unkin/terraform-vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8070b6f66b
terraform-vault/modules/vault_cluster/modules/auth_approle_role/variables.tf
Ben Vincent 8070b6f66b feat: major restructuring in migration to terragrunt 
- migrate from individual terraform files to config-driven terragrunt module structure
- add vault_cluster module with config discovery system
- replace individual .tf files with centralized config.hcl
- restructure auth and secret backends as configurable modules
- move auth roles and secret backends to yaml-based configuration
- convert policies from .hcl to .yaml format, add rules/auth definition
- add pre-commit hooks for yaml formatting and file cleanup
- add terragrunt cache to gitignore
- update makefile with terragrunt commands and format target
2026-01-26 23:02:44 +11:00

68 lines
1.7 KiB
HCL
Raw Blame History

variable "country" {
description = "Country identifier"
type = string
}
variable "region" {
description = "Region identifier"
type = string
}
variable "approle_name" {
description = "Name of the AppRole role"
type = string
}
variable "mount_path" {
description = "Mount path of the AppRole auth backend"
type = string
default = "approle"
}
variable "token_policies" {
description = "List of policies to assign to the role (passed from policy_auth_map)"
type = list(string)
}
variable "token_ttl" {
description = "The TTL period of tokens issued using this role"
type = number
default = null
}
variable "token_max_ttl" {
description = "The maximum TTL period of tokens issued using this role"
type = number
default = null
}
variable "bind_secret_id" {
description = "Whether or not to require secret_id to be presented when logging in using this AppRole"
type = bool
default = false
}
variable "secret_id_ttl" {
description = "The TTL period of SecretIDs generated against this AppRole"
type = number
default = null
}
variable "token_bound_cidrs" {
description = "List of CIDR blocks that can authenticate using this role"
type = list(string)
default = []
}
variable "alias_metadata" {
description = "The metadata to be tied to generated entity alias. This should be a list or map containing the metadata in key value pairs"
type = map(string)
default = null
}
variable "use_deterministic_role_id" {
description = "Whether to use deterministic role-id generation (true) or read pre-generated role-id from KV (false)"
type = bool
default = true
}
Reference in New Issue View Git Blame Copy Permalink