Hey guys, are there any good examples out there for using the pulumi.tls package? The examples in the docs are very sparse. I'm basically looking to replicate this, but automate it with Pulumi. Any pointers would be appreciated

Just an example from me on using TLS:

selfSignedKey, err := tls.NewPrivateKey(ctx, "self-signed-key", &tls.PrivateKeyArgs{
		Algorithm: pulumi.String("RSA"),
		RsaBits:   <http://pulumi.Int|pulumi.Int>(2048),
	})
	if err != nil {
		return err
	}

	selfSignedCert, err := tls.NewSelfSignedCert(ctx, "self-signed-cert", &tls.SelfSignedCertArgs{
		Subjects: tls.SelfSignedCertSubjectArray{
			tls.SelfSignedCertSubjectArgs{CommonName: pulumi.String("cluster.local")},
		},
		KeyAlgorithm:        selfSignedKey.Algorithm,
		PrivateKeyPem:       selfSignedKey.PrivateKeyPem,
		IsCaCertificate:     pulumi.Bool(false),
		ValidityPeriodHours: <http://pulumi.Int|pulumi.Int>(24 * 365 * 10),
		AllowedUses:         pulumi.StringArray{},
	})
	if err != nil {
		return err
	}

Thanks! So I guess if set the IsCaCertificate = true, that will give me the CA certificate. And then I would use the tls.LocallySignedCert to create the server and client certificates (passing in the

selfSignedKey.PrivateKeyPem

and

selfSignedCert.CertPem

)?

I haven’t used LocallySignedCert, so not 100% sure

That makes sense, thanks so much for your help

No worries - I was also struggling to figure it out so thought I could share 🙂 If you do figure it out, it would be great to update the thread, so if someone else finds it in the future they get the answer.

Will definitely do that