java.lang.Object
- com.pulumi.resources.Resource
- - com.pulumi.resources.CustomResource
  - - com.pulumi.gcp.certificatemanager.Certificate

```
public class Certificate
extends com.pulumi.resources.CustomResource
```
Certificate represents a HTTP-reachable backend for a Certificate. > **Warning:** All arguments including the following potentially sensitive values will be stored in the raw state as plain text: `self_managed.certificate_pem`, `self_managed.private_key_pem`, `self_managed.pem_private_key`. Read more about sensitive data in state. ## Example Usage ### Certificate Manager Google Managed Certificate Dns ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.certificatemanager.DnsAuthorization; import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs; import com.pulumi.gcp.certificatemanager.Certificate; import com.pulumi.gcp.certificatemanager.CertificateArgs; import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder() .description("The default dnss") .domain("subdomain.hashicorptest.com") .build()); var instance2 = new DnsAuthorization("instance2", DnsAuthorizationArgs.builder() .description("The default dnss") .domain("subdomain2.hashicorptest.com") .build()); var default_ = new Certificate("default", CertificateArgs.builder() .description("The default cert") .scope("EDGE_CACHE") .managed(CertificateManagedArgs.builder() .domains( instance.domain(), instance2.domain()) .dnsAuthorizations( instance.id(), instance2.id()) .build()) .build()); } } ``` ### Certificate Manager Google Managed Certificate Issuance Config ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.certificateauthority.CaPool; import com.pulumi.gcp.certificateauthority.CaPoolArgs; import com.pulumi.gcp.certificateauthority.Authority; import com.pulumi.gcp.certificateauthority.AuthorityArgs; import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs; import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs; import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs; import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs; import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs; import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs; import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs; import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs; import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs; import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs; import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfig; import com.pulumi.gcp.certificatemanager.CertificateIssuanceConfigArgs; import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigArgs; import com.pulumi.gcp.certificatemanager.inputs.CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs; import com.pulumi.gcp.certificatemanager.Certificate; import com.pulumi.gcp.certificatemanager.CertificateArgs; import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var pool = new CaPool("pool", CaPoolArgs.builder() .location("us-central1") .tier("ENTERPRISE") .build()); var caAuthority = new Authority("caAuthority", AuthorityArgs.builder() .location("us-central1") .pool(pool.name()) .certificateAuthorityId("my-ca") .config(AuthorityConfigArgs.builder() .subjectConfig(AuthorityConfigSubjectConfigArgs.builder() .subject(AuthorityConfigSubjectConfigSubjectArgs.builder() .organization("HashiCorp") .commonName("my-certificate-authority") .build()) .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder() .dnsNames("hashicorp.com") .build()) .build()) .x509Config(AuthorityConfigX509ConfigArgs.builder() .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder() .isCa(true) .build()) .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder() .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder() .certSign(true) .crlSign(true) .build()) .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder() .serverAuth(true) .build()) .build()) .build()) .build()) .keySpec(AuthorityKeySpecArgs.builder() .algorithm("RSA_PKCS1_4096_SHA256") .build()) .deletionProtection(false) .skipGracePeriod(true) .ignoreActiveCertificatesOnDeletion(true) .build()); var issuanceconfig = new CertificateIssuanceConfig("issuanceconfig", CertificateIssuanceConfigArgs.builder() .description("sample description for the certificate issuanceConfigs") .certificateAuthorityConfig(CertificateIssuanceConfigCertificateAuthorityConfigArgs.builder() .certificateAuthorityServiceConfig(CertificateIssuanceConfigCertificateAuthorityConfigCertificateAuthorityServiceConfigArgs.builder() .caPool(pool.id()) .build()) .build()) .lifetime("1814400s") .rotationWindowPercentage(34) .keyAlgorithm("ECDSA_P256") .build(), CustomResourceOptions.builder() .dependsOn(caAuthority) .build()); var default_ = new Certificate("default", CertificateArgs.builder() .description("The default cert") .scope("EDGE_CACHE") .managed(CertificateManagedArgs.builder() .domains("terraform.subdomain1.com") .issuanceConfig(issuanceconfig.id()) .build()) .build()); } } ``` ### Certificate Manager Certificate Basic ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.certificatemanager.DnsAuthorization; import com.pulumi.gcp.certificatemanager.DnsAuthorizationArgs; import com.pulumi.gcp.certificatemanager.Certificate; import com.pulumi.gcp.certificatemanager.CertificateArgs; import com.pulumi.gcp.certificatemanager.inputs.CertificateManagedArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var instance = new DnsAuthorization("instance", DnsAuthorizationArgs.builder() .description("The default dnss") .domain("subdomain.hashicorptest.com") .build()); var instance2 = new DnsAuthorization("instance2", DnsAuthorizationArgs.builder() .description("The default dnss") .domain("subdomain2.hashicorptest.com") .build()); var default_ = new Certificate("default", CertificateArgs.builder() .description("Global cert") .scope("EDGE_CACHE") .managed(CertificateManagedArgs.builder() .domains( instance.domain(), instance2.domain()) .dnsAuthorizations( instance.id(), instance2.id()) .build()) .build()); } } ``` ### Certificate Manager Self Managed Certificate Regional ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.certificatemanager.Certificate; import com.pulumi.gcp.certificatemanager.CertificateArgs; import com.pulumi.gcp.certificatemanager.inputs.CertificateSelfManagedArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var default_ = new Certificate("default", CertificateArgs.builder() .description("Regional cert") .location("us-central1") .selfManaged(CertificateSelfManagedArgs.builder() .pemCertificate(Files.readString(Paths.get("test-fixtures/certificatemanager/cert.pem"))) .pemPrivateKey(Files.readString(Paths.get("test-fixtures/certificatemanager/private-key.pem"))) .build()) .build()); } } ``` ## Import Certificate can be imported using any of these accepted formats ```sh $ pulumi import gcp:certificatemanager/certificate:Certificate default projects/{{project}}/locations/{{location}}/certificates/{{name}} ``` ```sh $ pulumi import gcp:certificatemanager/certificate:Certificate default {{project}}/{{location}}/{{name}} ``` ```sh $ pulumi import gcp:certificatemanager/certificate:Certificate default {{location}}/{{name}} ```

