulumi-lang-java=\"`publicKeyOpenssh`\"\u003e`public_key_openssh`\u003c/span\u003e and ECDSA P224 limitations.\n","type":"string"},"publicKeyFingerprintSha256":{"description":"The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g. `SHA256:...`. Only available if the selected private key format is compatible, as per the rules for \u003cspan pulumi-lang-nodejs=\"`publicKeyOpenssh`\" pulumi-lang-dotnet=\"`PublicKeyOpenssh`\" pulumi-lang-go=\"`publicKeyOpenssh`\" pulumi-lang-python=\"`public_key_openssh`\" pulumi-lang-yaml=\"`publicKeyOpenssh`\" pulumi-lang-java=\"`publicKeyOpenssh`\"\u003e`public_key_openssh`\u003c/span\u003e and ECDSA P224 limitations.\n","type":"string"},"publicKeyOpenssh":{"description":"The public key, in  [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) format. This is also known as ['Authorized Keys'](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file) format. This is not populated for `ECDSA` with curve `P224`, as it is not supported. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n","type":"string"},"publicKeyPem":{"description":"The public key, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.\n","type":"string"}},"required":["algorithm","id","publicKeyFingerprintMd5","publicKeyFingerprintSha256","publicKeyOpenssh","publicKeyPem"],"type":"object"}}}}