Reads Active Directory credentials from an AD secret backend in Vault.
resource "vault_ad_secret_backend" "config" {
backend = "ad"
binddn = "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"
bindpass = "SuperSecretPassw0rd"
url = "ldaps://ad"
insecure_tls = "true"
userdn = "CN=Users,DC=corp,DC=example,DC=net"
}
resource "vault_ad_secret_role" "bob" {
backend = vault_ad_secret_backend.config.backend
role = "bob"
service_account_name = "Bob"
ttl = 60
}
data "vault_ad_access_credentials" "creds" {
backend = vault_ad_secret_backend.config.backend
role = vault_ad_secret_role.bob.role}
depends_on = [vault_ad_secret_role.bob]
}
The following arguments are supported:
namespace
- (Optional) The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
backend
- (Required) The path to the AD secret backend to
read credentials from, with no leading or trailing /
s.
role
- (Required) The name of the AD secret backend role to read
credentials from, with no leading or trailing /
s.
In addition to the arguments above, the following attributes are exported:
current_password
- The current set password on the Active Directory service account.
last_password
- The current set password on the Active Directory service account, provided because AD is eventually consistent.
username
- The Active Directory service account username.