Nested Class Summary
- Nested classes/interfaces inherited from class com.pulumi.resources.CustomResource
  com.pulumi.resources.CustomResource.CustomResourceInternal
- Nested classes/interfaces inherited from class com.pulumi.resources.Resource
  com.pulumi.resources.Resource.LazyField<T extends java.lang.Object>, com.pulumi.resources.Resource.LazyFields, com.pulumi.resources.Resource.ResourceInternal

Field Summary
- Fields inherited from class com.pulumi.resources.Resource
  childResources, remote

Constructor Summary

Constructors
Constructor	Description
`Certificate(java.lang.String name)`
`Certificate(java.lang.String name, CertificateArgs args)`
`Certificate(java.lang.String name, CertificateArgs args, com.pulumi.resources.CustomResourceOptions options)`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`com.pulumi.core.Output<java.util.Optional<java.lang.String>>`	`description()`
`static Certificate`	`get(java.lang.String name, com.pulumi.core.Output<java.lang.String> id, CertificateState state, com.pulumi.resources.CustomResourceOptions options)`	Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
`com.pulumi.core.Output<java.util.Optional<java.util.Map<java.lang.String,java.lang.String>>>`	`labels()`
`com.pulumi.core.Output<java.util.Optional<java.lang.String>>`	`location()`
`com.pulumi.core.Output<java.util.Optional<CertificateManaged>>`	`managed()`
`com.pulumi.core.Output<java.lang.String>`	`name()`
`com.pulumi.core.Output<java.lang.String>`	`project()`
`com.pulumi.core.Output<java.util.Optional<java.lang.String>>`	`scope()`
`com.pulumi.core.Output<java.util.Optional<CertificateSelfManaged>>`	`selfManaged()`

Methods inherited from class com.pulumi.resources.CustomResource
getId, idFuture

Methods inherited from class com.pulumi.resources.Resource
getChildResources, getResourceName, getResourceType, getUrn

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - Certificate
```
public Certificate(java.lang.String name)
```
    Parameters:
    
    name - The _unique_ name of the resulting resource.
  - Certificate
```
public Certificate(java.lang.String name,
                   @Nullable
                   CertificateArgs args)
```
    Parameters:
    
    name - The _unique_ name of the resulting resource.
    
    args - The arguments to use to populate this resource's properties.
  - Certificate
```
public Certificate(java.lang.String name,
                   @Nullable
                   CertificateArgs args,
                   @Nullable
                   com.pulumi.resources.CustomResourceOptions options)
```
    Parameters:
    
    name - The _unique_ name of the resulting resource.
    
    args - The arguments to use to populate this resource's properties.
    
    options - A bag of options that control this resource's behavior.
- Method Detail
  - description
```
public com.pulumi.core.Output<java.util.Optional<java.lang.String>> description()
```
    Returns:
    
    A human-readable description of the resource.
  - labels
```
public com.pulumi.core.Output<java.util.Optional<java.util.Map<java.lang.String,java.lang.String>>> labels()
```
    Returns:
    
    Set of label tags associated with the Certificate resource.
  - location
```
public com.pulumi.core.Output<java.util.Optional<java.lang.String>> location()
```
    Returns:
    
    The Certificate Manager location. If not specified, "global" is used.
  - managed
```
public com.pulumi.core.Output<java.util.Optional<CertificateManaged>> managed()
```
    Returns:
    
    Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so. Structure is documented below.
  - name
```
public com.pulumi.core.Output<java.lang.String> name()
```
    Returns:
    
    A user-defined name of the certificate. Certificate names must be unique The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. ***
  - project
```
public com.pulumi.core.Output<java.lang.String> project()
```
    Returns:
    
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
  - scope
```
public com.pulumi.core.Output<java.util.Optional<java.lang.String>> scope()
```
    Returns:
    
    The scope of the certificate. DEFAULT: Certificates with default scope are served from core Google data centers. If unsure, choose this option. EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers. Currently allowed only for managed certificates.
  - selfManaged
```
public com.pulumi.core.Output<java.util.Optional<CertificateSelfManaged>> selfManaged()
```
    Returns:
    
    Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility. Structure is documented below.
  - get
```
public static Certificate get(java.lang.String name,
                              com.pulumi.core.Output<java.lang.String> id,
                              @Nullable
                              CertificateState state,
                              @Nullable
                              com.pulumi.resources.CustomResourceOptions options)
```
    Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
    
    Parameters:
    
    name - The _unique_ name of the resulting resource.
    
    id - The _unique_ provider ID of the resource to lookup.
    
    state -
    
    options - Optional settings to control the behavior of the CustomResource.

Class Certificate

Nested Class Summary

Nested classes/interfaces inherited from class com.pulumi.resources.CustomResource

Nested classes/interfaces inherited from class com.pulumi.resources.Resource

Field Summary

Fields inherited from class com.pulumi.resources.Resource

Constructor Summary

Method Summary

Methods inherited from class com.pulumi.resources.CustomResource

Methods inherited from class com.pulumi.resources.Resource

Methods inherited from class java.lang.Object

Constructor Detail

Certificate

Certificate

Certificate

Method Detail

description

labels

location

managed

name

project

scope

selfManaged

get