Docs Home
We recommend using Azure Native.
Azure v6.21.0 published on Friday, Mar 7, 2025 by Pulumi
azure.keyvault.getCertificateData
Explore with Pulumi AI
Use this data source to access data stored in an existing Key Vault Certificate.
Note: This data source uses the
GetSecretfunction of the Azure API, to get the key of the certificate. Therefore you need secret/get permission
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = azure.keyvault.getKeyVault({
name: "examplekv",
resourceGroupName: "some-resource-group",
});
const exampleGetCertificateData = example.then(example => azure.keyvault.getCertificateData({
name: "secret-sauce",
keyVaultId: example.id,
}));
export const examplePem = exampleGetCertificateData.then(exampleGetCertificateData => exampleGetCertificateData.pem);
import pulumi
import pulumi_azure as azure
example = azure.keyvault.get_key_vault(name="examplekv",
resource_group_name="some-resource-group")
example_get_certificate_data = azure.keyvault.get_certificate_data(name="secret-sauce",
key_vault_id=example.id)
pulumi.export("examplePem", example_get_certificate_data.pem)
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := keyvault.LookupKeyVault(ctx, &keyvault.LookupKeyVaultArgs{
Name: "examplekv",
ResourceGroupName: "some-resource-group",
}, nil)
if err != nil {
return err
}
exampleGetCertificateData, err := keyvault.GetCertificateData(ctx, &keyvault.GetCertificateDataArgs{
Name: "secret-sauce",
KeyVaultId: example.Id,
}, nil)
if err != nil {
return err
}
ctx.Export("examplePem", exampleGetCertificateData.Pem)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = Azure.KeyVault.GetKeyVault.Invoke(new()
{
Name = "examplekv",
ResourceGroupName = "some-resource-group",
});
var exampleGetCertificateData = Azure.KeyVault.GetCertificateData.Invoke(new()
{
Name = "secret-sauce",
KeyVaultId = example.Apply(getKeyVaultResult => getKeyVaultResult.Id),
});
return new Dictionary<string, object?>
{
["examplePem"] = exampleGetCertificateData.Apply(getCertificateDataResult => getCertificateDataResult.Pem),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.keyvault.KeyvaultFunctions;
import com.pulumi.azure.keyvault.inputs.GetKeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.GetCertificateDataArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = KeyvaultFunctions.getKeyVault(GetKeyVaultArgs.builder()
.name("examplekv")
.resourceGroupName("some-resource-group")
.build());
final var exampleGetCertificateData = KeyvaultFunctions.getCertificateData(GetCertificateDataArgs.builder()
.name("secret-sauce")
.keyVaultId(example.applyValue(getKeyVaultResult -> getKeyVaultResult.id()))
.build());
ctx.export("examplePem", exampleGetCertificateData.applyValue(getCertificateDataResult -> getCertificateDataResult.pem()));
}
}
variables:
example:
fn::invoke:
function: azure:keyvault:getKeyVault
arguments:
name: examplekv
resourceGroupName: some-resource-group
exampleGetCertificateData:
fn::invoke:
function: azure:keyvault:getCertificateData
arguments:
name: secret-sauce
keyVaultId: ${example.id}
outputs:
examplePem: ${exampleGetCertificateData.pem}
Using getCertificateData
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getCertificateData(args: GetCertificateDataArgs, opts?: InvokeOptions): Promise<GetCertificateDataResult>
function getCertificateDataOutput(args: GetCertificateDataOutputArgs, opts?: InvokeOptions): Output<GetCertificateDataResult>def get_certificate_data(key_vault_id: Optional[str] = None,
name: Optional[str] = None,
version: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetCertificateDataResult
def get_certificate_data_output(key_vault_id: Optional[pulumi.Input[str]] = None,
name: Optional[pulumi.Input[str]] = None,
version: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetCertificateDataResult]func GetCertificateData(ctx *Context, args *GetCertificateDataArgs, opts ...InvokeOption) (*GetCertificateDataResult, error)
func GetCertificateDataOutput(ctx *Context, args *GetCertificateDataOutputArgs, opts ...InvokeOption) GetCertificateDataResultOutput> Note: This function is named GetCertificateData in the Go SDK.
public static class GetCertificateData
{
public static Task<GetCertificateDataResult> InvokeAsync(GetCertificateDataArgs args, InvokeOptions? opts = null)
public static Output<GetCertificateDataResult> Invoke(GetCertificateDataInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetCertificateDataResult> getCertificateData(GetCertificateDataArgs args, InvokeOptions options)
public static Output<GetCertificateDataResult> getCertificateData(GetCertificateDataArgs args, InvokeOptions options)
fn::invoke:
function: azure:keyvault/getCertificateData:getCertificateData
arguments:
# arguments dictionaryThe following arguments are supported:
- Key
Vault stringId - Specifies the ID of the Key Vault instance where the Secret resides, available on the
azure.keyvault.KeyVaultData Source / Resource. - Name string
- Specifies the name of the Key Vault Secret.
