Skip to content

Certificates

API

Infisical Certificate Resource API.

CertificatesV1

Bases: InfisicalAPI

Infisical Certificates v1 API Resource.

Attributes:

Name Type Description
base_uri str

/v1/pki/certificates
Source code in src/infisical/resources/certificates/api.py 
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
class CertificatesV1(InfisicalAPI):
    """Infisical Certificates v1 API Resource.

    Attributes:
        base_uri (str): `/v1/pki/certificates`
    """

    base_uri: Final = "/v1/pki/certificates"

    def __init__(self, client: SyncOrAsyncClient) -> None:
        """Initialize the Infisical Certificates Resource.

        Args:
            client (SyncOrAsyncClient): An initialized [InfisicalClient][src.infisical.clients.clients.] or
                [InfisicalAsyncClient][src.infisical.clients.clients.].
        """
        super().__init__(client=client)

    def delete(self, *, serial_number: str) -> Certificate:
        """Delete a certificate.

        Args:
            serial_number (str): The serial number of the certificate.
        """
        self.logger.info("Deleting certificate %s", serial_number)
        url = self._format_url(f"/{serial_number}")
        request = self.client.create_request(method="delete", url=url)
        return self.client.handle_request(request=request, expected_responses={"certificate": Certificate})

    def get_certificate_body_chain(self, *, serial_number: str) -> CertificateBodyChain:
        """Get the certificate body and chain.

        Args:
            serial_number (str): The serial number of the certificate.
        """
        self.logger.info("Getting certificate body and chain for %s", serial_number)
        url = self._format_url(f"/{serial_number}/certificate")
        request = self.client.create_request(method="get", url=url)
        return self.client.handle_request(request=request, expected_responses={"": CertificateBodyChain})

    def get_certificate_bundle(self, *, serial_number: str) -> CertificateBundle:
        """Get the certificate bundle.

        Args:
            serial_number (str): The serial number of the certificate.
        """
        self.logger.info("Getting certificate bundle for %s", serial_number)
        url = self._format_url(f"/{serial_number}/bundle")
        request = self.client.create_request(method="get", url=url)
        return self.client.handle_request(request=request, expected_responses={"": CertificateBundle})

    def get_certificate_private_key(self, *, serial_number: str) -> str:
        """Get the certificate private key.

        Args:
            serial_number (str): The serial number of the certificate.
        """
        self.logger.info("Getting certificate private key for %s", serial_number)
        url = self._format_url(f"/{serial_number}/private-key")
        request = self.client.create_request(method="get", url=url)
        return self.client.handle_request(request=request, expected_responses={"": str})

    def issue_certificate(self, request: IssueCertificateRequest) -> IssuedCertificate:
        """Issue a new certificate.

        Args:
            request (IssueCertificateRequest): The request object containing the certificate details.
        """
        self.logger.info("Issuing certificate %s", request.common_name)
        url = self._format_url("/issue-certificate")
        _request = self.client.create_request(
            method="post",
            url=url,
            body=request.model_dump(by_alias=True, exclude_none=True),
        )
        return self.client.handle_request(request=_request, expected_responses={"certificate": IssuedCertificate})

    def revoke(self, *, serial_number: str, reason: RevocationReasons) -> Revocation:
        """Revoke a certificate.

        Args:
            serial_number (str): The serial number of the certificate.
            reason (RevocationReasons): The reason for revocation.
        """
        self.logger.info("Revoking certificate: %s", serial_number)
        url = self._format_url(f"/{serial_number}/revoke")
        request = self.client.create_request(method="post", url=url, body={"revocationReason": reason})
        return self.client.handle_request(request=request, expected_responses={"": Revocation})

    def sign_certificate(self, csr: SignCertificateRequest) -> SignedCertificate:
        """Sign a certificate.

        Args:
            csr (SignCertificateRequest): The request object containing the CSR details.
        """
        self.logger.info("Signing certificate: %s", csr.friendly_name or csr.common_name or "CSR")
        url = self._format_url("/sign-certificate")
        request = self.client.create_request(
            method="post",
            url=url,
            body=csr.model_dump(by_alias=True, exclude_none=True),
        )
        return self.client.handle_request(request=request, expected_responses={"certificate": SignedCertificate})

__init__ 

__init__(client: SyncOrAsyncClient) -> None

Initialize the Infisical Certificates Resource.

Parameters:

Name Type Description Default
client SyncOrAsyncClient

An initialized InfisicalClient or InfisicalAsyncClient.

 required
Source code in src/infisical/resources/certificates/api.py 
32
33
34
35
36
37
38
39
def __init__(self, client: SyncOrAsyncClient) -> None:
    """Initialize the Infisical Certificates Resource.

    Args:
        client (SyncOrAsyncClient): An initialized [InfisicalClient][src.infisical.clients.clients.] or
            [InfisicalAsyncClient][src.infisical.clients.clients.].
    """
    super().__init__(client=client)

delete 

delete(*, serial_number: str) -> Certificate

Delete a certificate.

Parameters:

Name Type Description Default
serial_number str

The serial number of the certificate.

 required
Source code in src/infisical/resources/certificates/api.py 
41
42
43
44
45
46
47
48
49
50
def delete(self, *, serial_number: str) -> Certificate:
    """Delete a certificate.

    Args:
        serial_number (str): The serial number of the certificate.
    """
    self.logger.info("Deleting certificate %s", serial_number)
    url = self._format_url(f"/{serial_number}")
    request = self.client.create_request(method="delete", url=url)
    return self.client.handle_request(request=request, expected_responses={"certificate": Certificate})

get_certificate_body_chain 

get_certificate_body_chain(*, serial_number: str) -> CertificateBodyChain

Get the certificate body and chain.

Parameters:

Name Type Description Default
serial_number str

The serial number of the certificate.

 required
Source code in src/infisical/resources/certificates/api.py 
52
53
54
55
56
57
58
59
60
61
def get_certificate_body_chain(self, *, serial_number: str) -> CertificateBodyChain:
    """Get the certificate body and chain.

    Args:
        serial_number (str): The serial number of the certificate.
    """
    self.logger.info("Getting certificate body and chain for %s", serial_number)
    url = self._format_url(f"/{serial_number}/certificate")
    request = self.client.create_request(method="get", url=url)
    return self.client.handle_request(request=request, expected_responses={"": CertificateBodyChain})

get_certificate_bundle 

get_certificate_bundle(*, serial_number: str) -> CertificateBundle

Get the certificate bundle.

Parameters:

Name Type Description Default
serial_number str

The serial number of the certificate.

 required
Source code in src/infisical/resources/certificates/api.py 
63
64
65
66
67
68
69
70
71
72
def get_certificate_bundle(self, *, serial_number: str) -> CertificateBundle:
    """Get the certificate bundle.

    Args:
        serial_number (str): The serial number of the certificate.
    """
    self.logger.info("Getting certificate bundle for %s", serial_number)
    url = self._format_url(f"/{serial_number}/bundle")
    request = self.client.create_request(method="get", url=url)
    return self.client.handle_request(request=request, expected_responses={"": CertificateBundle})

get_certificate_private_key 

get_certificate_private_key(*, serial_number: str) -> str

Get the certificate private key.

Parameters:

Name Type Description Default
serial_number str

The serial number of the certificate.

 required
Source code in src/infisical/resources/certificates/api.py 
74
75
76
77
78
79
80
81
82
83
def get_certificate_private_key(self, *, serial_number: str) -> str:
    """Get the certificate private key.

    Args:
        serial_number (str): The serial number of the certificate.
    """
    self.logger.info("Getting certificate private key for %s", serial_number)
    url = self._format_url(f"/{serial_number}/private-key")
    request = self.client.create_request(method="get", url=url)
    return self.client.handle_request(request=request, expected_responses={"": str})

issue_certificate 

issue_certificate(request: IssueCertificateRequest) -> IssuedCertificate

Issue a new certificate.

