@pulumi/tls

What is @pulumi/tls?

@pulumi/tls is an npm package that provides TLS (Transport Layer Security) utilities for managing and creating TLS certificates and keys. It is part of the Pulumi ecosystem, which allows for infrastructure as code using familiar programming languages.

What are @pulumi/tls's main functionalities?

Creating a Self-Signed Certificate

This feature allows you to create a self-signed certificate using the @pulumi/tls package. The code sample demonstrates how to generate a private key and then use it to create a self-signed certificate.

const tls = require('@pulumi/tls');

const privateKey = new tls.PrivateKey('example', { algorithm: 'RSA', rsaBits: 2048 });
const selfSignedCert = new tls.SelfSignedCert('example', {
  keyAlgorithm: 'RSA',
  privateKeyPem: privateKey.privateKeyPem,
  subjects: [{ commonName: 'example.com' }],
  validityPeriodHours: 8760,
  allowedUses: ['keyEncipherment', 'digitalSignature', 'serverAuth']
});

exports.certPem = selfSignedCert.certPem;

Creating a Private Key

This feature allows you to create a private key. The code sample shows how to generate an RSA private key with a specified number of bits.

const tls = require('@pulumi/tls');

const privateKey = new tls.PrivateKey('example', { algorithm: 'RSA', rsaBits: 2048 });

exports.privateKeyPem = privateKey.privateKeyPem;

Creating a Certificate Signing Request (CSR)

This feature allows you to create a Certificate Signing Request (CSR). The code sample demonstrates how to generate a CSR using a private key and subject information.

const tls = require('@pulumi/tls');

const privateKey = new tls.PrivateKey('example', { algorithm: 'RSA', rsaBits: 2048 });
const csr = new tls.CertRequest('example', {
  keyAlgorithm: 'RSA',
  privateKeyPem: privateKey.privateKeyPem,
  subjects: [{ commonName: 'example.com' }]
});

exports.csrPem = csr.certRequestPem;

Other packages similar to @pulumi/tls

node-forge

node-forge is a JavaScript library that provides a native implementation of TLS, PKI, and various cryptographic utilities. It is more general-purpose compared to @pulumi/tls, which is specifically designed for infrastructure as code scenarios.

pem

pem is a simple library for creating and managing PEM encoded certificates and keys. It provides functionalities similar to @pulumi/tls but is more focused on basic certificate and key management rather than integration with infrastructure as code.

openssl-wrapper

openssl-wrapper is a Node.js wrapper for the OpenSSL command-line tool. It allows you to perform various cryptographic operations, including creating certificates and keys. While it offers similar functionalities, it relies on the OpenSSL binary and is not as tightly integrated with infrastructure as code workflows as @pulumi/tls.

README

TLS Resource Provider

The TLS resource provider for Pulumi lets you create TLS keys and certificates in your cloud programs. To use this package, please install the Pulumi CLI first.

Installing

This package is available in many languages in the standard packaging formats.

Node.js (Java/TypeScript)

To use from JavaScript or TypeScript in Node.js, install using either npm:

$ npm install @pulumi/tls

or yarn:

$ yarn add @pulumi/tls

Python

To use from Python, install using pip:

$ pip install pulumi_tls

Go

To use from Go, use go get to grab the latest version of the library

$ go get github.com/pulumi/pulumi-tls/sdk/v5

.NET

To use from .NET, install using dotnet add package:

$ dotnet add package Pulumi.Tls

Concepts

The @pulumi/tls package provides a strongly-typed means to build cloud applications that create and interact closely with TLS resources.

Reference

For further information, please visit the TLS provider docs or for detailed reference documentation, please visit the API docs.