Resource: azuread_service_principal_certificate

Manages a certificate associated with a service principal within Azure Active Directory.

API Permissions

The following API permissions are required in order to use this resource.

When authenticated with a service principal, this resource requires one of the following application roles: Application.ReadWrite.OwnedBy or Application.ReadWrite.All

When authenticated with a user principal, this resource may require one of the following directory roles: Application Administrator or Global Administrator

Example Usage

Using a PEM certificate

resource "azuread_application" "example" {
  display_name = "example"
}

resource "azuread_service_principal" "example" {
  application_id = azuread_application.example.application_id
}

resource "azuread_service_principal_certificate" "example" {
  service_principal_id = azuread_service_principal.example.id
  type                 = "AsymmetricX509Cert"
  value                = file("cert.pem")
  end_date             = "2021-05-01T01:02:03Z"
}

Using a DER certificate

resource "azuread_application" "example" {
  display_name = "example"
}

resource "azuread_service_principal" "example" {
  application_id = azuread_application.example.application_id
}

resource "azuread_service_principal_certificate" "example" {
  service_principal_id = azuread_service_principal.example.id
  type                 = "AsymmetricX509Cert"
  encoding             = "base64"
  value                = base64encode(file("cert.der"))
  end_date             = "2021-05-01T01:02:03Z"
}

Argument Reference

The following arguments are supported:

Attributes Reference

No additional attributes are exported.

Import

Certificates can be imported using the object ID of the associated service principal and the key ID of the certificate credential, e.g.

terraform import azuread_service_principal_certificate.example 00000000-0000-0000-0000-000000000000/certificate/11111111-1111-1111-1111-111111111111