vault_pki_secret_backend_role

Creates a role on an PKI Secret Backend for Vault.

Example Usage

resource "vault_mount" "pki" {
  path                      = "pki"
  type                      = "pki"
  default_lease_ttl_seconds = 3600
  max_lease_ttl_seconds     = 86400
}

resource "vault_pki_secret_backend_role" "role" {
  backend          = vault_mount.pki.path
  name             = "my_role"
  ttl              = 3600
  allow_ip_sans    = true
  key_type         = "rsa"
  key_bits         = 4096
  allowed_domains  = ["example.com", "my.domain"]
  allow_subdomains = true
}

Argument Reference

The following arguments are supported:

resource "vault_mount" "pki" {
  path                      = "pki"
  type                      = "pki"
  default_lease_ttl_seconds = 3600
  max_lease_ttl_seconds     = 86400
}

resource "vault_pki_secret_backend_role" "role" {
  backend          = vault_mount.pki.path
  name             = "my_role"
  ttl              = 3600
  allow_ip_sans    = true
  key_type         = "rsa"
  key_bits         = 4096
  allowed_domains  = ["example.com", "my.domain"]
  allow_subdomains = true

  policy_identifier {
    oid = "1.3.6.1.4.1.7.8"
    notice= "I am a user Notice"
  }
  policy_identifier {
    oid = "1.3.6.1.4.1.44947.1.2.4"
    cps ="https://example.com"
  }
}

Attributes Reference

No additional attributes are exported by this resource.

Import

PKI secret backend roles can be imported using the path, e.g.

$ terraform import vault_pki_secret_backend_role.role pki/roles/my_role