Reads static role credentials from an LDAP secret backend in Vault
resource "vault_ldap_secret_backend" "test" {
binddn = "..."
bindpass = "..."
url = "..."
}
resource "vault_ldap_secret_backend_static_role" "role" {
mount = vault_ldap_secret_backend.test.path
username = "alice"
role_name = "alice"
rotation_period = 60
}
data "vault_ldap_static_credentials" "creds" {
mount = vault_ldap_secret_backend.test.path
role_name = vault_ldap_secret_backend_static_role.role.role_name
}
The following arguments are supported:
namespace
- (Optional) The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
mount
- (Required) The path to the LDAP secret backend to
read credentials from, with no leading or trailing /
s.
role_name
- (Required) The name of the LDAP secret backend static role to read
credentials from, with no leading or trailing /
s.
In addition to the arguments above, the following attributes are exported:
dn
- Distinguished name (DN) of the existing LDAP entry to manage password rotation for.
last_vault_rotation
- Last time Vault rotated this static role's password.
password
- The current set password for the static role.
last_password
- The last known password for the static role.
rotation_period
- How often Vault should rotate the password of the user entry.
ttl
- Duration in seconds after which the issued credential should expire.
username
- The name of the static role.