@highstate/cert-manager 0.6.2 → 0.7.1

package/CHANGELOG.md

@@ -1,9 +1,8 @@
-# v0.4.5 (Wed Mar 12 2025)
+# v0.7.0 (Sat Mar 15 2025)
 
-#### ⚠️ Pushed to `main`
+#### 🚀 Enhancement
 
-- fix crd build ([@Exeteres](https://github.com/Exeteres))
-- fix ([@Exeteres](https://github.com/Exeteres))
+- feat: update app distribution mechanism ([@Exeteres](https://github.com/Exeteres))
 
 #### Authors: 1
 

package/bin/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@highstate/cert-manager",
-  "version": "0.6.1",
+  "version": "0.7.0",
   "keywords": [
     "pulumi",
     "kubernetes",
@@ -37,6 +37,6 @@
   "pulumi": {
     "resource": true,
     "name": "@highstate/cert-manager",
-    "version": "0.4.4"
+    "version": "0.6.1"
   }
 }

package/bin/types/input.d.ts

@@ -439,6 +439,10 @@ export declare namespace acme {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID?: pulumi.Input<string>;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID?: pulumi.Input<string>;
         }
         /**
          * Auth: Azure Workload Identity or Azure Managed Service Identity:
@@ -455,6 +459,10 @@ export declare namespace acme {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID?: pulumi.Input<string>;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID?: pulumi.Input<string>;
         }
         /**
          * Use the Microsoft Azure DNS API to manage DNS01 challenge records.
@@ -6513,7 +6521,7 @@ export declare namespace cert_manager {
              * Create enables JKS keystore creation for the Certificate.
              * If true, a file named `keystore.jks` will be created in the target
              * Secret resource, encrypted using the password stored in
-             * `passwordSecretRef`.
+             * `passwordSecretRef` or `password`.
              * The keystore file will be updated immediately.
              * If the issuer provided a CA certificate, a file named `truststore.jks`
              * will also be created in the target Secret resource, encrypted using the
@@ -6521,11 +6529,19 @@ export declare namespace cert_manager {
              * containing the issuing Certificate Authority
              */
             create?: pulumi.Input<boolean>;
+            /**
+             * Password provides a literal password used to encrypt the JKS keystore.
+             * Mutually exclusive with passwordSecretRef.
+             * One of password or passwordSecretRef must provide a password with a non-zero length.
+             */
+            password?: pulumi.Input<string>;
             passwordSecretRef?: pulumi.Input<inputs.cert_manager.v1.CertificateSpecKeystoresJksPasswordSecretRef>;
         }
         /**
-         * PasswordSecretRef is a reference to a key in a Secret resource
+         * PasswordSecretRef is a reference to a non-empty key in a Secret resource
          * containing the password used to encrypt the JKS keystore.
+         * Mutually exclusive with password.
+         * One of password or passwordSecretRef must provide a password with a non-zero length.
          */
         interface CertificateSpecKeystoresJksPasswordSecretRef {
             /**
@@ -6541,8 +6557,10 @@ export declare namespace cert_manager {
             name?: pulumi.Input<string>;
         }
         /**
-         * PasswordSecretRef is a reference to a key in a Secret resource
+         * PasswordSecretRef is a reference to a non-empty key in a Secret resource
          * containing the password used to encrypt the JKS keystore.
+         * Mutually exclusive with password.
+         * One of password or passwordSecretRef must provide a password with a non-zero length.
          */
         interface CertificateSpecKeystoresJksPasswordSecretRefPatch {
             /**
@@ -6571,7 +6589,7 @@ export declare namespace cert_manager {
              * Create enables JKS keystore creation for the Certificate.
              * If true, a file named `keystore.jks` will be created in the target
              * Secret resource, encrypted using the password stored in
-             * `passwordSecretRef`.
+             * `passwordSecretRef` or `password`.
              * The keystore file will be updated immediately.
              * If the issuer provided a CA certificate, a file named `truststore.jks`
              * will also be created in the target Secret resource, encrypted using the
@@ -6579,6 +6597,12 @@ export declare namespace cert_manager {
              * containing the issuing Certificate Authority
              */
             create?: pulumi.Input<boolean>;
+            /**
+             * Password provides a literal password used to encrypt the JKS keystore.
+             * Mutually exclusive with passwordSecretRef.
+             * One of password or passwordSecretRef must provide a password with a non-zero length.
+             */
+            password?: pulumi.Input<string>;
             passwordSecretRef?: pulumi.Input<inputs.cert_manager.v1.CertificateSpecKeystoresJksPasswordSecretRefPatch>;
         }
         /**
@@ -6597,7 +6621,7 @@ export declare namespace cert_manager {
              * Create enables PKCS12 keystore creation for the Certificate.
              * If true, a file named `keystore.p12` will be created in the target
              * Secret resource, encrypted using the password stored in
-             * `passwordSecretRef`.
+             * `passwordSecretRef` or in `password`.
              * The keystore file will be updated immediately.
              * If the issuer provided a CA certificate, a file named `truststore.p12` will
              * also be created in the target Secret resource, encrypted using the
@@ -6605,6 +6629,12 @@ export declare namespace cert_manager {
              * Authority
              */
             create?: pulumi.Input<boolean>;
+            /**
+             * Password provides a literal password used to encrypt the PKCS#12 keystore.
+             * Mutually exclusive with passwordSecretRef.
+             * One of password or passwordSecretRef must provide a password with a non-zero length.
+             */
+            password?: pulumi.Input<string>;
             passwordSecretRef?: pulumi.Input<inputs.cert_manager.v1.CertificateSpecKeystoresPkcs12PasswordSecretRef>;
             /**
              * Profile specifies the key and certificate encryption algorithms and the HMAC algorithm
@@ -6620,8 +6650,10 @@ export declare namespace cert_manager {
             profile?: pulumi.Input<string>;
         }
         /**
-         * PasswordSecretRef is a reference to a key in a Secret resource
-         * containing the password used to encrypt the PKCS12 keystore.
+         * PasswordSecretRef is a reference to a non-empty key in a Secret resource
+         * containing the password used to encrypt the PKCS#12 keystore.
+         * Mutually exclusive with password.
+         * One of password or passwordSecretRef must provide a password with a non-zero length.
          */
         interface CertificateSpecKeystoresPkcs12PasswordSecretRef {
             /**
@@ -6637,8 +6669,10 @@ export declare namespace cert_manager {
             name?: pulumi.Input<string>;
         }
         /**
-         * PasswordSecretRef is a reference to a key in a Secret resource
-         * containing the password used to encrypt the PKCS12 keystore.
+         * PasswordSecretRef is a reference to a non-empty key in a Secret resource
+         * containing the password used to encrypt the PKCS#12 keystore.
+         * Mutually exclusive with password.
+         * One of password or passwordSecretRef must provide a password with a non-zero length.
          */
         interface CertificateSpecKeystoresPkcs12PasswordSecretRefPatch {
             /**
@@ -6662,7 +6696,7 @@ export declare namespace cert_manager {
              * Create enables PKCS12 keystore creation for the Certificate.
              * If true, a file named `keystore.p12` will be created in the target
              * Secret resource, encrypted using the password stored in
-             * `passwordSecretRef`.
+             * `passwordSecretRef` or in `password`.
              * The keystore file will be updated immediately.
              * If the issuer provided a CA certificate, a file named `truststore.p12` will
              * also be created in the target Secret resource, encrypted using the
@@ -6670,6 +6704,12 @@ export declare namespace cert_manager {
              * Authority
              */
             create?: pulumi.Input<boolean>;
+            /**
+             * Password provides a literal password used to encrypt the PKCS#12 keystore.
+             * Mutually exclusive with passwordSecretRef.
+             * One of password or passwordSecretRef must provide a password with a non-zero length.
+             */
+            password?: pulumi.Input<string>;
             passwordSecretRef?: pulumi.Input<inputs.cert_manager.v1.CertificateSpecKeystoresPkcs12PasswordSecretRefPatch>;
             /**
              * Profile specifies the key and certificate encryption algorithms and the HMAC algorithm
@@ -7922,6 +7962,10 @@ export declare namespace cert_manager {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID?: pulumi.Input<string>;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID?: pulumi.Input<string>;
         }
         /**
          * Auth: Azure Workload Identity or Azure Managed Service Identity:
@@ -7938,6 +7982,10 @@ export declare namespace cert_manager {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID?: pulumi.Input<string>;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID?: pulumi.Input<string>;
         }
         /**
          * Use the Microsoft Azure DNS API to manage DNS01 challenge records.
@@ -14611,6 +14659,10 @@ export declare namespace cert_manager {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID?: pulumi.Input<string>;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID?: pulumi.Input<string>;
         }
         /**
          * Auth: Azure Workload Identity or Azure Managed Service Identity:
@@ -14627,6 +14679,10 @@ export declare namespace cert_manager {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID?: pulumi.Input<string>;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID?: pulumi.Input<string>;
         }
         /**
          * Use the Microsoft Azure DNS API to manage DNS01 challenge records.