Parameters:

Name Type Description Default
request IssueCertificateRequest

The request object containing the certificate details.

 required
Source code in src/infisical/resources/certificates/api.py 
85
86
87
88
89
90
91
92
93
94
95
96
97
98
def issue_certificate(self, request: IssueCertificateRequest) -> IssuedCertificate:
    """Issue a new certificate.

    Args:
        request (IssueCertificateRequest): The request object containing the certificate details.
    """
    self.logger.info("Issuing certificate %s", request.common_name)
    url = self._format_url("/issue-certificate")
    _request = self.client.create_request(
        method="post",
        url=url,
        body=request.model_dump(by_alias=True, exclude_none=True),
    )
    return self.client.handle_request(request=_request, expected_responses={"certificate": IssuedCertificate})

revoke 

revoke(*, serial_number: str, reason: RevocationReasons) -> Revocation

Revoke a certificate.

Parameters:

Name Type Description Default
serial_number str

The serial number of the certificate.

 required
reason RevocationReasons

The reason for revocation.

 required
Source code in src/infisical/resources/certificates/api.py 
100
101
102
103
104
105
106
107
108
109
110
def revoke(self, *, serial_number: str, reason: RevocationReasons) -> Revocation:
    """Revoke a certificate.

    Args:
        serial_number (str): The serial number of the certificate.
        reason (RevocationReasons): The reason for revocation.
    """
    self.logger.info("Revoking certificate: %s", serial_number)
    url = self._format_url(f"/{serial_number}/revoke")
    request = self.client.create_request(method="post", url=url, body={"revocationReason": reason})
    return self.client.handle_request(request=request, expected_responses={"": Revocation})

sign_certificate 

sign_certificate(csr: SignCertificateRequest) -> SignedCertificate

Sign a certificate.

Parameters:

Name Type Description Default
csr SignCertificateRequest

The request object containing the CSR details.

 required
Source code in src/infisical/resources/certificates/api.py 
112
113
114
115
116
117
118
119
120
121
122
123
124
125
def sign_certificate(self, csr: SignCertificateRequest) -> SignedCertificate:
    """Sign a certificate.

    Args:
        csr (SignCertificateRequest): The request object containing the CSR details.
    """
    self.logger.info("Signing certificate: %s", csr.friendly_name or csr.common_name or "CSR")
    url = self._format_url("/sign-certificate")
    request = self.client.create_request(
        method="post",
        url=url,
        body=csr.model_dump(by_alias=True, exclude_none=True),
    )
    return self.client.handle_request(request=request, expected_responses={"certificate": SignedCertificate})

CertificatesV2

Bases: InfisicalAPI

Infisical Certificates v2 API Resource.

Attributes:

Name Type Description
base_uri str

/v2/workspace
Source code in src/infisical/resources/certificates/api.py 
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
class CertificatesV2(InfisicalAPI):
    """Infisical Certificates v2 API Resource.

    Attributes:
        base_uri (str): `/v2/workspace`
    """

    base_uri: Final = "/v2/workspace"

    def __init__(self, client: SyncOrAsyncClient) -> None:
        """Initialize the Infisical Certificates Resource.

        Args:
            client (SyncOrAsyncClient): An initialized [InfisicalClient][src.infisical.clients.clients.] or
                [InfisicalAsyncClient][src.infisical.clients.clients.].
        """
        super().__init__(client=client)

    def list(self, *, slug: str, **params: Unpack[ListCertificatesQueryParams]) -> CertificatesList:
        """List all certificates in the specified project slug.

        Args:
            slug (str): The project slug.
            **params (ListCertificatesQueryParams): Additional query parameters for filtering the list of certificates.

