The credential library for Vault resource allows you to configure a Boundary credential library for Vault.
resource "boundary_scope" "org" {
name = "organization_one"
description = "My first scope!"
scope_id = "global"
auto_create_admin_role = true
auto_create_default_role = true
}
resource "boundary_scope" "project" {
name = "project_one"
description = "My first scope!"
scope_id = boundary_scope.org.id
auto_create_admin_role = true
}
resource "boundary_credential_store_vault" "foo" {
name = "foo"
description = "My first Vault credential store!"
address = "http://127.0.0.1:8200" # change to Vault address
token = "s.0ufRo6XEGU2jOqnIr7OlFYP5" # change to valid Vault token
scope_id = boundary_scope.project.id
}
resource "boundary_credential_library_vault_ssh_certificate" "foo" {
name = "foo"
description = "My first Vault SSH certificate credential library!"
credential_store_id = boundary_credential_store_vault.foo.id
path = "ssh/sign/foo" # change to correct Vault endpoint and role
username = "foo" # change to valid username
}
resource "boundary_credential_library_vault_ssh_certificate" "bar" {
name = "bar"
description = "My second Vault SSH certificate credential library!"
credential_store_id = boundary_credential_store_vault.foo.id
path = "ssh/sign/foo" # change to correct Vault endpoint and role
username = "foo"
key_type = "ecdsa"
key_bits = 384
extensions = {
permit-pty = ""
}
}
resource "boundary_credential_library_vault_ssh_certificate" "baz" {
name = "baz"
description = "vault "
credential_store_id = boundary_credential_store_vault.foo.id
path = "ssh/issue/foo" # change to correct Vault endpoint and role
username = "foo"
key_type = "rsa"
key_bits = 4096
extensions = {
permit-pty = ""
permit-X11-forwarding = ""
}
critical_options = {
force-command = "/bin/some_script"
}
}
credential_store_id
(String) The ID of the credential store that this library belongs to.path
(String) The path in Vault to request credentials from.username
(String) The username to use with the certificate returned by the library.additional_valid_principals
(List of String) Principals to be signed as "valid_principles" in addition to username.critical_options
(Map of String) Specifies a map of the critical options that the certificate should be signed for.description
(String) The Vault credential library description.extensions
(Map of String) Specifies a map of the extensions that the certificate should be signed for.key_bits
(Number) Specifies the number of bits to use for the generated keys.key_id
(String) Specifies the key id a certificate should have.key_type
(String) Specifies the desired key type; must be ed25519, ecdsa, or rsa.name
(String) The Vault credential library name. Defaults to the resource name.ttl
(String) Specifies the requested time to live for a certificate returned from the library.id
(String) The ID of the Vault credential library.Import is supported using the following syntax:
terraform import boundary_credential_library_vault_ssh_certificate.foo <my-id>