Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
s
sticky-exabyte-94099
01/09/2022, 8:23 AMTo be able to use a wildcard certificate I need to go through the steps shown in the Azure portal on the image.
My question how do I add it to keyVault in Pulumi?
I got the following code when importing the cert
CertificateOrder = new CertificateOrder("mycert", new CertificateOrderArgs
{
AutoRenew = true,
KeySize = 2048,
Location = "global",
Name = "mycert",
ProductType = "WildCard",
ResourceGroupName ="myresourcegroup",
ValidityInYears = 1,
});var cert= new AzureNative.Web.Certificate("cert", new AzureNative.Web.CertificateArgs
{
KeyVaultId = KeyVault.Id,
...
}var exampleCertificate = new Azure.KeyVault.Certificate("exampleCertificate", new Azure.KeyVault.CertificateArgs
{
KeyVaultId = KeyVault.Id,
KeyVaultCertificate = new Azure.KeyVault.Inputs.CertificateCertificateArgs
{
Contents = "??", //what would go in here? CertificateOrder.?
Password = "??"
}
});var thereIsAKeyVaultConnection = CertificateOrder.Certificates.First().Apply(x => x.KeyVaultId);Just to try I did things manually in the UI and got a "application/x-pkcs12" secret into the keyVault. I then exported it with
pulumi import azure:keyvault/secret:Secret CertificateOrderSecret "<https://vault723aa5a.vault.azure.net/secrets/.../>..."pulumi config set mycert longvaluehere -secret@great-queen-39697 trather his one
g
great-queen-39697
01/10/2022, 10:18 PMSo there's a
keyvault(note that I'm in the native provider, not the classic one)
So, if I'm reading the API docs correctly, KeyVault is one of the Azure services: https://azure.microsoft.com/en-us/services/key-vault/. So you need KeyVault turned on in your Azure system (which is something you need to go through Azure's docs for: https://docs.microsoft.com/en-us/azure/key-vault/general/overview). And then you're using this API to work with the Vault itself: https://www.pulumi.com/registry/packages/azure-native/api-docs/keyvault/vault/.
👍 1
s
sticky-exabyte-94099
01/10/2022, 10:23 PMYes I want to be in the native stack I found out today. And Ill look at this tomorrow but now its almost 24:00 were I live so Ill get back to this tomorrow. I apreciate all your help!
g
great-queen-39697
01/10/2022, 10:26 PMNo worries! Feel free to leave me questions when you do get back on; async works for me.
g
green-intern-53931
01/13/2022, 5:07 PMHi @sticky-exabyte-94099 were you able to solve this? Please share. Thanks
I created a key vault resource following https://www.pulumi.com/registry/packages/azure-native/api-docs/keyvault/vault/ and passed the id to web.certificate but got this error
certificate (azure-native:web:Certificate)
error: autorest/azure: Service returned an error. Status=400 Code="BadRequest" Message="The parameter Properties.KeyVaultId has an invalid value." Details=[{"Message":"The parameter Properties.KeyVaultId has an invalid value."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","ExtendedCode":"51008","Message":"The parameter Properties.KeyVaultId has an invalid value.","MessageTemplate":"The parameter {0} has an invalid value.","Parameters":["Properties.KeyVaultId"]}}]g
great-queen-39697
01/13/2022, 5:19 PMHow are you getting the ID? Can you share a bit of code?
s
sticky-exabyte-94099
01/20/2022, 12:23 PM@green-intern-53931 hi sorry I had to postpone working on this since it was taking to much effort. But now I'm sitting down again and will try this all out again... when I have this working (or not) I´ll ping you here again
g
green-intern-53931
01/20/2022, 12:37 PMThanks @sticky-exabyte-94099
Hi @great-queen-39697 I get the Id from the key vault resource like this
keyVaultId: vault.idimport * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const certificate = new azure_native.web.Certificate("certificate", {
hostNames: ["ServerCert"],
location: "East US",
name: "testc6282",
password: "<password>",
resourceGroupName: "testrg123",
keyVaultId: vault.id;
});import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const vault = new azure_native.keyvault.Vault("vault", {
location: "westus",
properties: {
accessPolicies: [{
objectId: "00000000-0000-0000-0000-000000000000",
permissions: {
certificates: [
"get",
"list",
"delete",
"create",
"import",
"update",
"managecontacts",
"getissuers",
"listissuers",
"setissuers",
"deleteissuers",
"manageissuers",
"recover",
"purge",
],
keys: [
"encrypt",
"decrypt",
"wrapKey",
"unwrapKey",
"sign",
"verify",
"get",
"list",
"create",
"update",
"import",
"delete",
"backup",
"restore",
"recover",
"purge",
],
secrets: [
"get",
"list",
"set",
"delete",
"backup",
"restore",
"recover",
"purge",
],
},
tenantId: "00000000-0000-0000-0000-000000000000",
}],
enabledForDeployment: true,
enabledForDiskEncryption: true,
enabledForTemplateDeployment: true,
sku: {
family: "A",
name: "standard",
},
tenantId: "00000000-0000-0000-0000-000000000000",
},
resourceGroupName: "sample-resource-group",
vaultName: "sample-vault",
});