package/bin/types/output.d.ts

@@ -438,6 +438,10 @@ export declare namespace acme {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID: string;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID: string;
         }
         /**
          * Auth: Azure Workload Identity or Azure Managed Service Identity:
@@ -454,6 +458,10 @@ export declare namespace acme {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID: string;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID: string;
         }
         /**
          * Use the Microsoft Azure DNS API to manage DNS01 challenge records.
@@ -6712,7 +6720,7 @@ export declare namespace cert_manager {
              * Create enables JKS keystore creation for the Certificate.
              * If true, a file named `keystore.jks` will be created in the target
              * Secret resource, encrypted using the password stored in
-             * `passwordSecretRef`.
+             * `passwordSecretRef` or `password`.
              * The keystore file will be updated immediately.
              * If the issuer provided a CA certificate, a file named `truststore.jks`
              * will also be created in the target Secret resource, encrypted using the
@@ -6720,11 +6728,19 @@ export declare namespace cert_manager {
              * containing the issuing Certificate Authority
              */
             create: boolean;
+            /**
+             * Password provides a literal password used to encrypt the JKS keystore.
+             * Mutually exclusive with passwordSecretRef.
+             * One of password or passwordSecretRef must provide a password with a non-zero length.
+             */
+            password: string;
             passwordSecretRef: outputs.cert_manager.v1.CertificateSpecKeystoresJksPasswordSecretRef;
         }
         /**
-         * PasswordSecretRef is a reference to a key in a Secret resource
+         * PasswordSecretRef is a reference to a non-empty key in a Secret resource
          * containing the password used to encrypt the JKS keystore.
+         * Mutually exclusive with password.
+         * One of password or passwordSecretRef must provide a password with a non-zero length.
          */
         interface CertificateSpecKeystoresJksPasswordSecretRef {
             /**
@@ -6740,8 +6756,10 @@ export declare namespace cert_manager {
             name: string;
         }
         /**
-         * PasswordSecretRef is a reference to a key in a Secret resource
+         * PasswordSecretRef is a reference to a non-empty key in a Secret resource
          * containing the password used to encrypt the JKS keystore.
+         * Mutually exclusive with password.
+         * One of password or passwordSecretRef must provide a password with a non-zero length.
          */
         interface CertificateSpecKeystoresJksPasswordSecretRefPatch {
             /**
@@ -6770,7 +6788,7 @@ export declare namespace cert_manager {
              * Create enables JKS keystore creation for the Certificate.
              * If true, a file named `keystore.jks` will be created in the target
              * Secret resource, encrypted using the password stored in
-             * `passwordSecretRef`.
+             * `passwordSecretRef` or `password`.
              * The keystore file will be updated immediately.
              * If the issuer provided a CA certificate, a file named `truststore.jks`
              * will also be created in the target Secret resource, encrypted using the
@@ -6778,6 +6796,12 @@ export declare namespace cert_manager {
              * containing the issuing Certificate Authority
              */
             create: boolean;
+            /**
+             * Password provides a literal password used to encrypt the JKS keystore.
+             * Mutually exclusive with passwordSecretRef.
+             * One of password or passwordSecretRef must provide a password with a non-zero length.
+             */
+            password: string;
             passwordSecretRef: outputs.cert_manager.v1.CertificateSpecKeystoresJksPasswordSecretRefPatch;
         }
         /**
@@ -6796,7 +6820,7 @@ export declare namespace cert_manager {
              * Create enables PKCS12 keystore creation for the Certificate.
              * If true, a file named `keystore.p12` will be created in the target
              * Secret resource, encrypted using the password stored in
-             * `passwordSecretRef`.
+             * `passwordSecretRef` or in `password`.
              * The keystore file will be updated immediately.
              * If the issuer provided a CA certificate, a file named `truststore.p12` will
              * also be created in the target Secret resource, encrypted using the
@@ -6804,6 +6828,12 @@ export declare namespace cert_manager {
              * Authority
              */
             create: boolean;
+            /**
+             * Password provides a literal password used to encrypt the PKCS#12 keystore.
+             * Mutually exclusive with passwordSecretRef.
+             * One of password or passwordSecretRef must provide a password with a non-zero length.
+             */
+            password: string;
             passwordSecretRef: outputs.cert_manager.v1.CertificateSpecKeystoresPkcs12PasswordSecretRef;
             /**
              * Profile specifies the key and certificate encryption algorithms and the HMAC algorithm
@@ -6819,8 +6849,10 @@ export declare namespace cert_manager {
             profile: string;
         }
         /**
-         * PasswordSecretRef is a reference to a key in a Secret resource
-         * containing the password used to encrypt the PKCS12 keystore.
+         * PasswordSecretRef is a reference to a non-empty key in a Secret resource
+         * containing the password used to encrypt the PKCS#12 keystore.
+         * Mutually exclusive with password.
+         * One of password or passwordSecretRef must provide a password with a non-zero length.
          */
         interface CertificateSpecKeystoresPkcs12PasswordSecretRef {
             /**
@@ -6836,8 +6868,10 @@ export declare namespace cert_manager {
             name: string;
         }
         /**
-         * PasswordSecretRef is a reference to a key in a Secret resource
-         * containing the password used to encrypt the PKCS12 keystore.
+         * PasswordSecretRef is a reference to a non-empty key in a Secret resource
+         * containing the password used to encrypt the PKCS#12 keystore.
+         * Mutually exclusive with password.
+         * One of password or passwordSecretRef must provide a password with a non-zero length.
          */
         interface CertificateSpecKeystoresPkcs12PasswordSecretRefPatch {
             /**
@@ -6861,7 +6895,7 @@ export declare namespace cert_manager {
              * Create enables PKCS12 keystore creation for the Certificate.
              * If true, a file named `keystore.p12` will be created in the target
              * Secret resource, encrypted using the password stored in
-             * `passwordSecretRef`.
+             * `passwordSecretRef` or in `password`.
              * The keystore file will be updated immediately.
              * If the issuer provided a CA certificate, a file named `truststore.p12` will
              * also be created in the target Secret resource, encrypted using the
@@ -6869,6 +6903,12 @@ export declare namespace cert_manager {
              * Authority
              */
             create: boolean;
+            /**
+             * Password provides a literal password used to encrypt the PKCS#12 keystore.
+             * Mutually exclusive with passwordSecretRef.
+             * One of password or passwordSecretRef must provide a password with a non-zero length.
+             */
+            password: string;
             passwordSecretRef: outputs.cert_manager.v1.CertificateSpecKeystoresPkcs12PasswordSecretRefPatch;
             /**
              * Profile specifies the key and certificate encryption algorithms and the HMAC algorithm
@@ -8228,6 +8268,10 @@ export declare namespace cert_manager {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID: string;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID: string;
         }
         /**
          * Auth: Azure Workload Identity or Azure Managed Service Identity:
@@ -8244,6 +8288,10 @@ export declare namespace cert_manager {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID: string;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID: string;
         }
         /**
          * Use the Microsoft Azure DNS API to manage DNS01 challenge records.
@@ -14988,6 +15036,10 @@ export declare namespace cert_manager {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID: string;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID: string;
         }
         /**
          * Auth: Azure Workload Identity or Azure Managed Service Identity:
@@ -15004,6 +15056,10 @@ export declare namespace cert_manager {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID: string;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID: string;
         }
         /**
          * Use the Microsoft Azure DNS API to manage DNS01 challenge records.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@highstate/cert-manager",
-  "version": "0.6.2",
+  "version": "0.7.1",
   "keywords": [
     "pulumi",
     "kubernetes",
@@ -37,7 +37,7 @@
   "pulumi": {
     "resource": true,
     "name": "@highstate/cert-manager",
-    "version": "0.4.4"
+    "version": "0.6.1"
   },
-  "gitHead": "dfd1d6878fc7d12954b6591d5ee1783d3c501eca"
+  "gitHead": "76c38ce5dbf7a710cf0e6339f52e86358537a99a"
 }

