Allows an Identity OIDC Role to use an OIDC Named key to generate identity tokens.
The Identity secrets engine is the identity management solution for Vault. It internally maintains the clients who are recognized by Vault.
Use this with vault_identity_oidc_key
and vault_identity_oidc_key_allowed_client_id
to configure a Role to generate Identity Tokens.
resource "vault_identity_oidc_key" "key" {
name = "key"
algorithm = "RS256"
}
resource "vault_identity_oidc_role" "role" {
name = "role"
key = vault_identity_oidc_key.key.name
}
resource "vault_identity_oidc_key_allowed_client_id" "role" {
key_name = vault_identity_oidc_key.key.name
allowed_client_id = vault_identity_oidc_role.role.client_id
}
The following arguments are supported:
namespace
- (Optional) The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
key_name
- (Required; Forces new resource) Name of the OIDC Key allow the Client ID.
allowed_client_id
- (Required; Forces new resource) Client ID to allow usage with the OIDC named key