tls_locally_signed_cert (Resource)

Creates a TLS certificate in PEM (RFC 1421) format using a Certificate Signing Request (CSR) and signs it with a provided (local) Certificate Authority (CA).

Example Usage

resource "tls_locally_signed_cert" "example" {
  cert_request_pem   = file("cert_request.pem")
  ca_private_key_pem = file("ca_private_key.pem")
  ca_cert_pem        = file("ca_cert.pem")

  validity_period_hours = 12

  allowed_uses = [
    "key_encipherment",
    "digital_signature",
    "server_auth",
  ]
}

Schema

Required

Optional

Read-Only

Automatic Renewal

This resource considers its instances to have been deleted after either their validity periods ends (i.e. beyond the validity_period_hours) or the early renewal period is reached (i.e. within the early_renewal_hours): when this happens, the ready_for_renewal attribute will be true. At this time, applying the Terraform configuration will cause a new certificate to be generated for the instance.

Therefore in a development environment with frequent deployments it may be convenient to set a relatively-short expiration time and use early renewal to automatically provision a new certificate when the current one is about to expire.

The creation of a new certificate may of course cause dependent resources to be updated or replaced, depending on the lifecycle rules applying to those resources.