@pulumi/tls 5.3.0 → 5.3.1

package/certRequest.d.ts

@@ -2,6 +2,15 @@ import * as pulumi from "@pulumi/pulumi";
 import * as inputs from "./types/input";
 import * as outputs from "./types/output";
 /**
+ * Creates a Certificate Signing Request (CSR) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
+ *
+ * PEM is the typical format used to request a certificate from a Certificate Authority (CA).
+ *
+ * This resource is intended to be used in conjunction with a Terraform provider for a particular certificate authority in order to provision a new certificate.
+ *
+ * This is a *logical resource*, so it contributes only to the current Terraform
+ * state and does not create any external managed resources.
+ *
  * ## Example Usage
  *
  * ```typescript

package/certRequest.js

@@ -6,6 +6,15 @@ exports.CertRequest = void 0;
 const pulumi = require("@pulumi/pulumi");
 const utilities = require("./utilities");
 /**
+ * Creates a Certificate Signing Request (CSR) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
+ *
+ * PEM is the typical format used to request a certificate from a Certificate Authority (CA).
+ *
+ * This resource is intended to be used in conjunction with a Terraform provider for a particular certificate authority in order to provision a new certificate.
+ *
+ * This is a *logical resource*, so it contributes only to the current Terraform
+ * state and does not create any external managed resources.
+ *
  * ## Example Usage
  *
  * ```typescript

package/certRequest.js.map

@@ -1 +1 @@
-{"version":3,"file":"certRequest.js","sourceRoot":"","sources":["../certRequest.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAa,WAAY,SAAQ,MAAM,CAAC,cAAc;IAClD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAwB,EAAE,IAAmC;QACtH,OAAO,IAAI,WAAW,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAClE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,WAAW,CAAC,YAAY,CAAC;IAC5D,CAAC;IAuCD,YAAY,IAAY,EAAE,WAAgD,EAAE,IAAmC;QAC3G,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA2C,CAAC;YAC1D,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,EAAE,cAAc,CAAC;YACzD,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;YAC7C,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;YAC3C,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,EAAE,IAAI,CAAC;SACxC;aAAM;YACH,MAAM,IAAI,GAAG,WAA0C,CAAC;YACxD,IAAI,IAAI,EAAE,aAAa,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAChD,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;aAChE;YACD,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC5C,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;YAClD,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtG,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC;YAC1C,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,IAAI,CAAC;YACpC,cAAc,CAAC,gBAAgB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACrD,cAAc,CAAC,cAAc,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACtD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,eAAe,CAAC,EAAE,CAAC;QAClE,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAChE,CAAC;;AA9FL,kCA+FC;AAjFG,gBAAgB;AACO,wBAAY,GAAG,mCAAmC,CAAC"}
+{"version":3,"file":"certRequest.js","sourceRoot":"","sources":["../certRequest.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAa,WAAY,SAAQ,MAAM,CAAC,cAAc;IAClD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAwB,EAAE,IAAmC;QACtH,OAAO,IAAI,WAAW,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAClE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,WAAW,CAAC,YAAY,CAAC;IAC5D,CAAC;IAuCD,YAAY,IAAY,EAAE,WAAgD,EAAE,IAAmC;QAC3G,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA2C,CAAC;YAC1D,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,EAAE,cAAc,CAAC;YACzD,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;YAC7C,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;YAC3C,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,EAAE,IAAI,CAAC;SACxC;aAAM;YACH,MAAM,IAAI,GAAG,WAA0C,CAAC;YACxD,IAAI,IAAI,EAAE,aAAa,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAChD,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;aAChE;YACD,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC5C,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;YAClD,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtG,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC;YAC1C,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,IAAI,CAAC;YACpC,cAAc,CAAC,gBAAgB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACrD,cAAc,CAAC,cAAc,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACtD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,eAAe,CAAC,EAAE,CAAC;QAClE,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAChE,CAAC;;AA9FL,kCA+FC;AAjFG,gBAAgB;AACO,wBAAY,GAAG,mCAAmC,CAAC"}

package/getCertificate.d.ts

@@ -1,5 +1,49 @@
 import * as pulumi from "@pulumi/pulumi";
 import * as outputs from "./types/output";
+/**
+ * Get information about the TLS certificates securing a host.
+ *
+ * Use this data source to get information, such as SHA1 fingerprint or serial number, about the TLS certificates that protects a URL.
+ *
+ * ## Example Usage
+ *
+ * ### URL Usage
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as aws from "@pulumi/aws";
+ * import * as tls from "@pulumi/tls";
+ *
+ * const exampleEksCluster = new aws.index.EksCluster("example", {name: "example"});
+ * const example = tls.getCertificate({
+ *     url: exampleEksCluster.identity[0].oidc[0].issuer,
+ * });
+ * const exampleIamOpenidConnectProvider = new aws.index.IamOpenidConnectProvider("example", {
+ *     clientIdList: ["sts.amazonaws.com"],
+ *     thumbprintList: [example.certificates?.[0]?.sha1Fingerprint],
+ *     url: exampleEksCluster.identity[0].oidc[0].issuer,
+ * });
+ * ```
+ *
+ * ### Content Usage
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as std from "@pulumi/std";
+ * import * as tls from "@pulumi/tls";
+ *
+ * const exampleContent = std.file({
+ *     input: "example.pem",
+ * }).then(invoke => tls.getCertificate({
+ *     content: invoke.result,
+ * }));
+ * ```
+ *
+ * <!--
+ *     Schema ORIGINALLY generated by tfplugindocs,
+ *     then manually tweaked to circumvent current limitations.
+ *
+ *     This should be revisited, once https://github.com/hashicorp/terraform-plugin-docs/issues/66 is resolved.
+ * -->
+ */
 export declare function getCertificate(args?: GetCertificateArgs, opts?: pulumi.InvokeOptions): Promise<GetCertificateResult>;
 /**
  * A collection of arguments for invoking getCertificate.
@@ -43,6 +87,50 @@ export interface GetCertificateResult {
      */
     readonly verifyChain?: boolean;
 }
+/**
+ * Get information about the TLS certificates securing a host.
+ *
+ * Use this data source to get information, such as SHA1 fingerprint or serial number, about the TLS certificates that protects a URL.
+ *
+ * ## Example Usage
+ *
+ * ### URL Usage
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as aws from "@pulumi/aws";
+ * import * as tls from "@pulumi/tls";
+ *
+ * const exampleEksCluster = new aws.index.EksCluster("example", {name: "example"});
+ * const example = tls.getCertificate({
+ *     url: exampleEksCluster.identity[0].oidc[0].issuer,
+ * });
+ * const exampleIamOpenidConnectProvider = new aws.index.IamOpenidConnectProvider("example", {
+ *     clientIdList: ["sts.amazonaws.com"],
+ *     thumbprintList: [example.certificates?.[0]?.sha1Fingerprint],
+ *     url: exampleEksCluster.identity[0].oidc[0].issuer,
+ * });
+ * ```
+ *
+ * ### Content Usage
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as std from "@pulumi/std";
+ * import * as tls from "@pulumi/tls";
+ *
+ * const exampleContent = std.file({
+ *     input: "example.pem",
+ * }).then(invoke => tls.getCertificate({
+ *     content: invoke.result,
+ * }));
+ * ```
+ *
+ * <!--
+ *     Schema ORIGINALLY generated by tfplugindocs,
+ *     then manually tweaked to circumvent current limitations.
+ *
+ *     This should be revisited, once https://github.com/hashicorp/terraform-plugin-docs/issues/66 is resolved.
+ * -->
+ */
 export declare function getCertificateOutput(args?: GetCertificateOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetCertificateResult>;
 /**
  * A collection of arguments for invoking getCertificate.

package/getCertificate.js

@@ -5,6 +5,50 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.getCertificateOutput = exports.getCertificate = void 0;
 const pulumi = require("@pulumi/pulumi");
 const utilities = require("./utilities");
+/**
+ * Get information about the TLS certificates securing a host.
+ *
+ * Use this data source to get information, such as SHA1 fingerprint or serial number, about the TLS certificates that protects a URL.
+ *
+ * ## Example Usage
+ *
+ * ### URL Usage
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as aws from "@pulumi/aws";
+ * import * as tls from "@pulumi/tls";
+ *
+ * const exampleEksCluster = new aws.index.EksCluster("example", {name: "example"});
+ * const example = tls.getCertificate({
+ *     url: exampleEksCluster.identity[0].oidc[0].issuer,
+ * });
+ * const exampleIamOpenidConnectProvider = new aws.index.IamOpenidConnectProvider("example", {
+ *     clientIdList: ["sts.amazonaws.com"],
+ *     thumbprintList: [example.certificates?.[0]?.sha1Fingerprint],
+ *     url: exampleEksCluster.identity[0].oidc[0].issuer,
+ * });
+ * ```
+ *
+ * ### Content Usage
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as std from "@pulumi/std";
+ * import * as tls from "@pulumi/tls";
+ *
+ * const exampleContent = std.file({
+ *     input: "example.pem",
+ * }).then(invoke => tls.getCertificate({
+ *     content: invoke.result,
+ * }));
+ * ```
+ *
+ * <!--
+ *     Schema ORIGINALLY generated by tfplugindocs,
+ *     then manually tweaked to circumvent current limitations.
+ *
+ *     This should be revisited, once https://github.com/hashicorp/terraform-plugin-docs/issues/66 is resolved.
+ * -->
+ */
 function getCertificate(args, opts) {
     args = args || {};
     opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {});
@@ -15,6 +59,50 @@ function getCertificate(args, opts) {
     }, opts);
 }
 exports.getCertificate = getCertificate;
+/**
+ * Get information about the TLS certificates securing a host.
+ *
+ * Use this data source to get information, such as SHA1 fingerprint or serial number, about the TLS certificates that protects a URL.
+ *
+ * ## Example Usage
+ *
+ * ### URL Usage
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as aws from "@pulumi/aws";
+ * import * as tls from "@pulumi/tls";
+ *
+ * const exampleEksCluster = new aws.index.EksCluster("example", {name: "example"});
+ * const example = tls.getCertificate({
+ *     url: exampleEksCluster.identity[0].oidc[0].issuer,
+ * });
+ * const exampleIamOpenidConnectProvider = new aws.index.IamOpenidConnectProvider("example", {
+ *     clientIdList: ["sts.amazonaws.com"],
+ *     thumbprintList: [example.certificates?.[0]?.sha1Fingerprint],
+ *     url: exampleEksCluster.identity[0].oidc[0].issuer,
+ * });
+ * ```
+ *
+ * ### Content Usage
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as std from "@pulumi/std";
+ * import * as tls from "@pulumi/tls";
+ *
+ * const exampleContent = std.file({
+ *     input: "example.pem",
+ * }).then(invoke => tls.getCertificate({
+ *     content: invoke.result,
+ * }));
+ * ```
+ *
+ * <!--
+ *     Schema ORIGINALLY generated by tfplugindocs,
+ *     then manually tweaked to circumvent current limitations.
+ *
+ *     This should be revisited, once https://github.com/hashicorp/terraform-plugin-docs/issues/66 is resolved.
+ * -->
+ */
 function getCertificateOutput(args, opts) {
     args = args || {};
     opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {});

package/getCertificate.js.map

@@ -1 +1 @@
-{"version":3,"file":"getCertificate.js","sourceRoot":"","sources":["../getCertificate.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC,SAAgB,cAAc,CAAC,IAAyB,EAAE,IAA2B;IACjF,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;IAClB,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IACzE,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,yCAAyC,EAAE;QACpE,SAAS,EAAE,IAAI,CAAC,OAAO;QACvB,KAAK,EAAE,IAAI,CAAC,GAAG;QACf,aAAa,EAAE,IAAI,CAAC,WAAW;KAClC,EAAE,IAAI,CAAC,CAAC;AACb,CAAC;AARD,wCAQC;AA6CD,SAAgB,oBAAoB,CAAC,IAA+B,EAAE,IAAiC;IACnG,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;IAClB,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IACzE,OAAO,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,yCAAyC,EAAE;QAC1E,SAAS,EAAE,IAAI,CAAC,OAAO;QACvB,KAAK,EAAE,IAAI,CAAC,GAAG;QACf,aAAa,EAAE,IAAI,CAAC,WAAW;KAClC,EAAE,IAAI,CAAC,CAAC;AACb,CAAC;AARD,oDAQC"}
+{"version":3,"file":"getCertificate.js","sourceRoot":"","sources":["../getCertificate.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AACH,SAAgB,cAAc,CAAC,IAAyB,EAAE,IAA2B;IACjF,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;IAClB,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IACzE,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,yCAAyC,EAAE;QACpE,SAAS,EAAE,IAAI,CAAC,OAAO;QACvB,KAAK,EAAE,IAAI,CAAC,GAAG;QACf,aAAa,EAAE,IAAI,CAAC,WAAW;KAClC,EAAE,IAAI,CAAC,CAAC;AACb,CAAC;AARD,wCAQC;AA6CD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AACH,SAAgB,oBAAoB,CAAC,IAA+B,EAAE,IAAiC;IACnG,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;IAClB,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IACzE,OAAO,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,yCAAyC,EAAE;QAC1E,SAAS,EAAE,IAAI,CAAC,OAAO;QACvB,KAAK,EAAE,IAAI,CAAC,GAAG;QACf,aAAa,EAAE,IAAI,CAAC,WAAW;KAClC,EAAE,IAAI,CAAC,CAAC;AACb,CAAC;AARD,oDAQC"}

package/locallySignedCert.d.ts

@@ -1,4 +1,53 @@
 import * as pulumi from "@pulumi/pulumi";
+/**
+ * Creates a TLS certificate in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format using a Certificate Signing Request (CSR) and signs it with a provided (local) Certificate Authority (CA).
+ *
+ * > **Note** Locally-signed certificates are generally only trusted by client software when
+ * setup to use the provided CA. They are normally used in development environments
+ * or when deployed internally to an organization.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as std from "@pulumi/std";
+ * import * as tls from "@pulumi/tls";
+ *
+ * const example = new tls.LocallySignedCert("example", {
+ *     certRequestPem: std.file({
+ *         input: "cert_request.pem",
+ *     }).then(invoke => invoke.result),
+ *     caPrivateKeyPem: std.file({
+ *         input: "ca_private_key.pem",
+ *     }).then(invoke => invoke.result),
+ *     caCertPem: std.file({
+ *         input: "ca_cert.pem",
+ *     }).then(invoke => invoke.result),
+ *     validityPeriodHours: 12,
+ *     allowedUses: [
+ *         "key_encipherment",
+ *         "digital_signature",
+ *         "server_auth",
+ *     ],
+ * });
+ * ```
+ *
+ * ## Automatic Renewal
+ *
+ * This resource considers its instances to have been deleted after either their validity
+ * periods ends (i.e. beyond the `validityPeriodHours`)
+ * or the early renewal period is reached (i.e. within the `earlyRenewalHours`):
+ * when this happens, the `readyForRenewal` attribute will be `true`.
+ * At this time, applying the Terraform configuration will cause a new certificate to be
+ * generated for the instance.
+ *
+ * Therefore in a development environment with frequent deployments it may be convenient
+ * to set a relatively-short expiration time and use early renewal to automatically provision
+ * a new certificate when the current one is about to expire.
+ *
+ * The creation of a new certificate may of course cause dependent resources to be updated
+ * or replaced, depending on the lifecycle rules applying to those resources.
+ */
 export declare class LocallySignedCert extends pulumi.CustomResource {
     /**
      * Get an existing LocallySignedCert resource's state with the given name, ID, and optional extra
@@ -39,6 +88,9 @@ export declare class LocallySignedCert extends pulumi.CustomResource {
      * Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
      */
     readonly certRequestPem: pulumi.Output<string>;
+    /**
+     * The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: `0`)
+     */
     readonly earlyRenewalHours: pulumi.Output<number>;
     /**
      * Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
@@ -105,6 +157,9 @@ export interface LocallySignedCertState {
      * Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
      */
     certRequestPem?: pulumi.Input<string>;
+    /**
+     * The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: `0`)
+     */
     earlyRenewalHours?: pulumi.Input<number>;
     /**
      * Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
@@ -155,6 +210,9 @@ export interface LocallySignedCertArgs {
      * Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
      */
     certRequestPem: pulumi.Input<string>;
+    /**
+     * The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: `0`)
+     */
     earlyRenewalHours?: pulumi.Input<number>;
     /**
      * Is the generated certificate representing a Certificate Authority (CA) (default: `false`).

