Creates a role on an Active Directory Secret Backend for Vault. Roles are used to map credentials to existing Active Directory service accounts.
resource "vault_ad_secret_backend" "config" {
backend = "ad"
binddn = "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"
bindpass = "SuperSecretPassw0rd"
url = "ldaps://ad"
insecure_tls = "true"
userdn = "CN=Users,DC=corp,DC=example,DC=net"
}
resource "vault_ad_secret_role" "role" {
backend = vault_ad_secret_backend.config.backend
role = "bob"
service_account_name = "Bob"
ttl = 60
}
The following arguments are supported:
namespace
- (Optional) The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
backend
- (Required) The path the AD secret backend is mounted at,
with no leading or trailing /
s.
role
- (Required) The name to identify this role within the backend.
Must be unique within the backend.
service_account_name
- (Required) Specifies the name of the Active Directory service
account mapped to this role.
ttl
- (Optional) The password time-to-live in seconds. Defaults to the configuration
ttl if not provided.
last_vault_rotation
- Timestamp of the last password rotation by Vault.
password_last_set
- Timestamp of the last password set by Vault.
AD secret backend roles can be imported using the path
, e.g.
$ terraform import vault_ad_secret_role.role ad/roles/bob