Share via


az containerapp env certificate

Note

This command group has commands that are defined in both Azure CLI and at least one extension. Install each extension to benefit from its extended capabilities. Learn more about extensions.

Commands to manage certificates for the Container Apps environment.

Commands

Name Description Type Status
az containerapp env certificate create

Create a managed certificate.

Core Preview
az containerapp env certificate delete

Delete a certificate from the Container Apps environment.

Core GA
az containerapp env certificate delete (containerapp extension)

Delete a certificate from the Container Apps environment.

Extension GA
az containerapp env certificate list

List certificates for an environment.

Core GA
az containerapp env certificate list (containerapp extension)

List certificates for an environment.

Extension GA
az containerapp env certificate upload

Add or update a certificate.

Core GA
az containerapp env certificate upload (containerapp extension)

Add or update a certificate.

Extension GA

az containerapp env certificate create

Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a managed certificate.

az containerapp env certificate create --hostname
                                       --name
                                       --resource-group
                                       --validation-method {CNAME, HTTP, TXT}
                                       [--certificate-name]

Examples

Create a managed certificate.

az containerapp env certificate create -g MyResourceGroup --name MyEnvironment --certificate-name MyCertificate --hostname MyHostname --validation-method CNAME

Required Parameters

--hostname

The custom domain name.

--name -n

Name of the Container Apps environment.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--validation-method -v

Validation method of custom domain ownership.

Accepted values: CNAME, HTTP, TXT

Optional Parameters

--certificate-name -c

Name of the managed certificate which should be unique within the Container Apps environment.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az containerapp env certificate delete

Delete a certificate from the Container Apps environment.

az containerapp env certificate delete [--certificate]
                                       [--ids]
                                       [--location]
                                       [--name]
                                       [--resource-group]
                                       [--subscription]
                                       [--thumbprint]
                                       [--yes]

Examples

Delete a certificate from the Container Apps environment by certificate name

az containerapp env certificate delete -g MyResourceGroup --name MyEnvironment --certificate MyCertificateName

Delete a certificate from the Container Apps environment by certificate id

az containerapp env certificate delete -g MyResourceGroup --name MyEnvironment --certificate MyCertificateId

Delete all certificates that have a matching thumbprint from the Container Apps environment

az containerapp env certificate delete -g MyResourceGroup --name MyEnvironment --thumbprint MyCertificateThumbprint

Optional Parameters

--certificate -c

Name or resource id of the certificate.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--location -l

Location of resource. Examples: eastus2, northeurope.

--name -n

Name of the Container Apps environment.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--thumbprint -t

Thumbprint of the certificate.

--yes -y

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az containerapp env certificate delete (containerapp extension)

Delete a certificate from the Container Apps environment.

az containerapp env certificate delete [--certificate]
                                       [--ids]
                                       [--location]
                                       [--name]
                                       [--resource-group]
                                       [--subscription]
                                       [--thumbprint]
                                       [--yes]

Examples

Delete a certificate from the Container Apps environment by certificate name

az containerapp env certificate delete -g MyResourceGroup --name MyEnvironment --certificate MyCertificateName

Delete a certificate from the Container Apps environment by certificate id

az containerapp env certificate delete -g MyResourceGroup --name MyEnvironment --certificate MyCertificateId

Delete all certificates that have a matching thumbprint from the Container Apps environment

az containerapp env certificate delete -g MyResourceGroup --name MyEnvironment --thumbprint MyCertificateThumbprint

Optional Parameters

--certificate -c

Name or resource id of the certificate.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--location -l

Location of resource. Examples: eastus2, northeurope.

--name -n

Name of the Container Apps environment.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--thumbprint -t

Thumbprint of the certificate.

--yes -y

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az containerapp env certificate list

List certificates for an environment.

az containerapp env certificate list --name
                                     --resource-group
                                     [--certificate]
                                     [--location]
                                     [--managed-certificates-only]
                                     [--private-key-certificates-only]
                                     [--thumbprint]

Examples

List certificates for an environment.

az containerapp env certificate list -g MyResourceGroup --name MyEnvironment

Show a certificate by certificate id.

az containerapp env certificate list -g MyResourceGroup --name MyEnvironment --certificate MyCertificateId

List certificates by certificate name.

az containerapp env certificate list -g MyResourceGroup --name MyEnvironment --certificate MyCertificateName

List certificates by certificate thumbprint.

az containerapp env certificate list -g MyResourceGroup --name MyEnvironment --thumbprint MyCertificateThumbprint

List managed certificates for an environment.

az containerapp env certificate list -g MyResourceGroup --name MyEnvironment --managed-certificates-only

List private key certificates for an environment.

az containerapp env certificate list -g MyResourceGroup --name MyEnvironment --private-key-certificates-only

Required Parameters

--name -n

Name of the Container Apps environment.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--certificate -c

Name or resource id of the certificate.