package/locallySignedCert.js

@@ -5,6 +5,55 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.LocallySignedCert = void 0;
 const pulumi = require("@pulumi/pulumi");
 const utilities = require("./utilities");
+/**
+ * Creates a TLS certificate in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format using a Certificate Signing Request (CSR) and signs it with a provided (local) Certificate Authority (CA).
+ *
+ * > **Note** Locally-signed certificates are generally only trusted by client software when
+ * setup to use the provided CA. They are normally used in development environments
+ * or when deployed internally to an organization.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as std from "@pulumi/std";
+ * import * as tls from "@pulumi/tls";
+ *
+ * const example = new tls.LocallySignedCert("example", {
+ *     certRequestPem: std.file({
+ *         input: "cert_request.pem",
+ *     }).then(invoke => invoke.result),
+ *     caPrivateKeyPem: std.file({
+ *         input: "ca_private_key.pem",
+ *     }).then(invoke => invoke.result),
+ *     caCertPem: std.file({
+ *         input: "ca_cert.pem",
+ *     }).then(invoke => invoke.result),
+ *     validityPeriodHours: 12,
+ *     allowedUses: [
+ *         "key_encipherment",
+ *         "digital_signature",
+ *         "server_auth",
+ *     ],
+ * });
+ * ```
+ *
+ * ## Automatic Renewal
+ *
+ * This resource considers its instances to have been deleted after either their validity
+ * periods ends (i.e. beyond the `validityPeriodHours`)
+ * or the early renewal period is reached (i.e. within the `earlyRenewalHours`):
+ * when this happens, the `readyForRenewal` attribute will be `true`.
+ * At this time, applying the Terraform configuration will cause a new certificate to be
+ * generated for the instance.
+ *
+ * Therefore in a development environment with frequent deployments it may be convenient
+ * to set a relatively-short expiration time and use early renewal to automatically provision
+ * a new certificate when the current one is about to expire.
+ *
+ * The creation of a new certificate may of course cause dependent resources to be updated
+ * or replaced, depending on the lifecycle rules applying to those resources.
+ */
 class LocallySignedCert extends pulumi.CustomResource {
     /**
      * Get an existing LocallySignedCert resource's state with the given name, ID, and optional extra

package/locallySignedCert.js.map

@@ -1 +1 @@
-{"version":3,"file":"locallySignedCert.js","sourceRoot":"","sources":["../locallySignedCert.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC,MAAa,iBAAkB,SAAQ,MAAM,CAAC,cAAc;IACxD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA8B,EAAE,IAAmC;QAC5H,OAAO,IAAI,iBAAiB,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IACxE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,iBAAiB,CAAC,YAAY,CAAC;IAClE,CAAC;IAgED,YAAY,IAAY,EAAE,WAA4D,EAAE,IAAmC;QACvH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAiD,CAAC;YAChE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,EAAE,cAAc,CAAC;YACzD,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;YAC3C,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,EAAE,cAAc,CAAC;YACzD,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;YAC/D,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,qBAAqB,CAAC,GAAG,KAAK,EAAE,mBAAmB,CAAC;YACnE,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;SAClE;aAAM;YACH,MAAM,IAAI,GAAG,WAAgD,CAAC;YAC9D,IAAI,IAAI,EAAE,WAAW,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC9C,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;aAC9D;YACD,IAAI,IAAI,EAAE,SAAS,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC5C,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,IAAI,IAAI,EAAE,eAAe,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAClD,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;aAClE;YACD,IAAI,IAAI,EAAE,cAAc,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;aACjE;YACD,IAAI,IAAI,EAAE,mBAAmB,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACtD,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;aACtE;YACD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;YAClD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5G,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,EAAE,cAAc,CAAC;YACxD,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,EAAE,iBAAiB,CAAC;YAC9D,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,EAAE,aAAa,CAAC;YACtD,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,qBAAqB,CAAC,GAAG,IAAI,EAAE,mBAAmB,CAAC;YAClE,cAAc,CAAC,gBAAgB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACrD,cAAc,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC9C,cAAc,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACtD,cAAc,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACtD,cAAc,CAAC,mBAAmB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC3D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACpE,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,iBAAiB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACtE,CAAC;;AAjJL,8CAkJC;AApIG,gBAAgB;AACO,8BAAY,GAAG,+CAA+C,CAAC"}
+{"version":3,"file":"locallySignedCert.js","sourceRoot":"","sources":["../locallySignedCert.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AACH,MAAa,iBAAkB,SAAQ,MAAM,CAAC,cAAc;IACxD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA8B,EAAE,IAAmC;QAC5H,OAAO,IAAI,iBAAiB,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IACxE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,iBAAiB,CAAC,YAAY,CAAC;IAClE,CAAC;IAmED,YAAY,IAAY,EAAE,WAA4D,EAAE,IAAmC;QACvH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAiD,CAAC;YAChE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,EAAE,cAAc,CAAC;YACzD,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;YAC3C,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,EAAE,cAAc,CAAC;YACzD,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;YAC/D,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,qBAAqB,CAAC,GAAG,KAAK,EAAE,mBAAmB,CAAC;YACnE,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;SAClE;aAAM;YACH,MAAM,IAAI,GAAG,WAAgD,CAAC;YAC9D,IAAI,IAAI,EAAE,WAAW,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC9C,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;aAC9D;YACD,IAAI,IAAI,EAAE,SAAS,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC5C,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,IAAI,IAAI,EAAE,eAAe,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAClD,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;aAClE;YACD,IAAI,IAAI,EAAE,cAAc,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;aACjE;YACD,IAAI,IAAI,EAAE,mBAAmB,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACtD,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;aACtE;YACD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;YAClD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5G,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,EAAE,cAAc,CAAC;YACxD,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,EAAE,iBAAiB,CAAC;YAC9D,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,EAAE,aAAa,CAAC;YACtD,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,qBAAqB,CAAC,GAAG,IAAI,EAAE,mBAAmB,CAAC;YAClE,cAAc,CAAC,gBAAgB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACrD,cAAc,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC9C,cAAc,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACtD,cAAc,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACtD,cAAc,CAAC,mBAAmB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC3D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACpE,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,iBAAiB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACtE,CAAC;;AApJL,8CAqJC;AAvIG,gBAAgB;AACO,8BAAY,GAAG,+CAA+C,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@pulumi/tls",
-    "version": "5.3.0",
+    "version": "5.3.1",
     "description": "A Pulumi package to create TLS resources in Pulumi programs.",
     "keywords": [
         "pulumi",
@@ -22,6 +22,6 @@
     "pulumi": {
         "resource": true,
         "name": "tls",
-        "version": "5.3.0"
+        "version": "5.3.1"
     }
 }

package/privateKey.d.ts

@@ -1,4 +1,50 @@
 import * as pulumi from "@pulumi/pulumi";
+/**
+ * > If the managed resource supports a write-only attribute for the private key (first introduced in Terraform 1.11), then the ephemeral variant of `tls.PrivateKey` should be used, when possible, to avoid storing the private key data in the plan or state file.
+ *
+ * Creates a PEM (and OpenSSH) formatted private key.
+ *
+ * Generates a secure private key and encodes it in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) and [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) formats. This resource is primarily intended for easily bootstrapping throwaway development environments.
+ *
+ * > **Security Notice** The private key generated by this resource will
+ * be stored *unencrypted* in your Terraform state file. **Use of this resource
+ * for production deployments is *not* recommended**. Instead, generate
+ * a private key file outside of Terraform and distribute it securely
+ * to the system where Terraform will be run.
+ *
+ * This is a *logical resource*, so it contributes only to the current Terraform
+ * state and does not create any external managed resources.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as tls from "@pulumi/tls";
+ *
+ * // ECDSA key with P384 elliptic curve
+ * const ecdsa_p384_example = new tls.PrivateKey("ecdsa-p384-example", {
+ *     algorithm: "ECDSA",
+ *     ecdsaCurve: "P384",
+ * });
+ * // RSA key of size 4096 bits
+ * const rsa_4096_example = new tls.PrivateKey("rsa-4096-example", {
+ *     algorithm: "RSA",
+ *     rsaBits: 4096,
+ * });
+ * // ED25519 key
+ * const ed25519_example = new tls.PrivateKey("ed25519-example", {algorithm: "ED25519"});
+ * ```
+ *
+ * ## Generating a New Key
+ *
+ * Since a private key is a logical resource that lives only in the Terraform state,
+ * it will persist until it is explicitly destroyed by the user.
+ *
+ * In order to force the generation of a new key within an existing state, the
+ * private key instance can be "tainted":
+ *
+ * A new key will then be generated on the next ``pulumi up``.
+ */
 export declare class PrivateKey extends pulumi.CustomResource {
     /**
      * Get an existing PrivateKey resource's state with the given name, ID, and optional extra

