vault_ssh_secret_backend_role

Provides a resource to manage roles in an SSH secret backend SSH secret backend within Vault.

Example Usage

resource "vault_mount" "example" {
  type = "ssh"
}

resource "vault_ssh_secret_backend_role" "foo" {
    name                    = "my-role"
    backend                 = vault_mount.example.path
    key_type                = "ca"
    allow_user_certificates = true
}

resource "vault_ssh_secret_backend_role" "bar" {
    name          = "otp-role"
    backend       = vault_mount.example.path
    key_type      = "otp"
    default_user  = "default"
    allowed_users = "default,baz"
    cidr_list     = "0.0.0.0/0"
}

Argument Reference

The following arguments are supported:

Allowed User Key Configuration

Example configuration blocks that might be included in the vault_ssh_secret_backend_role

allowed_user_key_config {
    type    = "rsa"
    lengths = [2048, 4096]
  }
 
allowed_user_key_config { type = "dss" lengths = [2048, 4096] }

Attributes Reference

No additional attributes are exposed by this resource.

Import

SSH secret backend roles can be imported using the path, e.g.

$ terraform import vault_ssh_secret_backend_role.foo ssh/roles/my-role