Creates a library on an Active Directory Secret Backend for Vault. Libraries create a pool of existing Active Directory service accounts which can be checked out by users.
resource "vault_ad_secret_backend" "config" {
backend = "ad"
binddn = "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"
bindpass = "SuperSecretPassw0rd"
url = "ldaps://ad"
insecure_tls = "true"
userdn = "CN=Users,DC=corp,DC=example,DC=net"
}
resource "vault_ad_secret_library" "qa" {
backend = vault_ad_secret_backend.config.backend
name = "qa"
service_account_names = ["Bob", "Mary"]
ttl = 60
disable_check_in_enforcement = true
max_ttl = 120
}
The following arguments are supported:
namespace
- (Optional) The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
backend
- (Required) The path the AD secret backend is mounted at,
with no leading or trailing /
s.
name
- (Required) The name to identify this set of service accounts.
Must be unique within the backend.
service_account_names
- (Required) Specifies the slice of service accounts mapped to this set.
ttl
- (Optional) The password time-to-live in seconds. Defaults to the configuration
ttl if not provided.
max_ttl
- (Optional) The maximum password time-to-live in seconds. Defaults to the configuration
max_ttl if not provided.
AD secret backend libraries can be imported using the path
, e.g.
$ terraform import vault_ad_secret_backend_library.role ad/library/bob