        Raises:
            InfisicalResourceError: If required params are missing or invalid.
        """
        if "offset" in params and (params["offset"] < 0 or params["offset"] > 100):  # noqa: PLR2004
            self.raise_resource_error("Offset must be between 0 and 100.")
        if "limit" in params and (params["limit"] < 1 or params["limit"] > 100):  # noqa: PLR2004
            self.raise_resource_error("Limit must be between 1 and 100.")
        self.logger.info("Listing certificates in project %s", slug)
        request = self.client.create_request(
            method="get",
            url=self._format_url(f"/{slug}/certificates"),
            params=params,
        )
        return self.client.handle_request(request=request, expected_responses={"": CertificatesList})

__init__ 

__init__(client: SyncOrAsyncClient) -> None

Initialize the Infisical Certificates Resource.

Parameters:

Name Type Description Default
client SyncOrAsyncClient

An initialized InfisicalClient or InfisicalAsyncClient.

 required
Source code in src/infisical/resources/certificates/api.py 
137
138
139
140
141
142
143
144
def __init__(self, client: SyncOrAsyncClient) -> None:
    """Initialize the Infisical Certificates Resource.

    Args:
        client (SyncOrAsyncClient): An initialized [InfisicalClient][src.infisical.clients.clients.] or
            [InfisicalAsyncClient][src.infisical.clients.clients.].
    """
    super().__init__(client=client)

list 

list(
    *, slug: str, **params: Unpack[ListCertificatesQueryParams]
) -> CertificatesList

List all certificates in the specified project slug.

Parameters:

Name Type Description Default
slug str

The project slug.

 required
**params ListCertificatesQueryParams

Additional query parameters for filtering the list of certificates.

 {}

Raises:

Type Description
InfisicalResourceError

If required params are missing or invalid.
Source code in src/infisical/resources/certificates/api.py 
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
def list(self, *, slug: str, **params: Unpack[ListCertificatesQueryParams]) -> CertificatesList:
    """List all certificates in the specified project slug.

    Args:
        slug (str): The project slug.
        **params (ListCertificatesQueryParams): Additional query parameters for filtering the list of certificates.

    Raises:
        InfisicalResourceError: If required params are missing or invalid.
    """
    if "offset" in params and (params["offset"] < 0 or params["offset"] > 100):  # noqa: PLR2004
        self.raise_resource_error("Offset must be between 0 and 100.")
    if "limit" in params and (params["limit"] < 1 or params["limit"] > 100):  # noqa: PLR2004
        self.raise_resource_error("Limit must be between 1 and 100.")
    self.logger.info("Listing certificates in project %s", slug)
    request = self.client.create_request(
        method="get",
        url=self._format_url(f"/{slug}/certificates"),
        params=params,
    )
    return self.client.handle_request(request=request, expected_responses={"": CertificatesList})

Certificates

Infisical Certificates Resource.

Attributes:

Name Type Description
v1 CertificatesV1

The v1 API resource for certificates.
v2 CertificatesV2

The v2 API resource for certificates.
Source code in src/infisical/resources/certificates/api.py 
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
class Certificates:
    """Infisical Certificates Resource.

    Attributes:
        v1 (CertificatesV1): The v1 API resource for certificates.
        v2 (CertificatesV2): The v2 API resource for certificates.
    """

    def __init__(self, client: SyncOrAsyncClient) -> None:
        """Initialize the Infisical Certificates Resource.

        Args:
            client (SyncOrAsyncClient): An initialized [InfisicalClient][src.infisical.clients.clients.] or
                [InfisicalAsyncClient][src.infisical.clients.clients.].
        """
        self.v1 = CertificatesV1(client=client)
        self.v2 = CertificatesV2(client=client)

__init__ 

__init__(client: SyncOrAsyncClient) -> None

Initialize the Infisical Certificates Resource.

Parameters:

Name Type Description Default
client SyncOrAsyncClient

An initialized InfisicalClient or InfisicalAsyncClient.

 required
Source code in src/infisical/resources/certificates/api.py 
177
178
179
180
181
182
183
184
185
def __init__(self, client: SyncOrAsyncClient) -> None:
    """Initialize the Infisical Certificates Resource.