package/types/input.ts

@@ -467,6 +467,10 @@ export namespace acme {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID?: pulumi.Input<string>;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID?: pulumi.Input<string>;
         }
 
         /**
@@ -484,6 +488,10 @@ export namespace acme {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID?: pulumi.Input<string>;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID?: pulumi.Input<string>;
         }
 
         /**
@@ -6676,7 +6684,7 @@ export namespace cert_manager {
              * Create enables JKS keystore creation for the Certificate.
              * If true, a file named `keystore.jks` will be created in the target
              * Secret resource, encrypted using the password stored in
-             * `passwordSecretRef`.
+             * `passwordSecretRef` or `password`.
              * The keystore file will be updated immediately.
              * If the issuer provided a CA certificate, a file named `truststore.jks`
              * will also be created in the target Secret resource, encrypted using the
@@ -6684,12 +6692,20 @@ export namespace cert_manager {
              * containing the issuing Certificate Authority
              */
             create?: pulumi.Input<boolean>;
+            /**
+             * Password provides a literal password used to encrypt the JKS keystore.
+             * Mutually exclusive with passwordSecretRef.
+             * One of password or passwordSecretRef must provide a password with a non-zero length.
+             */
+            password?: pulumi.Input<string>;
             passwordSecretRef?: pulumi.Input<inputs.cert_manager.v1.CertificateSpecKeystoresJksPasswordSecretRef>;
         }
 
         /**
-         * PasswordSecretRef is a reference to a key in a Secret resource
+         * PasswordSecretRef is a reference to a non-empty key in a Secret resource
          * containing the password used to encrypt the JKS keystore.
+         * Mutually exclusive with password.
+         * One of password or passwordSecretRef must provide a password with a non-zero length.
          */
         export interface CertificateSpecKeystoresJksPasswordSecretRef {
             /**
@@ -6706,8 +6722,10 @@ export namespace cert_manager {
         }
 
         /**
-         * PasswordSecretRef is a reference to a key in a Secret resource
+         * PasswordSecretRef is a reference to a non-empty key in a Secret resource
          * containing the password used to encrypt the JKS keystore.
+         * Mutually exclusive with password.
+         * One of password or passwordSecretRef must provide a password with a non-zero length.
          */
         export interface CertificateSpecKeystoresJksPasswordSecretRefPatch {
             /**
@@ -6737,7 +6755,7 @@ export namespace cert_manager {
              * Create enables JKS keystore creation for the Certificate.
              * If true, a file named `keystore.jks` will be created in the target
              * Secret resource, encrypted using the password stored in
-             * `passwordSecretRef`.
+             * `passwordSecretRef` or `password`.
              * The keystore file will be updated immediately.
              * If the issuer provided a CA certificate, a file named `truststore.jks`
              * will also be created in the target Secret resource, encrypted using the
@@ -6745,6 +6763,12 @@ export namespace cert_manager {
              * containing the issuing Certificate Authority
              */
             create?: pulumi.Input<boolean>;
+            /**
+             * Password provides a literal password used to encrypt the JKS keystore.
+             * Mutually exclusive with passwordSecretRef.
+             * One of password or passwordSecretRef must provide a password with a non-zero length.
+             */
+            password?: pulumi.Input<string>;
             passwordSecretRef?: pulumi.Input<inputs.cert_manager.v1.CertificateSpecKeystoresJksPasswordSecretRefPatch>;
         }
 
