Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi IDP Pulumi Cloud Packages Tutorials
  1. Packages
  2. Self Signed Certificate
Self Signed Certificate v0.1.3 published on Monday, Jan 9, 2023 by Pulumi
pulumi/pulumi-tls-self-signed-cert

Self Signed Certificate

tls-self-signed-cert logo
Self Signed Certificate v0.1.3 published on Monday, Jan 9, 2023 by Pulumi
pulumi/pulumi-tls-self-signed-cert

    Pulumi’s Self Signed Certificate Package makes it simple for you to quickly create a self signed certificate. The guide below will quickly you through how to provision a self signed certificate with the minimal set of inputs. Please refer to the API Docs for more detailed information on this Packages’s usage.

    Quick Start

    The following steps will get you started with a self signed certificate.

    Configure Environment

    Before you get started using Pulumi, let’s run through a few quick steps to ensure your environment is set up correctly.

    Install Pulumi

    $ brew install pulumi/tap/pulumi
    $ curl -fsSL https://get.pulumi.com | sh
    All Windows examples in this tutorial assume you are running in PowerShell.
    > choco install pulumi

    Other installation options are available. When the installation completes, you can test it out by reading the current version:

    $ pulumi version
v2.23.1
    $ pulumi version
v2.23.1
    > pulumi version
v2.23.1

    If this doesn't work, you may need to restart your terminal to ensure the folder containing the pulumi command is on your PATH.

    Next, install the required language runtime, if you have not already.

    Install Language Runtime

    Choose Your Language

    <div>
    <pulumi-choosable type="language" values="typescript" mode="">

    Install Node.js.

    If you're having trouble setting up Node.js up on your machine, see Installing Node.js via Package Manager for alternative installation options.

    <div>
    <pulumi-choosable type="language" values="python" mode="">

    Install Python. To reduce potential issues with setting up your Python environment on Windows or macOS, you should install Python through the official Python installer.

    pip is required to install dependencies. If you installed Python from source, with an installer from python.org, or via Homebrew you should already have pip. If Python is installed using your OS package manager, you may have to install pip separately, see Installing pip/setuptools/wheel with Linux Package Managers. For example, on Debian/Ubuntu you must run sudo apt install python3-venv python3-pip.

    If you're having trouble setting up Python on your machine, see Python 3 Installation & Setup Guide for detailed installation instructions on various operating systems and distributions.

    <div>
    <pulumi-choosable type="language" values="go" mode="">

    Install Go.

    Pulumi requires a supported version of Go— this typically refers to the two most recent major releases. Note that Go calls 1.20, 1.21, etc. major releases, unlike semantic versioning. If you're using Linux, your distribution may not provide an up to date version of the Go compiler. To check what version of Go you have installed, use: go version.

    <div>
    <pulumi-choosable type="language" values="csharp,fsharp,visualbasic" mode="">

    Install .NET SDK.

    Pulumi will need the dotnet executable in order to build and run your Pulumi .NET application. Ensure that the dotnet executable can be found on your path after installation.

    <div>
    <pulumi-choosable type="language" values="yaml" mode="">

    Good news! You don’t have to install anything else to write Pulumi programs in YAML.

    Create New Project

    Now that you have set up your environment by installing Pulumi and installing your preferred language runtime, let’s create your Pulumi program.

    <div>
    <pulumi-choosable type="language" values="typescript" mode="">

    $ mkdir tls-self-signed-cert-quickstart && cd tls-self-signed-cert-quickstart
$ pulumi new typescript

    <div>
    <pulumi-choosable type="language" values="python" mode="">

    $ mkdir tls-self-signed-cert-quickstart && cd tls-self-signed-cert-quickstart
$ pulumi new python

    <div>
    <pulumi-choosable type="language" values="go" mode="">

    # from within your $GOPATH
$ mkdir tls-self-signed-cert-quickstart && cd tls-self-signed-cert-quickstart
$ pulumi new go

    <div>
    <pulumi-choosable type="language" values="csharp" mode="">

    $ mkdir tls-self-signed-cert-quickstart && cd tls-self-signed-cert-quickstart
$ pulumi new csharp

    <div>
    <pulumi-choosable type="language" values="yaml" mode="">

    $ mkdir tls-self-signed-cert-quickstart && cd tls-self-signed-cert-quickstart
$ pulumi new yaml

    The pulumi new command creates a new Pulumi project with some basic scaffolding based on the cloud and language specified.

    If this is your first time running pulumi new or other pulumi commands, you may be prompted to log in to Pulumi Cloud. The Pulumi CLI and Pulumi Cloud work in tandem to deliver a reliable experience. It's free for individual use, with features available for teams, and self-managed options are also available. Hitting Enter at the prompt opens a browser for you to sign in or sign up.

    After logging in, the CLI will proceed with walking you through creating a new project.

    First, you will be asked for a project name and description. Hit ENTER to accept the default values or specify new values.

    Next, you will be asked for the name of a stack. Hit ENTER to accept the default value of dev.

    What are projects and stacks? Pulumi projects and stacks let you organize Pulumi code. Consider a Pulumi project to be analogous to a GitHub repo—a single place for code—and a stack to be an instance of that code with a separate configuration. For instance, Project Foo may have multiple stacks for different development environments (Dev, Test, or Prod), or perhaps for different cloud configurations (geographic region for example). See Organizing Projects and Stacks for some best practices on organizing your Pulumi projects and stacks.

    <div>
    <pulumi-choosable type="language" values="typescript" mode="">

    After some dependency installations from npm, your project and stack will be ready.