    Args:
        client (SyncOrAsyncClient): An initialized [InfisicalClient][src.infisical.clients.clients.] or
            [InfisicalAsyncClient][src.infisical.clients.clients.].
    """
    self.v1 = CertificatesV1(client=client)
    self.v2 = CertificatesV2(client=client)

Models

Infisical Certificate Resource Models.

ListCertificatesQueryParams

Bases: TypedDict

Query parameters for listing certificates.

Theese the available query parameters you can pass to the list method.

Other Parameters:

Name Type Description
limit int

The maximum number of certificates to return, between 1 and 100 inclusive.
offset int

The offset for pagination, between 0 and 100 inclusive.
commonName str

The common name of the certificate.
friendlyName str

The friendly name of the certificate.
Source code in src/infisical/resources/certificates/models.py 
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
class ListCertificatesQueryParams(TypedDict, total=False):
    """Query parameters for listing certificates.

    Theese the available query parameters you can pass to the
    [list][src.infisical.resources.certificates.api.CertificatesV2.] method.

    Other parameters:
        limit (int): The maximum number of certificates to return, between `1` and `100` inclusive.
        offset (int): The offset for pagination, between `0` and `100` inclusive.
        commonName (str): The common name of the certificate.
        friendlyName (str): The friendly name of the certificate.
    """

    commonName: str
    friendlyName: str
    limit: int
    offset: int

Certificate

Bases: BaseModel

Certificate model.

Attributes:

Name Type Description
alt_names list[str] | str | None

Alternative names for the certificate.
ca_cert_id str

The ID of the CA certificate.
ca_id str

The ID of the CA.
certificate_id str

The ID of the certificate.
certificate_template_id str | None

The ID of the certificate template.
common_name str

The common name for the certificate.
created_at datetime

The creation date of the certificate.
extended_key_usages list[str] | None

Extended key usages for the certificate.
friendly_name str

A friendly name for the certificate.
key_usages list[str] | None

Key usages for the certificate.
not_after datetime

The expiration date of the certificate.
not_before datetime

The start date of the certificate's validity period.
revocation_reason int | None

The reason for revocation, if applicable.
revoked_at datetime | None

The date when the certificate was revoked, if applicable.
serial_number str

The serial number of the certificate.
status str

The status of the certificate.
updated_at datetime

The last update date of the certificate.
Source code in src/infisical/resources/certificates/models.py 
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
class Certificate(BaseModel):
    """Certificate model.

    Attributes:
        alt_names (list[str] | str | None): Alternative names for the certificate.
        ca_cert_id (str): The ID of the CA certificate.
        ca_id (str): The ID of the CA.
        certificate_id (str): The ID of the certificate.
        certificate_template_id (str | None): The ID of the certificate template.
        common_name (str): The common name for the certificate.
        created_at (datetime.datetime): The creation date of the certificate.
        extended_key_usages (list[str] | None): Extended key usages for the certificate.
        friendly_name (str): A friendly name for the certificate.
        key_usages (list[str] | None): Key usages for the certificate.
        not_after (datetime.datetime): The expiration date of the certificate.
        not_before (datetime.datetime): The start date of the certificate's validity period.
        revocation_reason (int | None): The reason for revocation, if applicable.
        revoked_at (datetime.datetime | None): The date when the certificate was revoked, if applicable.
        serial_number (str): The serial number of the certificate.
        status (str): The status of the certificate.
        updated_at (datetime.datetime): The last update date of the certificate.
    """

