Ben Vincent
7814551084
- add policies to sign/issue certificates - manage auth roles for ceph-csi, certmanager, externaldns, huntarr
22 lines
606 B
HCL
22 lines
606 B
HCL
resource "vault_pki_secret_backend_role" "servers_default" {
|
|
backend = "pki_int"
|
|
name = "servers_default"
|
|
#issuer_ref = data.vault_pki_secret_backend_issuer.pki_int_issuer.default
|
|
allow_ip_sans = true
|
|
allowed_domains = [
|
|
"unkin.net",
|
|
"*.unkin.net",
|
|
"localhost"
|
|
]
|
|
allow_subdomains = true
|
|
allow_glob_domains = true
|
|
allow_bare_domains = true
|
|
enforce_hostnames = true
|
|
allow_any_name = true
|
|
max_ttl = 2160 * 3600
|
|
key_bits = 4096
|
|
country = ["Australia"]
|
|
use_csr_common_name = true
|
|
use_csr_sans = true
|
|
}
|