This resource enables a new auth method at the given path.
resource "vault_auth_backend" "example" {
type = "github"
tune {
max_lease_ttl = "90000s"
listing_visibility = "unauth"
}
}
The following arguments are supported:
namespace
- (Optional) The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
type
- (Required) The name of the auth method type.
path
- (Optional) The path to mount the auth method — this defaults to the name of the type.
disable_remount
- (Optional) If set, opts out of mount migration on path updates.
See here for more info on Mount Migration
description
- (Optional) A description of the auth method.
local
- (Optional) Specifies if the auth method is local only.
tune
- (Optional) Extra configuration block. Structure is documented below.
The tune
block is used to tune the auth backend:
default_lease_ttl
- (Optional) Specifies the default time-to-live.
If set, this overrides the global default.
Must be a valid duration string
max_lease_ttl
- (Optional) Specifies the maximum time-to-live.
If set, this overrides the global default.
Must be a valid duration string
audit_non_hmac_response_keys
- (Optional) Specifies the list of keys that will
not be HMAC'd by audit devices in the response data object.
audit_non_hmac_request_keys
- (Optional) Specifies the list of keys that will
not be HMAC'd by audit devices in the request data object.
listing_visibility
- (Optional) Specifies whether to show this mount in
the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
passthrough_request_headers
- (Optional) List of headers to whitelist and
pass from the request to the backend.
allowed_response_headers
- (Optional) List of headers to whitelist and allowing
a plugin to include them in the response.
token_type
- (Optional) Specifies the type of tokens that should be returned by
the mount. Valid values are "default-service", "default-batch", "service", "batch".
In addition to the fields above, the following attributes are exported:
accessor
- The accessor for this auth methodAuth methods can be imported using the path
, e.g.
$ terraform import vault_auth_backend.example github
Refer to the following tutorials for additional usage examples: