vault_identity_oidc_key

Creates an Identity OIDC Named Key for Vault Identity secrets engine which is used by a role to sign identity tokens.

The Identity secrets engine is the identity management solution for Vault. It internally maintains the clients who are recognized by Vault.

Use this with vault_identity_oidc_key and vault_identity_oidc_key_allowed_client_id to configure a Role to generate Identity Tokens.

Example Usage

resource "vault_identity_oidc_key" "key" {
  name      = "key"
  algorithm = "RS256"
}

resource "vault_identity_oidc_role" "role" {
  name = "role"
  key  = vault_identity_oidc_key.key.name
}

resource "vault_identity_oidc_key_allowed_client_id" "role" {
  key_name          = vault_identity_oidc_key.key.name
  allowed_client_id = vault_identity_oidc_role.role.client_id
}

Argument Reference

The following arguments are supported:

Attributes Reference

In addition to all arguments above, the following attributes are exported:

Import

The key can be imported with the key name, for example:

$ terraform import vault_identity_oidc_key.key key