Skip to content
Instruqt Lab Documentation

Certificate File

The File object represents certificate and key files generated by certificate resources (certificate_ca and certificate_leaf). This object provides access to file paths and contents for use in other resources and configurations.

File Structure

Section titled “File Structure”
file {
  filename  = "cert.pem"
  directory = "/path/to/certs"
  path      = "/path/to/certs/cert.pem"
  contents  = "-----BEGIN CERTIFICATE-----\n..."
}

Properties

Section titled “Properties”
FieldTypeDescription
filenamestringThe name of the generated file
directorystringThe directory where the file is written
pathstringThe full absolute path to the file
contentsstringThe complete contents of the file

Examples

Section titled “Examples”

Accessing Certificate Files

Section titled “Accessing Certificate Files”
resource "certificate_ca" "root" {
  output = "./certificates"
}


## Access the generated certificate file
output "ca_cert_path" {
  value = resource.certificate_ca.root.certificate.path
}


output "ca_cert_contents" {
  value = resource.certificate_ca.root.certificate.contents
}

Using File Paths in Other Resources

Section titled “Using File Paths in Other Resources”
resource "certificate_ca" "root" {
  output = "./ca-certificates"
}


resource "certificate_leaf" "server" {
  ca_key  = resource.certificate_ca.root.private_key.path
  ca_cert = resource.certificate_ca.root.certificate.path
  output  = "./server-certificates"


  dns_names = ["localhost"]
}


# Use the leaf certificate in a container volume mount
resource "container" "nginx" {
  image {
    name = "nginx:alpine"
  }


  volume {
    source      = resource.certificate_leaf.server.certificate.directory
    destination = "/etc/ssl/certs"
  }
}

File Information in Templates

Section titled “File Information in Templates”
resource "certificate_leaf" "api" {
  ca_key  = resource.certificate_ca.root.private_key.path
  ca_cert = resource.certificate_ca.root.certificate.path
  output  = "./api-certs"


  dns_names = ["api.local"]
}


resource "template" "nginx_conf" {
  source = <<-EOF
    server {
      listen 443 ssl;
      server_name api.local;


      ssl_certificate {{cert_path}};
      ssl_certificate_key {{key_path}};


      location / {
        proxy_pass http://backend;
      }
    }
  EOF


  destination = "./nginx.conf"


  variables = {
    cert_path = resource.certificate_leaf.api.certificate.path
    key_path  = resource.certificate_leaf.api.private_key.path
  }
}