Key Protect module

This module supports:

Creating a Key Protect instance
Enabling a rotation policy for the instance
Enabling a dual authorization policy for the instance
Enabling a metrics policy for the instance
Enabling a key create and import access policy for the instance

Overview

terraform-ibm-key-protect

Usage

provider "ibm" {
  ibmcloud_api_key = "XXXXXXXXXX"
  region           = "us-south"
}

module "key_protect_module" {
  source            = "terraform-ibm-modules/key-protect/ibm"
  version           = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
  key_protect_name  = "my-key-protect-instance"
  resource_group_id = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
  region            = "us-south"
}

Required IAM access policies

Account Management
- Resource Group service
  - Viewer platform access
IAM Services
- Key Protect service
  - Editor platform access
  - Manager platform access (required to enable metrics)

To attach access management tags to resources in this module, you need the following permissions.

IAM Services
- Tagging service
  - Administrator platform access

Requirements

Name	Version
terraform	>= 1.0.0
ibm	>= 1.65.0, < 2.0.0

Modules

Name	Source	Version
cbr_rule	terraform-ibm-modules/cbr/ibm//modules/cbr-rule-module	1.24.0

Resources

Name	Type
ibm_kms_instance_policies.key_protect_instance_policies	resource
ibm_resource_instance.key_protect_instance	resource
ibm_resource_tag.key_protect_tag	resource

Inputs

Name	Description	Type	Default	Required
access_tags	A list of access tags to apply to the Key Protect instance created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial.	`list(string)`	`[]`	no
allowed_network	Types of the allowed networks to be set for the Key Protect instance. Possible values are 'private-only' or 'public-and-private'	`string`	`"public-and-private"`	no
cbr_rules	(Optional, list) List of context-based restrictions rules to create	list(object({ description = string account_id = string rule_contexts = list(object({ attributes = optional(list(object({ name = string value = string }))) })) enforcement_mode = string operations = optional(list(object({ api_types = list(object({ api_type_id = string })) }))) }))	`[]`	no
dual_auth_delete_enabled	If set to true, Key Protect enables a dual authorization policy on the instance. Note: Once the dual authorization policy is set on the instance, it cannot be reverted. An instance with dual authorization policy enabled cannot be destroyed using Terraform.	`bool`	`false`	no
key_create_import_access_enabled	If set to true, Key Protect enables a key create import access policy on the instance	`bool`	`true`	no
key_create_import_access_settings	Key create import access policy settings to configure if var.enable_key_create_import_access_policy is true. For more info see https://cloud.ibm.com/docs/key-protect?topic=key-protect-manage-keyCreateImportAccess	object({ create_root_key = optional(bool, true) create_standard_key = optional(bool, true) import_root_key = optional(bool, true) import_standard_key = optional(bool, true) enforce_token = optional(bool, false) })	`{}`	no
key_protect_name	The name to give the Key Protect instance that will be provisioned	`string`	n/a	yes
metrics_enabled	If set to true, Key Protect enables metrics on the Key Protect instance. In order to view metrics, you will need a Monitoring (Sysdig) instance that is located in the same region as the Key Protect instance. Once you provision the Monitoring instance, you will need to enable platform metrics.	`bool`	`true`	no
plan	Plan for the Key Protect instance. Currently only 'tiered-pricing' is supported	`string`	`"tiered-pricing"`	no
region	Region where the Key Protect instance will be provisioned	`string`	n/a	yes
resource_group_id	Resource Group ID where the Key Protect instance will be provisioned	`string`	n/a	yes
rotation_enabled	If set to true, Key Protect enables a rotation policy on the Key Protect instance.	`bool`	`true`	no
rotation_interval_month	Specifies the key rotation time interval in months. Must be between 1 and 12 inclusive.	`number`	`1`	no
tags	List of tags to associate with the Key Protect instance	`list(string)`	`[]`	no

Outputs

Name	Description
cbr_rule_ids	CBR rule ids created to restrict Key Protect
key_protect_crn	CRN of the Key Protect instance
key_protect_guid	GUID of the Key Protect instance
key_protect_id	ID of the Key Protect instance
key_protect_instance_policies	Instance Polices of the Key Protect instance
key_protect_name	Name of the Key Protect instance
kp_private_endpoint	Instance private endpoint URL
kp_public_endpoint	Instance public endpoint URL

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.

terraform-ibm-modules / terraform-ibm-key-protect Goto Github PK

terraform-ibm-key-protect's Introduction

Key Protect module

Overview

terraform-ibm-key-protect

Usage

Required IAM access policies

Requirements

Modules

Resources

Inputs

Outputs

Contributing

terraform-ibm-key-protect's People

Contributors

Watchers

Forkers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent