resource "vault_pki_secret_backend_role" "servers_default" {
  backend = "pki_int"
  name    = "servers_default"
  #issuer_ref         = data.vault_pki_secret_backend_issuer.pki_int_issuer.default
  allow_ip_sans = true
  allowed_domains = [
    "unkin.net",
    "*.unkin.net",
    "localhost"
  ]
  allow_subdomains    = true
  allow_glob_domains  = true
  allow_bare_domains  = true
  enforce_hostnames   = true
  allow_any_name      = true
  max_ttl             = 2160 * 3600
  key_bits            = 4096
  country             = ["Australia"]
  use_csr_common_name = true
  use_csr_sans        = true
}