@@ -6765,7 +6789,7 @@ export namespace cert_manager {
              * Create enables PKCS12 keystore creation for the Certificate.
              * If true, a file named `keystore.p12` will be created in the target
              * Secret resource, encrypted using the password stored in
-             * `passwordSecretRef`.
+             * `passwordSecretRef` or in `password`.
              * The keystore file will be updated immediately.
              * If the issuer provided a CA certificate, a file named `truststore.p12` will
              * also be created in the target Secret resource, encrypted using the
@@ -6773,6 +6797,12 @@ export namespace cert_manager {
              * Authority
              */
             create?: pulumi.Input<boolean>;
+            /**
+             * Password provides a literal password used to encrypt the PKCS#12 keystore.
+             * Mutually exclusive with passwordSecretRef.
+             * One of password or passwordSecretRef must provide a password with a non-zero length.
+             */
+            password?: pulumi.Input<string>;
             passwordSecretRef?: pulumi.Input<inputs.cert_manager.v1.CertificateSpecKeystoresPkcs12PasswordSecretRef>;
             /**
              * Profile specifies the key and certificate encryption algorithms and the HMAC algorithm
@@ -6789,8 +6819,10 @@ export namespace cert_manager {
         }
 
         /**
-         * PasswordSecretRef is a reference to a key in a Secret resource
-         * containing the password used to encrypt the PKCS12 keystore.
+         * PasswordSecretRef is a reference to a non-empty key in a Secret resource
+         * containing the password used to encrypt the PKCS#12 keystore.
+         * Mutually exclusive with password.
+         * One of password or passwordSecretRef must provide a password with a non-zero length.
          */
         export interface CertificateSpecKeystoresPkcs12PasswordSecretRef {
             /**
@@ -6807,8 +6839,10 @@ export namespace cert_manager {
         }
 
         /**
-         * PasswordSecretRef is a reference to a key in a Secret resource
-         * containing the password used to encrypt the PKCS12 keystore.
+         * PasswordSecretRef is a reference to a non-empty key in a Secret resource
+         * containing the password used to encrypt the PKCS#12 keystore.
+         * Mutually exclusive with password.
+         * One of password or passwordSecretRef must provide a password with a non-zero length.
          */
         export interface CertificateSpecKeystoresPkcs12PasswordSecretRefPatch {
             /**
@@ -6833,7 +6867,7 @@ export namespace cert_manager {
              * Create enables PKCS12 keystore creation for the Certificate.
              * If true, a file named `keystore.p12` will be created in the target
              * Secret resource, encrypted using the password stored in
-             * `passwordSecretRef`.
+             * `passwordSecretRef` or in `password`.
              * The keystore file will be updated immediately.
              * If the issuer provided a CA certificate, a file named `truststore.p12` will
              * also be created in the target Secret resource, encrypted using the
@@ -6841,6 +6875,12 @@ export namespace cert_manager {
              * Authority
              */
             create?: pulumi.Input<boolean>;
+            /**
+             * Password provides a literal password used to encrypt the PKCS#12 keystore.
+             * Mutually exclusive with passwordSecretRef.
+             * One of password or passwordSecretRef must provide a password with a non-zero length.
+             */
+            password?: pulumi.Input<string>;
             passwordSecretRef?: pulumi.Input<inputs.cert_manager.v1.CertificateSpecKeystoresPkcs12PasswordSecretRefPatch>;
             /**
              * Profile specifies the key and certificate encryption algorithms and the HMAC algorithm
@@ -8130,6 +8170,10 @@ export namespace cert_manager {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID?: pulumi.Input<string>;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID?: pulumi.Input<string>;
         }
 
