Cloudflare Access can replace traditional SSH key models with short-lived certificates issued to your users based on the token generated by their Access login.
# account level
resource "cloudflare_access_ca_certificate" "example" {
account_id = "f037e56e89293a057740de681ac9abbe"
application_id = "6cd6cea3-3ef2-4542-9aea-85a0bbcd5414"
}
# zone level
resource "cloudflare_access_ca_certificate" "another_example" {
zone_id = "0da42c8d2132a9ddaf714f9e7c920711"
application_id = "fe2be0ff-7f13-4350-8c8e-a9b9795fe3c2"
}
application_id
(String) The Access Application ID to associate with the CA certificate.account_id
(String) The account identifier to target for the resource. Conflicts with zone_id
.zone_id
(String) The zone identifier to target for the resource. Conflicts with account_id
.aud
(String) Application Audience (AUD) Tag of the CA certificate.id
(String) The ID of this resource.public_key
(String) Cryptographic public key of the generated CA certificate.Import is supported using the following syntax:
# Account level CA certificate import.
$ terraform import cloudflare_access_ca_certificate.example account/<account_id>/<application_id>
# Zone level CA certificate import.
$ terraform import cloudflare_access_ca_certificate.example account/<zone_id>/<application_id>