Reads well known public keys from an OIDC Provider provisioned in Vault.
resource "vault_identity_oidc_key" "key" {
name = "key"
allowed_client_ids = ["*"]
rotation_period = 3600
verification_ttl = 3600
}
resource "vault_identity_oidc_client" "app" {
name = "application"
key = vault_identity_oidc_key.key.name
redirect_uris = [
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
"http://127.0.0.1:8251/callback",
"http://127.0.0.1:8080/callback"
]
id_token_ttl = 2400
access_token_ttl = 7200
}
resource "vault_identity_oidc_provider" "provider" {
name = "provider"
allowed_client_ids = [
vault_identity_oidc_client.test.client_id
]
}
data "vault_identity_oidc_public_keys" "public_keys" {
name = vault_identity_oidc_provider.provider.name
}
The following arguments are supported:
namespace
- (Optional) The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
name
- (Required) The name of the OIDC Provider in Vault.
In addition to the arguments above, the following attributes are exported:
keys
- The public portion of keys for an OIDC provider.
Clients can use them to validate the authenticity of an identity token.