         /**
@@ -8147,6 +8191,10 @@ export namespace cert_manager {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID?: pulumi.Input<string>;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID?: pulumi.Input<string>;
         }
 
         /**
@@ -15005,6 +15053,10 @@ export namespace cert_manager {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID?: pulumi.Input<string>;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID?: pulumi.Input<string>;
         }
 
         /**
@@ -15022,6 +15074,10 @@ export namespace cert_manager {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID?: pulumi.Input<string>;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID?: pulumi.Input<string>;
         }
 
         /**

package/types/output.ts

@@ -467,6 +467,10 @@ export namespace acme {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID: string;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID: string;
         }
 
         /**
@@ -484,6 +488,10 @@ export namespace acme {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID: string;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID: string;
         }
 
         /**
@@ -6882,7 +6890,7 @@ export namespace cert_manager {
              * Create enables JKS keystore creation for the Certificate.
              * If true, a file named `keystore.jks` will be created in the target
              * Secret resource, encrypted using the password stored in
-             * `passwordSecretRef`.
+             * `passwordSecretRef` or `password`.
              * The keystore file will be updated immediately.
              * If the issuer provided a CA certificate, a file named `truststore.jks`
              * will also be created in the target Secret resource, encrypted using the
@@ -6890,12 +6898,20 @@ export namespace cert_manager {
              * containing the issuing Certificate Authority
              */
             create: boolean;
+            /**
+             * Password provides a literal password used to encrypt the JKS keystore.
+             * Mutually exclusive with passwordSecretRef.
+             * One of password or passwordSecretRef must provide a password with a non-zero length.
+             */
+            password: string;
             passwordSecretRef: outputs.cert_manager.v1.CertificateSpecKeystoresJksPasswordSecretRef;
         }
 
         /**
-         * PasswordSecretRef is a reference to a key in a Secret resource
+         * PasswordSecretRef is a reference to a non-empty key in a Secret resource
          * containing the password used to encrypt the JKS keystore.
+         * Mutually exclusive with password.
+         * One of password or passwordSecretRef must provide a password with a non-zero length.
          */
         export interface CertificateSpecKeystoresJksPasswordSecretRef {
             /**
@@ -6912,8 +6928,10 @@ export namespace cert_manager {
         }
 
         /**
-         * PasswordSecretRef is a reference to a key in a Secret resource
+         * PasswordSecretRef is a reference to a non-empty key in a Secret resource
          * containing the password used to encrypt the JKS keystore.
+         * Mutually exclusive with password.
+         * One of password or passwordSecretRef must provide a password with a non-zero length.
          */
         export interface CertificateSpecKeystoresJksPasswordSecretRefPatch {
             /**
@@ -6943,7 +6961,7 @@ export namespace cert_manager {
              * Create enables JKS keystore creation for the Certificate.
              * If true, a file named `keystore.jks` will be created in the target
              * Secret resource, encrypted using the password stored in
-             * `passwordSecretRef`.
+             * `passwordSecretRef` or `password`.
              * The keystore file will be updated immediately.
              * If the issuer provided a CA certificate, a file named `truststore.jks`
              * will also be created in the target Secret resource, encrypted using the
@@ -6951,6 +6969,12 @@ export namespace cert_manager {
              * containing the issuing Certificate Authority
              */
             create: boolean;
+            /**
+             * Password provides a literal password used to encrypt the JKS keystore.
+             * Mutually exclusive with passwordSecretRef.
+             * One of password or passwordSecretRef must provide a password with a non-zero length.
+             */
+            password: string;
             passwordSecretRef: outputs.cert_manager.v1.CertificateSpecKeystoresJksPasswordSecretRefPatch;
         }
 
