tls_self_signed_cert (Resource)

Creates a self-signed TLS certificate in PEM (RFC 1421) format.

Example Usage

resource "tls_self_signed_cert" "example" {
  private_key_pem = file("private_key.pem")

  subject {
    common_name  = "example.com"
    organization = "ACME Examples, Inc"
  }

  validity_period_hours = 12

  allowed_uses = [
    "key_encipherment",
    "digital_signature",
    "server_auth",
  ]
}

Schema

Required

Optional

Read-Only

Nested Schema for subject

Optional:

Automatic Renewal

This resource considers its instances to have been deleted after either their validity periods ends (i.e. beyond the validity_period_hours) or the early renewal period is reached (i.e. within the early_renewal_hours): when this happens, the ready_for_renewal attribute will be true. At this time, applying the Terraform configuration will cause a new certificate to be generated for the instance.

Therefore in a development environment with frequent deployments it may be convenient to set a relatively-short expiration time and use early renewal to automatically provision a new certificate when the current one is about to expire.

The creation of a new certificate may of course cause dependent resources to be updated or replaced, depending on the lifecycle rules applying to those resources.