package/privateKey.js

@@ -5,6 +5,52 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.PrivateKey = void 0;
 const pulumi = require("@pulumi/pulumi");
 const utilities = require("./utilities");
+/**
+ * > If the managed resource supports a write-only attribute for the private key (first introduced in Terraform 1.11), then the ephemeral variant of `tls.PrivateKey` should be used, when possible, to avoid storing the private key data in the plan or state file.
+ *
+ * Creates a PEM (and OpenSSH) formatted private key.
+ *
+ * Generates a secure private key and encodes it in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) and [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) formats. This resource is primarily intended for easily bootstrapping throwaway development environments.
+ *
+ * > **Security Notice** The private key generated by this resource will
+ * be stored *unencrypted* in your Terraform state file. **Use of this resource
+ * for production deployments is *not* recommended**. Instead, generate
+ * a private key file outside of Terraform and distribute it securely
+ * to the system where Terraform will be run.
+ *
+ * This is a *logical resource*, so it contributes only to the current Terraform
+ * state and does not create any external managed resources.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as tls from "@pulumi/tls";
+ *
+ * // ECDSA key with P384 elliptic curve
+ * const ecdsa_p384_example = new tls.PrivateKey("ecdsa-p384-example", {
+ *     algorithm: "ECDSA",
+ *     ecdsaCurve: "P384",
+ * });
+ * // RSA key of size 4096 bits
+ * const rsa_4096_example = new tls.PrivateKey("rsa-4096-example", {
+ *     algorithm: "RSA",
+ *     rsaBits: 4096,
+ * });
+ * // ED25519 key
+ * const ed25519_example = new tls.PrivateKey("ed25519-example", {algorithm: "ED25519"});
+ * ```
+ *
+ * ## Generating a New Key
+ *
+ * Since a private key is a logical resource that lives only in the Terraform state,
+ * it will persist until it is explicitly destroyed by the user.
+ *
+ * In order to force the generation of a new key within an existing state, the
+ * private key instance can be "tainted":
+ *
+ * A new key will then be generated on the next ``pulumi up``.
+ */
 class PrivateKey extends pulumi.CustomResource {
     /**
      * Get an existing PrivateKey resource's state with the given name, ID, and optional extra

package/privateKey.js.map

@@ -1 +1 @@
-{"version":3,"file":"privateKey.js","sourceRoot":"","sources":["../privateKey.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC,MAAa,UAAW,SAAQ,MAAM,CAAC,cAAc;IACjD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAuB,EAAE,IAAmC;QACrH,OAAO,IAAI,UAAU,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IACjE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,UAAU,CAAC,YAAY,CAAC;IAC3D,CAAC;IAmDD,YAAY,IAAY,EAAE,WAA8C,EAAE,IAAmC;QACzG,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA0C,CAAC;YACzD,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;YAC/D,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,EAAE,kBAAkB,CAAC;YACjE,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,EAAE,uBAAuB,CAAC;YAC3E,cAAc,CAAC,4BAA4B,CAAC,GAAG,KAAK,EAAE,0BAA0B,CAAC;YACjF,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,EAAE,gBAAgB,CAAC;YAC7D,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;SAC9C;aAAM;YACH,MAAM,IAAI,GAAG,WAAyC,CAAC;YACvD,IAAI,IAAI,EAAE,SAAS,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC5C,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC;YAChD,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC;YAC1C,cAAc,CAAC,mBAAmB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACxD,cAAc,CAAC,eAAe,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACpD,cAAc,CAAC,oBAAoB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACzD,cAAc,CAAC,yBAAyB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC9D,cAAc,CAAC,4BAA4B,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACjE,cAAc,CAAC,kBAAkB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACvD,cAAc,CAAC,cAAc,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACtD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,mBAAmB,EAAE,eAAe,EAAE,oBAAoB,CAAC,EAAE,CAAC;QAC7G,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,UAAU,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC/D,CAAC;;AAhHL,gCAiHC;AAnGG,gBAAgB;AACO,uBAAY,GAAG,iCAAiC,CAAC"}
+{"version":3,"file":"privateKey.js","sourceRoot":"","sources":["../privateKey.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6CG;AACH,MAAa,UAAW,SAAQ,MAAM,CAAC,cAAc;IACjD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAuB,EAAE,IAAmC;QACrH,OAAO,IAAI,UAAU,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IACjE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,UAAU,CAAC,YAAY,CAAC;IAC3D,CAAC;IAmDD,YAAY,IAAY,EAAE,WAA8C,EAAE,IAAmC;QACzG,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA0C,CAAC;YACzD,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;YAC/D,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,EAAE,kBAAkB,CAAC;YACjE,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,EAAE,uBAAuB,CAAC;YAC3E,cAAc,CAAC,4BAA4B,CAAC,GAAG,KAAK,EAAE,0BAA0B,CAAC;YACjF,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,EAAE,gBAAgB,CAAC;YAC7D,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;SAC9C;aAAM;YACH,MAAM,IAAI,GAAG,WAAyC,CAAC;YACvD,IAAI,IAAI,EAAE,SAAS,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC5C,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC;YAChD,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC;YAC1C,cAAc,CAAC,mBAAmB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACxD,cAAc,CAAC,eAAe,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACpD,cAAc,CAAC,oBAAoB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACzD,cAAc,CAAC,yBAAyB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC9D,cAAc,CAAC,4BAA4B,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACjE,cAAc,CAAC,kBAAkB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACvD,cAAc,CAAC,cAAc,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACtD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,mBAAmB,EAAE,eAAe,EAAE,oBAAoB,CAAC,EAAE,CAAC;QAC7G,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,UAAU,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC/D,CAAC;;AAhHL,gCAiHC;AAnGG,gBAAgB;AACO,uBAAY,GAAG,iCAAiC,CAAC"}

package/selfSignedCert.d.ts

@@ -1,6 +1,55 @@
 import * as pulumi from "@pulumi/pulumi";
 import * as inputs from "./types/input";
 import * as outputs from "./types/output";
+/**
+ * Creates a **self-signed** TLS certificate in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
+ *
+ * > **Warning** Self-signed certificates are usually used only in development environments
+ * or applications deployed internally to an organization.
+ * Certificates of this type are generally not trusted by client software such
+ * as web browsers. Therefore clients are likely to generate trust warnings when
+ * connecting to a server that has a self-signed certificate.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as std from "@pulumi/std";
+ * import * as tls from "@pulumi/tls";
+ *
+ * const example = new tls.SelfSignedCert("example", {
+ *     privateKeyPem: std.file({
+ *         input: "private_key.pem",
+ *     }).then(invoke => invoke.result),
+ *     subject: {
+ *         commonName: "example.com",
+ *         organization: "ACME Examples, Inc",
+ *     },
+ *     validityPeriodHours: 12,
+ *     allowedUses: [
+ *         "key_encipherment",
+ *         "digital_signature",
+ *         "server_auth",
+ *     ],
+ * });
+ * ```
+ *
+ * ## Automatic Renewal
+ *
+ * This resource considers its instances to have been deleted after either their validity
+ * periods ends (i.e. beyond the `validityPeriodHours`)
+ * or the early renewal period is reached (i.e. within the `earlyRenewalHours`):
+ * when this happens, the `readyForRenewal` attribute will be `true`.
+ * At this time, applying the Terraform configuration will cause a new certificate to be
+ * generated for the instance.
+ *
+ * Therefore in a development environment with frequent deployments it may be convenient
+ * to set a relatively-short expiration time and use early renewal to automatically provision
+ * a new certificate when the current one is about to expire.
+ *
+ * The creation of a new certificate may of course cause dependent resources to be updated
+ * or replaced, depending on the lifecycle rules applying to those resources.
+ */
 export declare class SelfSignedCert extends pulumi.CustomResource {
     /**
      * Get an existing SelfSignedCert resource's state with the given name, ID, and optional extra
@@ -29,6 +78,9 @@ export declare class SelfSignedCert extends pulumi.CustomResource {
      * List of DNS names for which a certificate is being requested (i.e. certificate subjects).
      */
     readonly dnsNames: pulumi.Output<string[] | undefined>;
+    /**
+     * The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: `0`)
+     */
     readonly earlyRenewalHours: pulumi.Output<number>;
     /**
      * List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
@@ -107,6 +159,9 @@ export interface SelfSignedCertState {
      * List of DNS names for which a certificate is being requested (i.e. certificate subjects).
      */
     dnsNames?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: `0`)
+     */
     earlyRenewalHours?: pulumi.Input<number>;
     /**
      * List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
@@ -173,6 +228,9 @@ export interface SelfSignedCertArgs {
      * List of DNS names for which a certificate is being requested (i.e. certificate subjects).
      */
     dnsNames?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: `0`)
+     */
     earlyRenewalHours?: pulumi.Input<number>;
     /**
      * List of IP addresses for which a certificate is being requested (i.e. certificate subjects).

package/selfSignedCert.js

@@ -5,6 +5,55 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.SelfSignedCert = void 0;
 const pulumi = require("@pulumi/pulumi");
 const utilities = require("./utilities");
+/**
+ * Creates a **self-signed** TLS certificate in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
+ *
+ * > **Warning** Self-signed certificates are usually used only in development environments
+ * or applications deployed internally to an organization.
+ * Certificates of this type are generally not trusted by client software such
+ * as web browsers. Therefore clients are likely to generate trust warnings when
+ * connecting to a server that has a self-signed certificate.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as std from "@pulumi/std";
+ * import * as tls from "@pulumi/tls";
+ *
+ * const example = new tls.SelfSignedCert("example", {
+ *     privateKeyPem: std.file({
+ *         input: "private_key.pem",
+ *     }).then(invoke => invoke.result),
+ *     subject: {
+ *         commonName: "example.com",
+ *         organization: "ACME Examples, Inc",
+ *     },
+ *     validityPeriodHours: 12,
+ *     allowedUses: [
+ *         "key_encipherment",
+ *         "digital_signature",
+ *         "server_auth",
+ *     ],
+ * });
+ * ```
+ *
+ * ## Automatic Renewal
+ *
+ * This resource considers its instances to have been deleted after either their validity
+ * periods ends (i.e. beyond the `validityPeriodHours`)
+ * or the early renewal period is reached (i.e. within the `earlyRenewalHours`):
+ * when this happens, the `readyForRenewal` attribute will be `true`.
+ * At this time, applying the Terraform configuration will cause a new certificate to be
+ * generated for the instance.
+ *
+ * Therefore in a development environment with frequent deployments it may be convenient
+ * to set a relatively-short expiration time and use early renewal to automatically provision
+ * a new certificate when the current one is about to expire.
+ *
+ * The creation of a new certificate may of course cause dependent resources to be updated
+ * or replaced, depending on the lifecycle rules applying to those resources.
+ */
 class SelfSignedCert extends pulumi.CustomResource {
     /**
      * Get an existing SelfSignedCert resource's state with the given name, ID, and optional extra

