Skip to content

kgibson-insight/terraform-vault-approle

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.circleci
.circleci
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

Vault AppRole Terraform module

Terraform module which creates Vault AppRole

Usage

module "approle" {
  source = "github.com/makezbs/terraform-vault-approle.git"

  role_name   = "mySuperApp"
  policy_name = "mySuperApp"
  policy      = <<EOT
  path "secret/data/mySuperApp" {
    capabilities = ["read","list","update"]
  }
  EOT
}

Import current approle

terraform import module.approle.vault_approle_auth_backend_role.this auth/approle/role/mySuperApp
terraform import module.approle.vault_policy.this mySuperApp
terraform show
# Copy your policies in current module
terraform plan -out tfplan

      ~ policies                = [
          - "mySuperApp",
        ]

      ~ token_policies          = [
          + "mySuperApp",
        ]

  + resource "vault_approle_auth_backend_role_secret_id" "this" {
      + accessor          = (known after apply)
      + backend           = "approle"
      + id                = (known after apply)
      + role_name         = "mySuperApp"
      + secret_id         = (sensitive value)
      + wrapping_accessor = (known after apply)
      + wrapping_token    = (sensitive value)
    }

# vault_approle_auth_backend_role_secret_id will be added anyway because
# resource vault_approle_auth_backend_role_secret_id doesn't support import
terraform apply tfplan

Requirements

Name Version
terraform ~> 0.12.20
vault ~> 2.8

Providers

Name Version
vault ~> 2.8

Inputs

Name Description Type Default Required
create_secret_id Create secret_id bool false no
enable_login Enable login feature bool false no
policy Vault policy string n/a yes
policy_name Name for Vault policy string n/a yes
role_name Name for AppRole string n/a yes
secret_id_num_uses The number of times any particular SecretID can be used to fetch a token from this AppRole, after which the SecretID will expire. A value of zero will allow unlimited uses. number 0 no
secret_id_ttl The number of seconds after which any SecretID expires number 0 no
token_explicit_max_ttl If set, will encode an explicit max TTL onto the token in number of seconds. This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal. number 0 no
token_max_ttl The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time. number 0 no
token_num_uses The period, if any, in number of seconds to set on the token. number 0 no
token_period If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds. number 0 no

Outputs

Name Description
policy_id The policy ID
role_id The role ID of created approle
secret_id The secret ID of created approle

About

Terraform module which creates AppRole resources in Hashicorp Vault

registry.terraform.io/modules/makezbs/approle/vault

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

6 tags

Packages

No packages published

Languages

  • HCL 100.0%