    alt_names: Annotated[list[str] | str | None, Field(alias="altNames", default=None)]
    ca_cert_id: Annotated[str, Field(alias="caCertId")]
    ca_id: Annotated[str, Field(alias="caId")]
    certificate_id: Annotated[str, Field(alias="id")]
    certificate_template_id: Annotated[str | None, Field(alias="certificateTemplateId", default=None)]
    common_name: Annotated[str, Field(alias="commonName")]
    created_at: Annotated[datetime.datetime, Field(alias="createdAt")]
    extended_key_usages: Annotated[list[str] | None, Field(alias="extendedKeyUsages", default=None)]
    friendly_name: Annotated[str, Field(alias="friendlyName")]
    key_usages: Annotated[list[str] | None, Field(alias="keyUsages", default=None)]
    not_after: Annotated[datetime.datetime, Field(alias="notAfter")]
    not_before: Annotated[datetime.datetime, Field(alias="notBefore")]
    revocation_reason: Annotated[int | None, Field(alias="revocationReason", default=None)]
    revoked_at: Annotated[datetime.datetime | None, Field(alias="revokedAt", default=None)]
    serial_number: Annotated[str, Field(alias="serialNumber")]
    status: Annotated[str, Field()]
    updated_at: Annotated[datetime.datetime, Field(alias="updatedAt")]

CertificatesList

Bases: BaseModel

Certificates list model.

Attributes:

Name Type Description
certificates list[Certificate]

A list of certificates.
Source code in src/infisical/resources/certificates/models.py 
103
104
105
106
107
108
109
110
class CertificatesList(BaseModel):
    """Certificates list model.

    Attributes:
        certificates (list[Certificate]): A list of certificates.
    """

    certificates: Annotated[list[Certificate], Field(alias="certificates")]

CertificateBodyChain

Bases: BaseModel

Certificate body and chain model.

Attributes:

Name Type Description
certificate_chain str | None

The certificate chain.
certificate str

The certificate.
serial_number str

The serial number of the certificate.
Source code in src/infisical/resources/certificates/models.py 
113
114
115
116
117
118
119
120
121
122
123
124
class CertificateBodyChain(BaseModel):
    """Certificate body and chain model.

    Attributes:
        certificate_chain (str | None): The certificate chain.
        certificate (str): The certificate.
        serial_number (str): The serial number of the certificate.
    """

    certificate_chain: Annotated[str | None, Field(alias="certificateChain", default=None)]
    certificate: Annotated[str, Field()]
    serial_number: Annotated[str, Field(alias="serialNumber")]

CertificateBundle

Bases: BaseModel

Certificate bundle model.

Attributes:

Name Type Description
certificate_chain str | None

The certificate chain.
certificate str

The certificate.
private_key str

The private key.
serial_number str

The serial number of the certificate.
Source code in src/infisical/resources/certificates/models.py 
127
128
129
130
131
132
133
134
135
136
137
138
139
140
class CertificateBundle(BaseModel):
    """Certificate bundle model.

    Attributes:
        certificate_chain (str | None): The certificate chain.
        certificate (str): The certificate.
        private_key (str): The private key.
        serial_number (str): The serial number of the certificate.
    """

    certificate_chain: Annotated[str | None, Field(alias="certificateChain", default=None)]
    certificate: Annotated[str, Field()]
    private_key: Annotated[str, Field(alias="privateKey")]
    serial_number: Annotated[str, Field(alias="serialNumber")]

Revocation

Bases: BaseModel

Revocation model.

Attributes:

Name Type Description
message str

The revocation message.
revoked_at datetime

The date when the certificate was revoked.
serial_number str

The serial number of the certificate.
Source code in src/infisical/resources/certificates/models.py 
143
144
145
146
147
148
149
150
151
152
153
154
class Revocation(BaseModel):
    """Revocation model.

    Attributes:
        message (str): The revocation message.
        revoked_at (datetime.datetime): The date when the certificate was revoked.
        serial_number (str): The serial number of the certificate.
    """

    message: Annotated[str, Field()]
    revoked_at: Annotated[datetime.datetime, Field(alias="revokedAt")]
    serial_number: Annotated[str, Field(alias="serialNumber")]

IssueCertificateRequest

Bases: InfisicalResourceRequest

Issue certificate request model.

The following are required when creating a new request
  • ca_id
  • common_name
  • friendly_name
  • ttl
  • workspace_id
  • environment

Attributes:

Name Type Description
alt_names list[str] | None

Alternative names for the certificate.
ca_id str

The ID of the CA.
certificate_template_id str | None

The ID of the certificate template.
common_name str

The common name for the certificate.
extended_key_usages list[ExtendedKeyUsages] | None

Extended key usages for the certificate.
friendly_name str

A friendly name for the certificate.
key_usages list[KeyUsages] | None

Key usages for the certificate.
not_after datetime | None

The expiration date of the certificate.
not_before datetime | None

The start date of the certificate's validity period.
pki_collection_id str | None

The ID of the PKI collection.
ttl str

The time-to-live for the certificate.
workspace_id str

The ID of the workspace.
environment str

The environment for the certificate.
Source code in src/infisical/resources/certificates/models.py 
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
class IssueCertificateRequest(InfisicalResourceRequest):
    """Issue certificate request model.

    The following are required when creating a new request:
        - `ca_id`
        - `common_name`
        - `friendly_name`
        - `ttl`
        - `workspace_id`
        - `environment`

    Attributes:
        alt_names (list[str] | None): Alternative names for the certificate.
        ca_id (str): The ID of the CA.
        certificate_template_id (str | None): The ID of the certificate template.
        common_name (str): The common name for the certificate.
        extended_key_usages (list[ExtendedKeyUsages] | None): Extended key usages for the certificate.
        friendly_name (str): A friendly name for the certificate.
        key_usages (list[KeyUsages] | None): Key usages for the certificate.
        not_after (datetime.datetime | None): The expiration date of the certificate.
        not_before (datetime.datetime | None): The start date of the certificate's validity period.
        pki_collection_id (str | None): The ID of the PKI collection.
        ttl (str): The time-to-live for the certificate.
        workspace_id (str): The ID of the workspace.
        environment (str): The environment for the certificate.
    """

    alt_names: Annotated[list[str] | None, Field(alias="altNames", default=None)]
    ca_id: Annotated[str, Field(alias="caId")]
    certificate_template_id: Annotated[str | None, Field(alias="certificateTemplateId", default=None)]
    common_name: Annotated[str, Field(alias="commonName")]
    extended_key_usages: Annotated[list[ExtendedKeyUsages] | None, Field(alias="extendedKeyUsages", default=None)]
    friendly_name: Annotated[str, Field(alias="friendlyName")]
    key_usages: Annotated[list[KeyUsages] | None, Field(alias="keyUsages", default=None)]
    not_after: Annotated[datetime.datetime | None, Field(alias="notAfter", default=None)]
    not_before: Annotated[datetime.datetime | None, Field(alias="notBefore", default=None)]
    pki_collection_id: Annotated[str | None, Field(alias="pkiCollectionId", default=None)]
    ttl: Annotated[str, Field(alias="ttl")]

SignCertificateRequest

Bases: InfisicalResourceRequest

Sign certificate request model.

The following are required when creating a new request
  • ca_id
  • common_name
  • csr
  • friendly_name
  • ttl
  • workspace_id
  • environment

Attributes:

Name Type Description
alt_names list[str] | None

Alternative names for the certificate.
ca_id str

The ID of the CA.
certificate_template_id str | None

The ID of the certificate template.
common_name str

The common name for the certificate.
csr str

The Certificate Signing Request (CSR).
extended_key_usages list[ExtendedKeyUsages] | None

Extended key usages for the certificate.
friendly_name str

A friendly name for the certificate.
key_usages list[KeyUsages] | None

Key usages for the certificate.
not_after datetime | None

The expiration date of the certificate.
not_before datetime | None

The start date of the certificate's validity period.
pki_collection_id str | None

The ID of the PKI collection.
ttl str

The time-to-live for the certificate.
workspace_id str

The ID of the workspace.
environment str

The environment for the certificate.
Source code in src/infisical/resources/certificates/models.py 
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
class SignCertificateRequest(InfisicalResourceRequest):
    """Sign certificate request model.