@@ -6971,7 +6995,7 @@ export namespace cert_manager {
              * Create enables PKCS12 keystore creation for the Certificate.
              * If true, a file named `keystore.p12` will be created in the target
              * Secret resource, encrypted using the password stored in
-             * `passwordSecretRef`.
+             * `passwordSecretRef` or in `password`.
              * The keystore file will be updated immediately.
              * If the issuer provided a CA certificate, a file named `truststore.p12` will
              * also be created in the target Secret resource, encrypted using the
@@ -6979,6 +7003,12 @@ export namespace cert_manager {
              * Authority
              */
             create: boolean;
+            /**
+             * Password provides a literal password used to encrypt the PKCS#12 keystore.
+             * Mutually exclusive with passwordSecretRef.
+             * One of password or passwordSecretRef must provide a password with a non-zero length.
+             */
+            password: string;
             passwordSecretRef: outputs.cert_manager.v1.CertificateSpecKeystoresPkcs12PasswordSecretRef;
             /**
              * Profile specifies the key and certificate encryption algorithms and the HMAC algorithm
@@ -6995,8 +7025,10 @@ export namespace cert_manager {
         }
 
         /**
-         * PasswordSecretRef is a reference to a key in a Secret resource
-         * containing the password used to encrypt the PKCS12 keystore.
+         * PasswordSecretRef is a reference to a non-empty key in a Secret resource
+         * containing the password used to encrypt the PKCS#12 keystore.
+         * Mutually exclusive with password.
+         * One of password or passwordSecretRef must provide a password with a non-zero length.
          */
         export interface CertificateSpecKeystoresPkcs12PasswordSecretRef {
             /**
@@ -7013,8 +7045,10 @@ export namespace cert_manager {
         }
 
         /**
-         * PasswordSecretRef is a reference to a key in a Secret resource
-         * containing the password used to encrypt the PKCS12 keystore.
+         * PasswordSecretRef is a reference to a non-empty key in a Secret resource
+         * containing the password used to encrypt the PKCS#12 keystore.
+         * Mutually exclusive with password.
+         * One of password or passwordSecretRef must provide a password with a non-zero length.
          */
         export interface CertificateSpecKeystoresPkcs12PasswordSecretRefPatch {
             /**
@@ -7039,7 +7073,7 @@ export namespace cert_manager {
              * Create enables PKCS12 keystore creation for the Certificate.
              * If true, a file named `keystore.p12` will be created in the target
              * Secret resource, encrypted using the password stored in
-             * `passwordSecretRef`.
+             * `passwordSecretRef` or in `password`.
              * The keystore file will be updated immediately.
              * If the issuer provided a CA certificate, a file named `truststore.p12` will
              * also be created in the target Secret resource, encrypted using the
@@ -7047,6 +7081,12 @@ export namespace cert_manager {
              * Authority
              */
             create: boolean;
+            /**
+             * Password provides a literal password used to encrypt the PKCS#12 keystore.
+             * Mutually exclusive with passwordSecretRef.
+             * One of password or passwordSecretRef must provide a password with a non-zero length.
+             */
+            password: string;
             passwordSecretRef: outputs.cert_manager.v1.CertificateSpecKeystoresPkcs12PasswordSecretRefPatch;
             /**
              * Profile specifies the key and certificate encryption algorithms and the HMAC algorithm
@@ -8445,6 +8485,10 @@ export namespace cert_manager {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID: string;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID: string;
         }
 
         /**
@@ -8462,6 +8506,10 @@ export namespace cert_manager {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID: string;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID: string;
         }
 
         /**
@@ -15394,6 +15442,10 @@ export namespace cert_manager {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID: string;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID: string;
         }
 
         /**
@@ -15411,6 +15463,10 @@ export namespace cert_manager {
              * Cannot be used for Azure Managed Service Identity
              */
             resourceID: string;
+            /**
+             * tenant ID of the managed identity, can not be used at the same time as resourceID
+             */
+            tenantID: string;
         }
 
         /**