Light

fvoges / terraform-vault-requirements Goto Github PK

View Code? Open in Web Editor NEW

0.0 2.0 1.0 15 KB

HCL 100.00%

terraform-vault-requirements's Introduction

Terraform Vault requirements

This module manages some AWS resources required by the Vault Enterprise accelerator module. This is not intended to be used in production.

What it does

The module can manage:

A self-signed cert chain to use for Vault TLS configuration
- WARNING: the private key will be stored in the Terraform state file. That's a big no-no for anything besides simple testing. You've been warned.
A KMS key to be used for auto-unseal
Two AWS Secrets Manager secrets for:
- The TLS files generated above
- The Vault Enterprise License

Requirements

No requirements.

Providers

Name	Version
aws	3.59.0
tls	3.1.0

Modules

No modules.

Resources

Name	Type
aws_kms_key.main	resource
aws_secretsmanager_secret.vault_license	resource
aws_secretsmanager_secret.vault_tls	resource
aws_secretsmanager_secret_version.vault_license	resource
aws_secretsmanager_secret_version.vault_tls	resource
tls_cert_request.vault_cert_request	resource
tls_locally_signed_cert.vault_certificate	resource
tls_private_key.ca	resource
tls_private_key.vault_private_key	resource
tls_self_signed_cert.ca	resource

Inputs

Name	Description	Type	Default	Required
application_prefix	The prefix to give to cloud entities	`string`	`"vault"`	no
vault_ca_bundle_secret	The CA bundle to store in AWS Secrets Manager. NOT IMPLEMENTED	`string`	`null`	no
vault_domain	The DNS domain name for the TLS certificate	`string`	`"example.com"`	no
vault_kms_deletion_days	Duration in days after which the key is deleted after destruction of the resource.	`number`	`30`	no
vault_kms_key_rotate	Specifies whether key rotation is enabled.	`bool`	`true`	no
vault_license	Vault license string	`string`	n/a	yes
vault_manage_tls_secrets	Manage the TLS secret AWS Secrets Manager. NOT IMPLEMENTED	`string`	`false`	no
vault_private_key_secret	The signed certificate's private key to store in AWS Secrets Manager. NOT IMPLEMENTED	`string`	`null`	no
vault_signed_cert_secret	The signed certificate to store in AWS Secrets Manager. NOT IMPLEMENTED	`string`	`null`	no

Outputs

Name	Description
unseal_aws_kms_arn	AWS KMS key ARN for Vault auto-unseal
unseal_aws_kms_id	AWS KMS key ID for Vault auto-unseal
vault_license_sercret_arn	AWS Secret Manager ARN for Vault Enterprise license string
vault_tls_sercret_arn	AWS Secret Manager ARN for Vault TLS CA, cert, and private key

terraform-vault-requirements's People

Contributors

Watchers

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.