vault_jwt_auth_backend_role

Manages an JWT/OIDC auth backend role in a Vault server. See the Vault documentation for more information.

Example Usage

Role for JWT backend:

resource "vault_jwt_auth_backend" "jwt" {
  path = "jwt"
}

resource "vault_jwt_auth_backend_role" "example" {
  backend         = vault_jwt_auth_backend.jwt.path
  role_name       = "test-role"
  token_policies  = ["default", "dev", "prod"]

  bound_audiences = ["https://myco.test"]
  bound_claims = {
    color = "red,green,blue"
  }
  user_claim      = "https://vault/user"
  role_type       = "jwt"
}

Role for OIDC backend:

resource "vault_jwt_auth_backend" "oidc" {
  path = "oidc"
  default_role = "test-role"
}

resource "vault_jwt_auth_backend_role" "example" {
  backend         = vault_jwt_auth_backend.oidc.path
  role_name       = "test-role"
  token_policies  = ["default", "dev", "prod"]

  user_claim            = "https://vault/user"
  role_type             = "oidc"
  allowed_redirect_uris = ["http://localhost:8200/ui/vault/auth/oidc/oidc/callback"]
}

Argument Reference

The following arguments are supported:

Common Token Arguments

These arguments are common across several Authentication Token resources since Vault 1.2.

Attributes Reference

No additional attributes are exported by this resource.

Import

JWT authentication backend roles can be imported using the path, e.g.

$ terraform import vault_jwt_auth_backend_role.example auth/jwt/role/test-role