Creates a Consul Secret Backend for Vault. Consul secret backends can then issue Consul tokens, once a role has been added to the backend.
resource "vault_consul_secret_backend" "test" {
path = "consul"
description = "Manages the Consul backend"
address = "127.0.0.1:8500"
token = "4240861b-ce3d-8530-115a-521ff070dd29"
}
resource "vault_consul_secret_backend" "test" {
path = "consul"
description = "Bootstrap the Consul backend"
address = "127.0.0.1:8500"
bootstrap = true
}
The following arguments are supported:
namespace
- (Optional) The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
token
- (Optional) The Consul management token this backend should use to issue new tokens. This field is required
when bootstrap
is false.
bootstrap
- (Optional) Denotes that the resource is used to bootstrap the Consul ACL system.path
- (Optional) The unique location this backend should be mounted at. Must not begin or end with a /
. Defaults
to consul
.
disable_remount
- (Optional) If set, opts out of mount migration on path updates.
See here for more info on Mount Migration
description
- (Optional) A human-friendly description for this backend.
address
- (Required) Specifies the address of the Consul instance, provided as "host:port" like "127.0.0.1:8500".
scheme
- (Optional) Specifies the URL scheme to use. Defaults to http
.
ca_cert
- (Optional) CA certificate to use when verifying Consul server certificate, must be x509 PEM encoded.
client_cert
- (Optional) Client certificate used for Consul's TLS communication, must be x509 PEM encoded and if
this is set you need to also set client_key.
client_key
- (Optional) Client key used for Consul's TLS communication, must be x509 PEM encoded and if this is set
you need to also set client_cert.
default_lease_ttl_seconds
- (Optional) The default TTL for credentials issued by this backend.
max_lease_ttl_seconds
- (Optional) The maximum TTL that can be requested
for credentials issued by this backend.
local
- (Optional) Specifies if the secret backend is local only.
No additional attributes are exported by this resource.
Consul secret backends can be imported using the path
, e.g.
$ terraform import vault_consul_secret_backend.example consul