Skip to content
Cloudflare API
Start here
API Reference

Keyless Certificates

resource cloudflare_keyless_certificate

required Expand Collapse
zone_id: String

Identifier.

certificate: String

The zone's SSL certificate or SSL certificate and intermediate(s).

host: String

The keyless SSL name.

optional Expand Collapse
bundle_method?: String

A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it.

Deprecatedenabled?: Bool

Whether or not the Keyless SSL is on or off.

name?: String

The keyless SSL name.

tunnel?: Attributes

Configuration for using Keyless SSL through a Cloudflare Tunnel

private_ip: String

Private IP of the Key Server Host

vnet_id: String

Cloudflare Tunnel Virtual Network ID

port?: Float64

The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.

computed Expand Collapse
id: String

Keyless certificate identifier tag.

created_on: Time

When the Keyless SSL was created.

modified_on: Time

When the Keyless SSL was last modified.

status: String

Status of the Keyless SSL.

permissions: List[String]

Available permissions for the Keyless SSL for the current user requesting the item.

cloudflare_keyless_certificate

resource "cloudflare_keyless_certificate" "example_keyless_certificate" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  certificate = <<EOT
  -----BEGIN CERTIFICATE-----
  MIIDtTCCAp2gAwIBAgIJAM15n7fdxhRtMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
  BAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
  aWRnaXRzIFB0eSBMdGQwHhcNMTQwMzExMTkyMTU5WhcNMTQwNDEwMTkyMTU5WjBF
  MQswCQYDVQQGEwJVUzETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
  ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
  CgKCAQEAvq3sKsHpeduJHimOK+fvQdKsI8z8A05MZyyLp2/R/GE8FjNv+hkVY1WQ
  LIyTNNQH7CJecE1nbTfo8Y56S7x/rhxC6/DJ8MIulapFPnorq46KU6yRxiM0MQ3N
  nTJHlHA2ozZta6YBBfVfhHWl1F0IfNbXCLKvGwWWMbCx43OfW6KTkbRnE6gFWKuO
  fSO5h2u5TaWVuSIzBvYs7Vza6m+gtYAvKAJV2nSZ+eSEFPDo29corOy8+huEOUL8
  5FAw4BFPsr1TlrlGPFitduQUHGrSL7skk1ESGza0to3bOtrodKei2s9bk5MXm7lZ
  qI+WZJX4Zu9+mzZhc9pCVi8r/qlXuQIDAQABo4GnMIGkMB0GA1UdDgQWBBRvavf+
  sWM4IwKiH9X9w1vl6nUVRDB1BgNVHSMEbjBsgBRvavf+sWM4IwKiH9X9w1vl6nUV
  RKFJpEcwRTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV
  BAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAM15n7fdxhRtMAwGA1UdEwQF
  MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBABY2ZzBaW0dMsAAT7tPJzrVWVzQx6KU4
  UEBLudIlWPlkAwTnINCWR/8eNjCCmGA4heUdHmazdpPa8RzwOmc0NT1NQqzSyktt
  vTqb4iHD7+8f9MqJ9/FssCfTtqr/Qst/hGH4Wmdf1EJ/6FqYAAb5iRlPgshFZxU8
  uXtA8hWn6fK6eISD9HBdcAFToUvKNZ1BIDPvh9f95Ine8ar6yGd56TUNrHR8eHBs
  ESxz5ddVR/oWRysNJ+aGAyYqHS8S/ttmC7r4XCAHqXptkHPCGRqkAhsterYhd4I8
  /cBzejUobNCjjHFbtkAL/SjxZOLW+pNkZwfeYdM8iPkD54Uua1v2tdw=
  -----END CERTIFICATE-----
  EOT
  host = "example.com"
  port = 24008
  bundle_method = "ubiquitous"
  name = "example.com Keyless SSL"
  tunnel = {
    private_ip = "10.0.0.1"
    vnet_id = "7365377a-85a4-4390-9480-531ef7dc7a3c"
  }
}

data cloudflare_keyless_certificate

required Expand Collapse
keyless_certificate_id: String

Identifier.

zone_id: String

Identifier.

computed Expand Collapse
id: String

Identifier.

created_on: Time

When the Keyless SSL was created.

enabled: Bool

Whether or not the Keyless SSL is on or off.

host: String

The keyless SSL name.

modified_on: Time

When the Keyless SSL was last modified.

name: String

The keyless SSL name.

port: Float64

The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.

status: String

Status of the Keyless SSL.

permissions: List[String]

Available permissions for the Keyless SSL for the current user requesting the item.

tunnel: Attributes

Configuration for using Keyless SSL through a Cloudflare Tunnel

private_ip: String

Private IP of the Key Server Host

vnet_id: String

Cloudflare Tunnel Virtual Network ID

cloudflare_keyless_certificate

data "cloudflare_keyless_certificate" "example_keyless_certificate" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  keyless_certificate_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

data cloudflare_keyless_certificates

required Expand Collapse
zone_id: String

Identifier.

optional Expand Collapse
max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse
result: List[Attributes]

The items returned by the data source

id: String

Keyless certificate identifier tag.

created_on: Time

When the Keyless SSL was created.

enabled: Bool

Whether or not the Keyless SSL is on or off.

host: String

The keyless SSL name.

modified_on: Time

When the Keyless SSL was last modified.

name: String

The keyless SSL name.

permissions: List[String]

Available permissions for the Keyless SSL for the current user requesting the item.

port: Float64

The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.

status: String

Status of the Keyless SSL.

tunnel: Attributes

Configuration for using Keyless SSL through a Cloudflare Tunnel

private_ip: String

Private IP of the Key Server Host

vnet_id: String

Cloudflare Tunnel Virtual Network ID

cloudflare_keyless_certificates

data "cloudflare_keyless_certificates" "example_keyless_certificates" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
}