    The following are required when creating a new request:
        - `ca_id`
        - `common_name`
        - `csr`
        - `friendly_name`
        - `ttl`
        - `workspace_id`
        - `environment`

    Attributes:
        alt_names (list[str] | None): Alternative names for the certificate.
        ca_id (str): The ID of the CA.
        certificate_template_id (str | None): The ID of the certificate template.
        common_name (str): The common name for the certificate.
        csr (str): The Certificate Signing Request (CSR).
        extended_key_usages (list[ExtendedKeyUsages] | None): Extended key usages for the certificate.
        friendly_name (str): A friendly name for the certificate.
        key_usages (list[KeyUsages] | None): Key usages for the certificate.
        not_after (datetime.datetime | None): The expiration date of the certificate.
        not_before (datetime.datetime | None): The start date of the certificate's validity period.
        pki_collection_id (str | None): The ID of the PKI collection.
        ttl (str): The time-to-live for the certificate.
        workspace_id (str): The ID of the workspace.
        environment (str): The environment for the certificate.
    """

    alt_names: list[str] | None = Field(alias="altNames", default=None)
    ca_id: str = Field(alias="caId")
    certificate_template_id: str | None = Field(alias="certificateTemplateId", default=None)
    common_name: str = Field(alias="commonName")
    csr: str = Field(alias="csr")
    extended_key_usages: list[ExtendedKeyUsages] | None = Field(alias="extendedKeyUsages", default=None)
    friendly_name: str = Field(alias="friendlyName")
    key_usages: list[KeyUsages] | None = Field(alias="keyUsages", default=None)
    not_after: datetime.datetime | None = Field(alias="notAfter", default=None)
    not_before: datetime.datetime | None = Field(alias="notBefore", default=None)
    pki_collection_id: str | None = Field(alias="pkiCollectionId", default=None)
    ttl: str = Field(alias="ttl")

SignedCertificate

Bases: BaseModel

Signed certificate model.

Attributes:

Name Type Description
certificate_chain str

The certificate chain.
certificate str

The certificate.
issuing_ca_certificate str

The issuing CA certificate.
serial_number str

The serial number of the certificate.
Source code in src/infisical/resources/certificates/models.py 
240
241
242
243
244
245
246
247
248
249
250
251
252
253
class SignedCertificate(BaseModel):
    """Signed certificate model.

    Attributes:
        certificate_chain (str): The certificate chain.
        certificate (str): The certificate.
        issuing_ca_certificate (str): The issuing CA certificate.
        serial_number (str): The serial number of the certificate.
    """

    certificate_chain: Annotated[str, Field(alias="certificateChain")]
    certificate: Annotated[str, Field()]
    issuing_ca_certificate: Annotated[str, Field(alias="issuingCACertificate")]
    serial_number: Annotated[str, Field(alias="serialNumber")]

IssuedCertificate

Bases: SignedCertificate

Issued certificate model.

It subclasses SignedCertificate because the attributes are the same except this one also returns the private_key.

Attributes:

Name Type Description
certificate_chain str

The certificate chain.
certificate str

The certificate.
issuing_ca_certificate str

The issuing CA certificate.
private_key str

The private key.
serial_number str

The serial number of the certificate.
Source code in src/infisical/resources/certificates/models.py 
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
class IssuedCertificate(SignedCertificate):
    """Issued certificate model.

    It subclasses [SignedCertificate][(m).] because the attributes are the same
    except this one also returns the `private_key`.

    Attributes:
        certificate_chain (str): The certificate chain.
        certificate (str): The certificate.
        issuing_ca_certificate (str): The issuing CA certificate.
        private_key (str): The private key.
        serial_number (str): The serial number of the certificate.
    """

    private_key: Annotated[str, Field(alias="privateKey")]