--location -l

Location of resource. Examples: eastus2, northeurope.

--managed-certificates-only -m
Preview

List managed certificates only.

Default value: False
--private-key-certificates-only -p
Preview

List private-key certificates only.

Default value: False
--thumbprint -t

Thumbprint of the certificate.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az containerapp env certificate list (containerapp extension)

List certificates for an environment.

az containerapp env certificate list --name
                                     --resource-group
                                     [--certificate]
                                     [--location]
                                     [--managed-certificates-only]
                                     [--private-key-certificates-only]
                                     [--thumbprint]

Examples

List certificates for an environment.

az containerapp env certificate list -g MyResourceGroup --name MyEnvironment

Show a certificate by certificate id.

az containerapp env certificate list -g MyResourceGroup --name MyEnvironment --certificate MyCertificateId

List certificates by certificate name.

az containerapp env certificate list -g MyResourceGroup --name MyEnvironment --certificate MyCertificateName

List certificates by certificate thumbprint.

az containerapp env certificate list -g MyResourceGroup --name MyEnvironment --thumbprint MyCertificateThumbprint

List managed certificates for an environment.

az containerapp env certificate list -g MyResourceGroup --name MyEnvironment --managed-certificates-only

List private key certificates for an environment.

az containerapp env certificate list -g MyResourceGroup --name MyEnvironment --private-key-certificates-only

Required Parameters

--name -n

Name of the Container Apps environment.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--certificate -c

Name or resource id of the certificate.

--location -l

Location of resource. Examples: eastus2, northeurope.

--managed-certificates-only -m

List managed certificates only.

Default value: False
--private-key-certificates-only -p

List private-key certificates only.

Default value: False
--thumbprint -t

Thumbprint of the certificate.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az containerapp env certificate upload

Add or update a certificate.

az containerapp env certificate upload --certificate-file
                                       [--certificate-name]
                                       [--ids]
                                       [--location]
                                       [--name]
                                       [--password]
                                       [--resource-group]
                                       [--show-prompt]
                                       [--subscription]

Examples

Add or update a certificate.

az containerapp env certificate upload -g MyResourceGroup --name MyEnvironment --certificate-file MyFilepath

Add or update a certificate with a user-provided certificate name.

az containerapp env certificate upload -g MyResourceGroup --name MyEnvironment --certificate-file MyFilepath --certificate-name MyCertificateName

Required Parameters

--certificate-file -f

The filepath of the .pfx or .pem file.

Optional Parameters

--certificate-name -c

Name of the certificate which should be unique within the Container Apps environment.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--location -l

Location of resource. Examples: eastus2, northeurope.

--name -n

Name of the Container Apps environment.

--password -p

The certificate file password.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--show-prompt

Show prompt to upload an existing certificate.

Default value: False
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az containerapp env certificate upload (containerapp extension)

Add or update a certificate.

az containerapp env certificate upload [--akv-url]
                                       [--certificate-file]
                                       [--certificate-identity]
                                       [--certificate-name]
                                       [--ids]
                                       [--location]
                                       [--name]
                                       [--password]
                                       [--resource-group]
                                       [--show-prompt]
                                       [--subscription]

Examples

Add or update a certificate.

az containerapp env certificate upload -g MyResourceGroup --name MyEnvironment --certificate-file MyFilepath

Add or update a certificate with a user-provided certificate name.

az containerapp env certificate upload -g MyResourceGroup --name MyEnvironment --certificate-file MyFilepath --certificate-name MyCertificateName

Add or update a certificate from azure key vault using managed identity.

az containerapp env certificate upload -g MyResourceGroup --name MyEnvironment --akv-url akvSecretUrl --identity system

Optional Parameters

--akv-url --certificate-akv-url
Preview

The URL pointing to the Azure Key Vault secret that holds the certificate.

--certificate-file -f

The filepath of the .pfx or .pem file.

--certificate-identity --identity
Preview

Resource ID of a managed identity to authenticate with Azure Key Vault, or System to use a system-assigned identity.

--certificate-name -c

Name of the certificate which should be unique within the Container Apps environment.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--location -l

Location of resource. Examples: eastus2, northeurope.

--name -n

Name of the Container Apps environment.

--password -p

The certificate file password.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--show-prompt

Show prompt to upload an existing certificate.

Default value: False
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.