Creates a Vault role for a Nomad token. This role configures how generated tokens will function.
resource "vault_nomad_secret_backend" "config" {
backend = "nomad"
description = "test description"
default_lease_ttl_seconds = "3600"
max_lease_ttl_seconds = "7200"
address = "https://127.0.0.1:4646"
token = "ae20ceaa-..."
}
resource "vault_nomad_secret_role" "test" {
backend = vault_nomad_secret_backend.config.backend
role = "test"
type = "client"
policies = ["readonly"]
}
The following arguments are supported:
namespace
- (Optional) The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
backend
- (Required) The unique path this backend should be mounted at.
role
- (Required) The name to identify this role within the backend.
Must be unique within the backend.
global
- (Optional) Specifies if the generated token should be global. Defaults to
false.
policies
- (Optional) List of policies attached to the generated token. This setting is only used
when type
is 'client'.
type
- (Optional) Specifies the type of token to create when using this role. Valid
settings are 'client' and 'management'. Defaults to 'client'.
No additional attributes are exported by this resource.
Nomad secret role can be imported using the backend
, e.g.
$ terraform import vault_nomad_secret_role.bob nomad/role/bob