package/selfSignedCert.js.map

@@ -1 +1 @@
-{"version":3,"file":"selfSignedCert.js","sourceRoot":"","sources":["../selfSignedCert.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC,MAAa,cAAe,SAAQ,MAAM,CAAC,cAAc;IACrD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA2B,EAAE,IAAmC;QACzH,OAAO,IAAI,cAAc,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IACrE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,cAAc,CAAC,YAAY,CAAC;IAC/D,CAAC;IA4ED,YAAY,IAAY,EAAE,WAAsD,EAAE,IAAmC;QACjH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA8C,CAAC;YAC7D,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;YAC3C,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;YAC7C,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;YAC/D,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;YAC/D,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;YAC3C,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,EAAE,IAAI,CAAC;YACrC,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,qBAAqB,CAAC,GAAG,KAAK,EAAE,mBAAmB,CAAC;YACnE,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;SAClE;aAAM;YACH,MAAM,IAAI,GAAG,WAA6C,CAAC;YAC3D,IAAI,IAAI,EAAE,WAAW,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC9C,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;aAC9D;YACD,IAAI,IAAI,EAAE,aAAa,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAChD,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;aAChE;YACD,IAAI,IAAI,EAAE,mBAAmB,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACtD,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;aACtE;YACD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;YAClD,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC5C,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,EAAE,iBAAiB,CAAC;YAC9D,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;YAClD,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,EAAE,aAAa,CAAC;YACtD,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtG,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,EAAE,iBAAiB,CAAC;YAC9D,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC;YAC1C,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,IAAI,CAAC;YACpC,cAAc,CAAC,qBAAqB,CAAC,GAAG,IAAI,EAAE,mBAAmB,CAAC;YAClE,cAAc,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC9C,cAAc,CAAC,cAAc,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACnD,cAAc,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACtD,cAAc,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACtD,cAAc,CAAC,mBAAmB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC3D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,eAAe,CAAC,EAAE,CAAC;QAClE,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,cAAc,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACnE,CAAC;;AA7JL,wCA8JC;AAhJG,gBAAgB;AACO,2BAAY,GAAG,yCAAyC,CAAC"}
+{"version":3,"file":"selfSignedCert.js","sourceRoot":"","sources":["../selfSignedCert.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AACH,MAAa,cAAe,SAAQ,MAAM,CAAC,cAAc;IACrD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA2B,EAAE,IAAmC;QACzH,OAAO,IAAI,cAAc,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IACrE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,cAAc,CAAC,YAAY,CAAC;IAC/D,CAAC;IA+ED,YAAY,IAAY,EAAE,WAAsD,EAAE,IAAmC;QACjH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA8C,CAAC;YAC7D,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;YAC3C,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;YAC7C,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;YAC/D,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;YAC/D,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;YAC3C,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,EAAE,IAAI,CAAC;YACrC,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,qBAAqB,CAAC,GAAG,KAAK,EAAE,mBAAmB,CAAC;YACnE,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;SAClE;aAAM;YACH,MAAM,IAAI,GAAG,WAA6C,CAAC;YAC3D,IAAI,IAAI,EAAE,WAAW,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC9C,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;aAC9D;YACD,IAAI,IAAI,EAAE,aAAa,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAChD,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;aAChE;YACD,IAAI,IAAI,EAAE,mBAAmB,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACtD,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;aACtE;YACD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;YAClD,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC5C,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,EAAE,iBAAiB,CAAC;YAC9D,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;YAClD,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,EAAE,aAAa,CAAC;YACtD,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtG,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,EAAE,iBAAiB,CAAC;YAC9D,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC;YAC1C,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,IAAI,CAAC;YACpC,cAAc,CAAC,qBAAqB,CAAC,GAAG,IAAI,EAAE,mBAAmB,CAAC;YAClE,cAAc,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC9C,cAAc,CAAC,cAAc,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACnD,cAAc,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACtD,cAAc,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACtD,cAAc,CAAC,mBAAmB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC3D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,eAAe,CAAC,EAAE,CAAC;QAClE,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,cAAc,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACnE,CAAC;;AAhKL,wCAiKC;AAnJG,gBAAgB;AACO,2BAAY,GAAG,yCAAyC,CAAC"}