vault_jwt_auth_backend

Provides a resource for managing an JWT auth backend within Vault.

Example Usage

Manage JWT auth backend:

resource "vault_jwt_auth_backend" "example" {
    description         = "Demonstration of the Terraform JWT auth backend"
    path                = "jwt"
    oidc_discovery_url  = "https://myco.auth0.com/"
    bound_issuer        = "https://myco.auth0.com/"
}

Manage OIDC auth backend:

resource "vault_jwt_auth_backend" "example" {
    description         = "Demonstration of the Terraform JWT auth backend"
    path                = "oidc"
    type                = "oidc"
    oidc_discovery_url  = "https://myco.auth0.com/"
    oidc_client_id      = "1234567890"
    oidc_client_secret  = "secret123456"
    bound_issuer        = "https://myco.auth0.com/"
    tune {
        listing_visibility = "unauth"
    }
}

Configuring the auth backend with a `provider_config:

resource "vault_jwt_auth_backend" "gsuite" {
    description = "OIDC backend"
    oidc_discovery_url = "https://accounts.google.com"
    path = "oidc"
    type = "oidc"
    provider_config = {
        provider = "gsuite"
        fetch_groups = true
        fetch_user_info = true
        groups_recurse_max_depth = 1
    }
}

Argument Reference

The following arguments are supported:

The tune block is used to tune the auth backend:

Attributes Reference

In addition to the fields above, the following attributes are exported:

Import

JWT auth backend can be imported using the path, e.g.

$ terraform import vault_jwt_auth_backend.oidc oidc

or

$ terraform import vault_jwt_auth_backend.jwt jwt