    Install the Self Signed Certificate Package

    Next you will need to install the Self Signed Certificate Package so you can use it in your program.

    Yarn
    $ yarn add @pulumi/tls-self-signed-cert
    NPM
    $ npm install @pulumi/tls-self-signed-cert

    <div>
    <pulumi-choosable type="language" values="python" mode="">

    After the command completes, the project and stack will be ready.

    Install the Self Signed Certificate Package

    Next you will need to install the Self Signed Certificate Package so you can use it in your program.

    $ pip3 install pulumi_tls_self_signed_cert

    <div>
    <pulumi-choosable type="language" values="go" mode="">

    After the command completes, the project and stack will be ready.

    Install the Self Signed Certificate Package

    Next you will need to install the Self Signed Certificate Package so you can use it in your program.

    $ go get -u github.com/pulumi/pulumi-tls-self-signed-cert/sdk

    <div>
    <pulumi-choosable type="language" values="csharp,fsharp,visualbasic" mode="">

    After the command completes, the project and stack will be ready.

    Install the Self Signed Certificate Package

    Next you will need to install the Self Signed Certificate Package so you can use it in your program.

    $ dotnet add package Pulumi.TlsSelfSignedCert

    Update Code

    Now that you have all your dependencies installed and your project configured, you can now add the code that will provision your self signed certificate.

    <div>
    <pulumi-choosable type="language" values="typescript" mode="">

    Replace your index.ts with the following:

    import * as pulumi from "@pulumi/pulumi";
import * as tls_self_signed_cert from "@pulumi/tls-self-signed-cert";

const cert = new tls_self_signed_cert.SelfSignedCertificate("cert", {
    dnsName: "cert.example.com",
    validityPeriodHours: 807660,
    localValidityPeriodHours: 17520,
    subject: {
        commonName: "example-cert",
        organization: "example-cert LLC",
    },
});
export const pem = cert.pem;
export const privateKey = cert.privateKey;
export const caCert = cert.caCert;

    <div>
    <pulumi-choosable type="language" values="python" mode="">

    Replace your __main__.py with the following:

    import pulumi
import pulumi_tls_self_signed_cert as tls_self_signed_cert

cert = tls_self_signed_cert.SelfSignedCertificate("cert",
    dns_name="cert.example.com",
    validity_period_hours=807660,
    local_validity_period_hours=17520,
    subject=%!v(PANIC=Format method: interface conversion: interface {} is json.RawMessage, not python.PackageInfo))
pulumi.export("pem", cert.pem)
pulumi.export("privateKey", cert.private_key)
pulumi.export("caCert", cert.ca_cert)

    <div>
    <pulumi-choosable type="language" values="go" mode="">

    Replace your main.go with the following:

    package main

import (
	selfSignedCert "github.com/pulumi/pulumi-tls-self-signed-cert/sdk/go/tls-self-signed-cert"
	"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		cert, err := selfSignedCert.NewSelfSignedCertificate(ctx, "cert", &selfSignedCert.SelfSignedCertificateArgs{
			DnsName:                  pulumi.String("cert.example.com"),
			ValidityPeriodHours:      pulumi.Int(807660),
			LocalValidityPeriodHours: pulumi.Int(17520),
			Subject: tls.SelfSignedCertSubjectArgs{
				CommonName:   pulumi.String("example-cert"),
				Organization: pulumi.String("example-cert LLC"),
			},
		})
		if err != nil {
			return err
		}

		ctx.Export("pem", cert.Pem)
		ctx.Export("privateKey", cert.PrivateKey)
		ctx.Export("caCert", cert.CaCert)
	})
}

    <div>
    <pulumi-choosable type="language" values="csharp" mode="">

    Replace your Program.cs with the following:

    using System.Collections.Generic;
using Pulumi;
using TlsSelfSignedCert = Pulumi.TlsSelfSignedCert;

return await Deployment.RunAsync(() =>
{
    var cert = new TlsSelfSignedCert.SelfSignedCertificate("cert", new()
    {
        DnsName = "cert.example.com",
        ValidityPeriodHours = 807660,
        LocalValidityPeriodHours = 17520,
        Subject = %!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference),
    });

    return new Dictionary<string, object?>
    {
        ["pem"] = cert.Pem,
        ["privateKey"] = cert.PrivateKey,
        ["caCert"] = cert.CaCert,
    };
});

    <div>
    <pulumi-choosable type="language" values="yaml" mode="">

    Replace your Pulumi.yaml with the following:

    name: tls-self-signed-cert
runtime: yaml
resources:
    cert:
        type: "tls-self-signed-cert:index:SelfSignedCertificate"
        properties:
            dnsName: "cert.example.com"
            validityPeriodHours: 807660
            localValidityPeriodHours: 17520
            subject:
                commonName: "example-cert"
                organization: "example-cert LLC"
outputs:
    pem: ${cert.pem}
    privateKey: ${cert.privateKey}
    caCert: ${cert.caCert}

    Deploy

    Once you have updated your code you are ready to create your Self Signed Certificate. To do so, run the the following command:

    $ pulumi up

    First Pulumi will perform a preview showing you exactly what will be created. Once the preview is complete Pulumi will ask you if you want to continue. Select yes to proceed to actually provisioning the service.

    All the different resources need to create a self signed certificate will be created.

    (Optional) Destroy

    You can destroy all the resources by running pulumi destroy.

    tls-self-signed-cert logo
    Self Signed Certificate v0.1.3 published on Monday, Jan 9, 2023 by Pulumi
    pulumi/pulumi-tls-self-signed-cert