Reads issuer data from Vault.
resource "vault_mount" "pki" {
path = "pki"
type = "pki"
description = "PKI secret engine mount"
}
resource "vault_pki_secret_backend_root_cert" "root" {
backend = vault_mount.pki.path
type = "internal"
common_name = "example"
ttl = "86400"
issuer_name = "example"
}
data "vault_pki_secret_backend_issuer" "example" {
backend = vault_pki_secret_backend_root_cert.root.path
issuer_ref = vault_pki_secret_backend_root_cert.root.issuer_id
}
The following arguments are supported:
namespace
- (Optional) The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
backend
- (Required) The path to the PKI secret backend to
read the issuer from, with no leading or trailing /
s.
issuer_ref
- (Required) Reference to an existing issuer.
In addition to the arguments above, the following attributes are exported:
issuer_name
- Name of the issuer.
issuer_id
- ID of the issuer.
key_id
- ID of the key used by the issuer.
certificate
- Certificate associated with this issuer.
ca_chain
- The CA chain as a list of format specific certificates.
leaf_not_after_behavior
- Behavior of a leaf's NotAfter field during issuance.
manual_chain
- Chain of issuer references to build this issuer's computed
CAChain field from, when non-empty.
usage
- Allowed usages for this issuer.