resource "vault_ssh_secret_backend_role" "hostrole" {
  backend                 = "ssh-host-signer"
  name                    = "hostrole"
  key_type                = "ca"
  algorithm_signer        = "rsa-sha2-256"
  ttl                     = 87600 * 3600
  allow_host_certificates = true
  allowed_domains         = "*"
  allow_subdomains        = true
  allow_bare_domains      = false
}