Share via

CertificatePolicy Class

Management policy for a certificate.

Constructor

CertificatePolicy(issuer_name: str | None = None, **kwargs: Any)

Parameters

Name Description
issuer_name
str or None

Optional. Name of the referenced issuer object or reserved names; for example, self or unknown

Default value: None

Keyword-Only Parameters

Name Description
subject
str or None

The subject name of the certificate. Should be a valid X509 distinguished name. Either subject or one of the subject alternative name parameters are required for creating a certificate. This will be ignored when importing a certificate; the subject will be parsed from the imported certificate.
san_emails
list[str] or None

Subject alternative emails of the X509 object. Either subject or one of the subject alternative name parameters are required for creating a certificate.
san_dns_names
list[str] or None

Subject alternative DNS names of the X509 object. Either subject or one of the subject alternative name parameters are required for creating a certificate.
san_user_principal_names
list[str] or None

Subject alternative user principal names of the X509 object. Either subject or one of the subject alternative name parameters are required for creating a certificate.
exportable
bool or None

Indicates if the private key can be exported. For valid values, see KeyType.
key_type
str or KeyType or None

The type of key pair to be used for the certificate.
key_size
int or None

The key size in bits. For example: 2048, 3072, or 4096 for RSA.
reuse_key
bool or None

Indicates if the same key pair will be used on certificate renewal.
key_curve_name
str or KeyCurveName or None

Elliptic curve name. For valid values, see KeyCurveName.
enhanced_key_usage
list[str] or None

The extended ways the key of the certificate can be used.
key_usage
list[str or KeyUsageType] or None

List of key usages.
content_type
str or CertificateContentType or None

The media type (MIME type) of the secret backing the certificate. If not specified, pkcs12 is assumed.
validity_in_months
int or None

The duration that the certificate is valid in months.
lifetime_actions
list[LifetimeAction] or None

Actions that will be performed by Key Vault over the lifetime of a certificate.
certificate_type
str or None

Type of certificate to be requested from the issuer provider.
certificate_transparency
bool or None

Indicates if the certificates generated under this policy should be published to certificate transparency logs.

Methods

get_default

get_default 

get_default() -> CertificatePolicy

Attributes

certificate_transparency

Whether the certificates generated under this policy should be published to certificate transparency logs.

Returns

Type Description
bool,
None

True if the certificates should be published to transparency logs; False otherwise.

certificate_type

Type of certificate requested from the issuer provider.

Returns

Type Description
str,
None

Type of certificate requested from the issuer provider.

content_type

The media type (MIME type).

Returns

Type Description
CertificateContentType,
None

The media type (MIME type).

created_on

The datetime when the certificate is created.

Returns

Type Description
datetime,
None

The datetime when the certificate is created.

enabled

Whether the certificate is enabled or not.

Returns

Type Description
bool,
None

True if the certificate is enabled; False otherwise.

enhanced_key_usage

The enhanced key usage.

Returns

Type Description
list[str],
None

The enhanced key usage.

exportable

Whether the private key can be exported.

Returns

Type Description
bool,
None

True if the private key can be exported; False otherwise.

issuer_name

Name of the referenced issuer object or reserved names for the issuer of the certificate.

Returns

Type Description
str,
None

Name of the referenced issuer object or reserved names for the issuer of the certificate.

key_curve_name

Elliptic curve name.

Returns

Type Description
KeyCurveName,
None

Elliptic curve name.

key_size

The key size in bits.

Returns

Type Description
int,
None

The key size in bits.

key_type

The type of key pair to be used for the certificate.

Returns

Type Description
KeyType,
None

The type of key pair to be used for the certificate.

key_usage

List of key usages.

Returns

Type Description
list[KeyUsageType],
None

List of key usages.

lifetime_actions

Actions and their triggers that will be performed by Key Vault over the lifetime of the certificate.

Returns

Type Description
list[LifetimeAction],
None

Actions and their triggers that will be performed by Key Vault over the lifetime of the certificate.

reuse_key

Whether the same key pair will be used on certificate renewal.

Returns

Type Description
bool,
None

True if the same key pair will be used on certificate renewal; False otherwise.

san_dns_names

The subject alternative domain names.

Returns

Type Description
list[str],
None

The subject alternative domain names, as a list.

san_emails

The subject alternative email addresses.

Returns

Type Description
list[str],
None

The subject alternative email addresses, as a list.

san_user_principal_names

The subject alternative user principal names.

Returns

Type Description
list[str],
None

The subject alternative user principal names, as a list.

subject

The subject name of the certificate.

Returns

Type Description
str,
None

The subject name of the certificate.

updated_on

The datetime when the certificate was last updated.

Returns

Type Description
datetime,
None

The datetime when the certificate was last updated.

validity_in_months

The duration that the certificate is valid for in months.

Returns

Type Description
int,
None

The duration that the certificate is valid for in months.