- Version string
Specifies the version of the certificate to look up. (Defaults to latest)
NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.
- Key
Vault stringId - Specifies the ID of the Key Vault instance where the Secret resides, available on the
azure.keyvault.KeyVaultData Source / Resource. - Name string
- Specifies the name of the Key Vault Secret.
- Version string
Specifies the version of the certificate to look up. (Defaults to latest)
NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.
- key
Vault StringId - Specifies the ID of the Key Vault instance where the Secret resides, available on the
azure.keyvault.KeyVaultData Source / Resource. - name String
- Specifies the name of the Key Vault Secret.
- version String
Specifies the version of the certificate to look up. (Defaults to latest)
NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.
- key
Vault stringId - Specifies the ID of the Key Vault instance where the Secret resides, available on the
azure.keyvault.KeyVaultData Source / Resource. - name string
- Specifies the name of the Key Vault Secret.
- version string
Specifies the version of the certificate to look up. (Defaults to latest)
NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.
- key_
vault_ strid - Specifies the ID of the Key Vault instance where the Secret resides, available on the
azure.keyvault.KeyVaultData Source / Resource. - name str
- Specifies the name of the Key Vault Secret.
- version str
Specifies the version of the certificate to look up. (Defaults to latest)
NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.
- key
Vault StringId - Specifies the ID of the Key Vault instance where the Secret resides, available on the
azure.keyvault.KeyVaultData Source / Resource. - name String
- Specifies the name of the Key Vault Secret.
- version String
Specifies the version of the certificate to look up. (Defaults to latest)
NOTE: The vault must be in the same subscription as the provider. If the vault is in another subscription, you must create an aliased provider for that subscription.
getCertificateData Result
The following output properties are available:
- Certificates
Count int - Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).
- Expires string
- Expiry date of certificate in RFC3339 format.
- Hex string
- The raw Key Vault Certificate data represented as a hexadecimal string.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key string
- The Key Vault Certificate Key.
- Key
Vault stringId - Name string
- Not
Before string - Not Before date of certificate in RFC3339 format.
- Pem string
- The Key Vault Certificate in PEM format.
- Dictionary<string, string>
- A mapping of tags to assign to the resource.
- Version string
- Certificates
Count int - Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).
- Expires string
- Expiry date of certificate in RFC3339 format.
- Hex string
- The raw Key Vault Certificate data represented as a hexadecimal string.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key string
- The Key Vault Certificate Key.
- Key
Vault stringId - Name string
- Not
Before string - Not Before date of certificate in RFC3339 format.
- Pem string
- The Key Vault Certificate in PEM format.
- map[string]string
- A mapping of tags to assign to the resource.
- Version string
- certificates
Count Integer - Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).
- expires String
- Expiry date of certificate in RFC3339 format.
- hex String
- The raw Key Vault Certificate data represented as a hexadecimal string.
- id String
- The provider-assigned unique ID for this managed resource.
- key String
- The Key Vault Certificate Key.
- key
Vault StringId - name String
- not
Before String - Not Before date of certificate in RFC3339 format.
- pem String
- The Key Vault Certificate in PEM format.
- Map<String,String>
- A mapping of tags to assign to the resource.
- version String
- certificates
Count number - Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).
- expires string
- Expiry date of certificate in RFC3339 format.
- hex string
- The raw Key Vault Certificate data represented as a hexadecimal string.
- id string
- The provider-assigned unique ID for this managed resource.
- key string
- The Key Vault Certificate Key.
- key
Vault stringId - name string
- not
Before string - Not Before date of certificate in RFC3339 format.
- pem string
- The Key Vault Certificate in PEM format.
- {[key: string]: string}
- A mapping of tags to assign to the resource.
- version string
- certificates_
count int - Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).
- expires str
- Expiry date of certificate in RFC3339 format.
- hex str
- The raw Key Vault Certificate data represented as a hexadecimal string.
- id str
- The provider-assigned unique ID for this managed resource.
- key str
- The Key Vault Certificate Key.
- key_
vault_ strid - name str
- not_
before str - Not Before date of certificate in RFC3339 format.
- pem str
- The Key Vault Certificate in PEM format.
- Mapping[str, str]
- A mapping of tags to assign to the resource.
- version str
- certificates
Count Number - Amount of certificates in the chain in case Key Vault Certificate is a bundle (e.g. has an intermediate certificate).
- expires String
- Expiry date of certificate in RFC3339 format.
- hex String
- The raw Key Vault Certificate data represented as a hexadecimal string.
- id String
- The provider-assigned unique ID for this managed resource.
- key String
- The Key Vault Certificate Key.
- key
Vault StringId - name String
- not
Before String - Not Before date of certificate in RFC3339 format.
- pem String
- The Key Vault Certificate in PEM format.
- Map<String>
- A mapping of tags to assign to the resource.
- version String
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.