--- title: Certificate Template description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > DDSQL Reference > Data Directory > Certificate Template --- # Certificate Template A Certificate Template in Google Cloud is a reusable configuration that defines parameters and policies for issuing X.509 certificates through Certificate Authority Service. It specifies details such as key usage, identity constraints, lifetime, and allowed issuers, ensuring consistent and secure certificate issuance across projects and environments. ``` gcp.privateca_certificate_template ``` ## Fields | Title | ID | Type | Data Type | Description | | ---------------------- | ---- | ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | _key | core | string | | ancestors | core | array | | create_time | core | timestamp | Output only. The time at which this CertificateTemplate was created. | | datadog_display_name | core | string | | description | core | string | Optional. A human-readable description of scenarios this template is intended for. | | identity_constraints | core | json | Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity. | | labels | core | array | Optional. Labels with user-defined metadata. | | maximum_lifetime | core | string | Optional. The maximum lifetime allowed for issued Certificates that use this template. If the issuing CaPool resource's IssuancePolicy specifies a maximum_lifetime the minimum of the two durations will be the maximum lifetime for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it. | | name | core | string | Identifier. The resource name for this CertificateTemplate in the format `projects/*/locations/*/certificateTemplates/*`. | | organization_id | core | string | | parent | core | string | | passthrough_extensions | core | json | Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values. | | predefined_values | core | json | Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail. | | project_id | core | string | | project_number | core | string | | region_id | core | string | | resource_name | core | string | | tags | core | hstore_csv | | update_time | core | timestamp | Output only. The time at which this CertificateTemplate was updated. | | zone_id | core | string |